Windows
Analysis Report
http://macVmlSchemaUri
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 4668 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3712 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2100 --fi eld-trial- handle=186 8,i,579278 0041876249 084,181861 7043423654 441,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 1288 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://macVml SchemaUri" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.250.217.238 | true | false | high | |
www.google.com | 142.250.217.164 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.217.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432177 |
Start date and time: | 2024-04-26 16:31:41 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://macVmlSchemaUri |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | UNKNOWN |
Classification: | unknown1.win@19/6@4/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.64.195, 142.250.217.238, 172.253.123.84, 23.45.182.107, 34.104.35.123, 192.229.211.108, 20.242.39.171, 23.204.76.112, 52.165.164.15
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, clients.l.google.com, prod.fs.microsoft.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9745368206911125 |
Encrypted: | false |
SSDEEP: | 48:8Id0T+L8MH2idAKZdA19ehwiZUklqehey+3:8HPlty |
MD5: | 6D0B7D6C7EECD180D691C28BA82ED0C1 |
SHA1: | 374D81638574EF6D9B77B823103B5E66187EFA19 |
SHA-256: | 410753650A8E85BD570A5EDF3D5C81B7EE539452D3B1DE48600C53277149E302 |
SHA-512: | 5BCDB6218C950B9F91A3E473CD0505430C4880760758847CA312995615CA74B31914E92D523C0A5F4E20A41BB4292DE4AB8DC01D3EC7F66D6DED0D9078379DC6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9904333358620754 |
Encrypted: | false |
SSDEEP: | 48:8fgd0T+L8MH2idAKZdA1weh/iZUkAQkqehdy+2:83P/9Q0y |
MD5: | CF583D9982