Windows
Analysis Report
http://ZRsivJd9eJZYI6hYZjp4HaBmXIoenPbMYtTOvHDYBU1biEGhdygsHh9L2pifi7NsFd8FFuTKZy7oRJyRVkGRbLUy69jTFmb4TriJxwINiudeD8EFPxuOWL6Gz7Y1Q_Nhu9YF0CDO1a9GpmuT_JaBulU9ZlgG0XUtjfn6OtQHLGfj_7jywaNlGcgZDMEl6kwUBbnirb_9br0X5shiNiwX4VUZDcx4TYOb3sM2wpz2yfKg1MgxZ1YJL-O2Cgk4bYCNefiWCiFF6AWzX5TW-0MLSz0G_WzeGmbrF2OdN
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 3248 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 7128 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2060 --fi eld-trial- handle=169 2,i,176218 1583049746 7087,13166 2268853466 99693,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 3392 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://ZRsivJ d9eJZYI6hY Zjp4HaBmXI oenPbMYtTO vHDYBU1biE GhdygsHh9L 2pifi7NsFd 8FFuTKZy7o RJyRVkGRbL Uy69jTFmb4 TriJxwINiu deD8EFPxuO WL6Gz7Y1Q_ Nhu9YF0CDO 1a9GpmuT_J aBulU9ZlgG 0XUtjfn6Ot QHLGfj_7jy waNlGcgZDM El6kwUBbni rb_9br0X5s hiNiwX4VUZ Dcx4TYOb3s M2wpz2yfKg 1MgxZ1YJL- O2Cgk4bYCN efiWCiFF6A WzX5TW-0ML Sz0G_WzeGm brF2OdN0t4 ZaqmVPDCNA SJelVCumDR TBmHv8sIc2 WmxIRpA8qk Lj06C6cWMp qHsEj6IYHX dzG6zw8bE0 uRgAFYaztm MGMfBs5Ou9 0QtGia25xn EYig2RimxQ AVmP4oxXMl mRiYxndT0- RDxmvx3k_B uoWxzTrt35 UuefUC2PNr Et7DqDzvym qQE8az3WUF crdKVEpRTd UH4zq-nCBg 0JhgBMYtqL ppPzNE5vLH gHwvB5J4iG lrnsWA2iGo -KimvthNAA 96Mjj0vhzX Jq6aZZWcez ookCdv6cRG m76TFE-eBV XjDcNWZ7pT eVhlZVBE-n WHFXCW5epY z-roVt5e_k 5gOZmbC1Bv 1z1RMTAkxN K3N4YKGvvw CV3dmuNInc EfrV6CcQrE h_k5sZC-9S 7Jgk7ifHL0 ufBo6awzBP iJsKSokti9 92kEAPGlVw MxbWJNcjKu Js48fsvKjX zK1lPPLeIx _w3cfpg11U XMUN4_WTXd DqXSCHVDy0 gQmAlEOodY XzVL27FKnQ EDckRfNx_G FF1zc1PYkl LH3ygh_zwV 5b1zh_JD4Q 2xICJySXrT X45B_ZAjPh U2FM8IsVbe HGqNNdLqW7 xePm48sx8n i2LO4ZfADT bQfDhPASjR LJ5-RvfeQZ Ij2SYlR&st ate=184716 66-cc8e-48 4a-a9f8-e3 61977136bc &session_s tate=39613 25a-3a84-4 a62-86ce-1 defb25719b 4#" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false |
| unknown |
google.com | 64.233.185.139 | true | false | high | |
www.google.com | 64.233.177.106 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
64.233.177.106 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.6 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431856 |
Start date and time: | 2024-04-25 21:48:29 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://ZRsivJd9eJZYI6hYZjp4HaBmXIoenPbMYtTOvHDYBU1biEGhdygsHh9L2pifi7NsFd8FFuTKZy7oRJyRVkGRbLUy69jTFmb4TriJxwINiudeD8EFPxuOWL6Gz7Y1Q_Nhu9YF0CDO1a9GpmuT_JaBulU9ZlgG0XUtjfn6OtQHLGfj_7jywaNlGcgZDMEl6kwUBbnirb_9br0X5shiNiwX4VUZDcx4TYOb3sM2wpz2yfKg1MgxZ1YJL-O2Cgk4bYCNefiWCiFF6AWzX5TW-0MLSz0G_WzeGmbrF2OdN0t4ZaqmVPDCNASJelVCumDRTBmHv8sIc2WmxIRpA8qkLj06C6cWMpqHsEj6IYHXdzG6zw8bE0uRgAFYaztmMGMfBs5Ou90QtGia25xnEYig2RimxQAVmP4oxXMlmRiYxndT0-RDxmvx3k_BuoWxzTrt35UuefUC2PNrEt7DqDzvymqQE8az3WUFcrdKVEpRTdUH4zq-nCBg0JhgBMYtqLppPzNE5vLHgHwvB5J4iGlrnsWA2iGo-KimvthNAA96Mjj0vhzXJq6aZZWcezookCdv6cRGm76TFE-eBVXjDcNWZ7pTeVhlZVBE-nWHFXCW5epYz-roVt5e_k5gOZmbC1Bv1z1RMTAkxNK3N4YKGvvwCV3dmuNIncEfrV6CcQrEh_k5sZC-9S7Jgk7ifHL0ufBo6awzBPiJsKSokti992kEAPGlVwMxbWJNcjKuJs48fsvKjXzK1lPPLeIx_w3cfpg11UXMUN4_WTXdDqXSCHVDy0gQmAlEOodYXzVL27FKnQEDckRfNx_GFF1zc1PYklLH3ygh_zwV5b1zh_JD4Q2xICJySXrTX45B_ZAjPhU2FM8IsVbeHGqNNdLqW7xePm48sx8ni2LO4ZfADTbQfDhPASjRLJ5-RvfeQZIj2SYlR&state=18471666-cc8e-484a-a9f8-e361977136bc&session_state=3961325a-3a84-4a62-86ce-1defb25719b4# |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@20/0@4/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 74.125.138.94, 142.250.105.84, 108.177.122.102, 108.177.122.113, 108.177.122.101, 108.177.122.100, 108.177.122.139, 108.177.122.138, 34.104.35.123, 40.68.123.157, 199.232.214.172, 192.229.211.108, 13.95.31.18, 20.166.126.56
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 21:49:13.491241932 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Apr 25, 2024 21:49:13.491281986 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Apr 25, 2024 21:49:13.802536964 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Apr 25, 2024 21:49:23.099853992 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Apr 25, 2024 21:49:23.099869013 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Apr 25, 2024 21:49:23.412362099 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Apr 25, 2024 21:49:24.683851004 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:24.683938026 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:24.684027910 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:24.684303045 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:24.684340000 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:24.814637899 CEST | 443 | 49698 | 173.222.162.64 | 192.168.2.6 |
Apr 25, 2024 21:49:24.814755917 CEST | 49698 | 443 | 192.168.2.6 | 173.222.162.64 |
Apr 25, 2024 21:49:24.919502974 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:24.920284033 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:24.920344114 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:24.921228886 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:24.921304941 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:24.923937082 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:24.924046993 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:24.975090981 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:24.975148916 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:25.021981001 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:25.234431982 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.234487057 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.234575987 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.238272905 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.238295078 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.471569061 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.471661091 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.475778103 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.475790024 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.476140022 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.522047043 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.561835051 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.604130030 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.682697058 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.682780981 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.682856083 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.682980061 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.683000088 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.683016062 CEST | 49707 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.683021069 CEST | 443 | 49707 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.777578115 CEST | 49708 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.777622938 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:25.777741909 CEST | 49708 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.778126001 CEST | 49708 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:25.778139114 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:26.002697945 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:26.002846003 CEST | 49708 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:26.004554033 CEST | 49708 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:26.004571915 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:26.004825115 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:26.006557941 CEST | 49708 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:26.052123070 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:26.220995903 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:26.221075058 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:26.221144915 CEST | 49708 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:26.223350048 CEST | 49708 | 443 | 192.168.2.6 | 184.31.62.93 |
Apr 25, 2024 21:49:26.223371983 CEST | 443 | 49708 | 184.31.62.93 | 192.168.2.6 |
Apr 25, 2024 21:49:34.914057970 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:34.914145947 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:49:34.914206982 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:36.698940039 CEST | 49706 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:49:36.698990107 CEST | 443 | 49706 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:24.592027903 CEST | 49718 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:50:24.592065096 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:24.592119932 CEST | 49718 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:50:24.592442036 CEST | 49718 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:50:24.592457056 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:24.818125963 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:24.818584919 CEST | 49718 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:50:24.818599939 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:24.819060087 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:24.819591999 CEST | 49718 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:50:24.819674969 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:24.864926100 CEST | 49718 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:50:34.862838984 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:34.862906933 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Apr 25, 2024 21:50:34.863481998 CEST | 49718 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:50:36.741369009 CEST | 49718 | 443 | 192.168.2.6 | 64.233.177.106 |
Apr 25, 2024 21:50:36.741426945 CEST | 443 | 49718 | 64.233.177.106 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 21:49:20.298199892 CEST | 53 | 52118 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:49:20.333039045 CEST | 53 | 60102 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:49:20.981426954 CEST | 53 | 53041 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:49:21.723212957 CEST | 53100 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 25, 2024 21:49:21.723504066 CEST | 60828 | 53 | 192.168.2.6 | 1.1.1.1 |
Apr 25, 2024 21:49:21.836144924 CEST | 53 | 60828 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:49:21.836297989 CEST | 53 | 53100 | 8.8.8.8 | 192.168.2.6 |
Apr 25, 2024 21:49:24.541344881 CEST | 55524 | 53 | 192.168.2.6 | 1.1.1.1 |
Apr 25, 2024 21:49:24.542443991 CEST | 60599 | 53 | 192.168.2.6 | 1.1.1.1 |
Apr 25, 2024 21:49:24.652287006 CEST | 53 | 55524 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:49:24.652812958 CEST | 53 | 60599 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:49:37.946672916 CEST | 53 | 56364 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:49:57.171998024 CEST | 53 | 58337 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:50:19.533509016 CEST | 53 | 58557 | 1.1.1.1 | 192.168.2.6 |
Apr 25, 2024 21:50:20.095170975 CEST | 53 | 63152 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 21:49:21.723212957 CEST | 192.168.2.6 | 8.8.8.8 | 0xb5ae | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 21:49:21.723504066 CEST | 192.168.2.6 | 1.1.1.1 | 0xbb4b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 21:49:24.541344881 CEST | 192.168.2.6 | 1.1.1.1 | 0xf186 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 21:49:24.542443991 CEST | 192.168.2.6 | 1.1.1.1 | 0x4da5 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 21:49:21.836144924 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb4b | No error (0) | 64.233.185.139 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836144924 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb4b | No error (0) | 64.233.185.138 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836144924 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb4b | No error (0) | 64.233.185.100 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836144924 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb4b | No error (0) | 64.233.185.102 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836144924 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb4b | No error (0) | 64.233.185.101 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836144924 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb4b | No error (0) | 64.233.185.113 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836297989 CEST | 8.8.8.8 | 192.168.2.6 | 0xb5ae | No error (0) | 173.194.77.101 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836297989 CEST | 8.8.8.8 | 192.168.2.6 | 0xb5ae | No error (0) | 173.194.77.139 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836297989 CEST | 8.8.8.8 | 192.168.2.6 | 0xb5ae | No error (0) | 173.194.77.138 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836297989 CEST | 8.8.8.8 | 192.168.2.6 | 0xb5ae | No error (0) | 173.194.77.100 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836297989 CEST | 8.8.8.8 | 192.168.2.6 | 0xb5ae | No error (0) | 173.194.77.113 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:21.836297989 CEST | 8.8.8.8 | 192.168.2.6 | 0xb5ae | No error (0) | 173.194.77.102 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:24.652287006 CEST | 1.1.1.1 | 192.168.2.6 | 0xf186 | No error (0) | 64.233.177.106 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:24.652287006 CEST | 1.1.1.1 | 192.168.2.6 | 0xf186 | No error (0) | 64.233.177.104 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:24.652287006 CEST | 1.1.1.1 | 192.168.2.6 | 0xf186 | No error (0) | 64.233.177.147 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:24.652287006 CEST | 1.1.1.1 | 192.168.2.6 | 0xf186 | No error (0) | 64.233.177.103 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:24.652287006 CEST | 1.1.1.1 | 192.168.2.6 | 0xf186 | No error (0) | 64.233.177.99 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:24.652287006 CEST | 1.1.1.1 | 192.168.2.6 | 0xf186 | No error (0) | 64.233.177.105 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:24.652812958 CEST | 1.1.1.1 | 192.168.2.6 | 0x4da5 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 25, 2024 21:49:34.295605898 CEST | 1.1.1.1 | 192.168.2.6 | 0x67e9 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:34.295605898 CEST | 1.1.1.1 | 192.168.2.6 | 0x67e9 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:34.654391050 CEST | 1.1.1.1 | 192.168.2.6 | 0xdb4c | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:34.654391050 CEST | 1.1.1.1 | 192.168.2.6 | 0xdb4c | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:49.472493887 CEST | 1.1.1.1 | 192.168.2.6 | 0xe970 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 21:49:49.472493887 CEST | 1.1.1.1 | 192.168.2.6 | 0xe970 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:50:12.244158983 CEST | 1.1.1.1 | 192.168.2.6 | 0x6ae8 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 21:50:12.244158983 CEST | 1.1.1.1 | 192.168.2.6 | 0x6ae8 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 21:50:32.867038012 CEST | 1.1.1.1 | 192.168.2.6 | 0x5f41 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 21:50:32.867038012 CEST | 1.1.1.1 | 192.168.2.6 | 0x5f41 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49707 | 184.31.62.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 19:49:25 UTC | 161 | OUT | |
2024-04-25 19:49:25 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49708 | 184.31.62.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 19:49:26 UTC | 239 | OUT | |
2024-04-25 19:49:26 UTC | 515 | IN | |
2024-04-25 19:49:26 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 21:49:14 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 21:49:18 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 21:49:21 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |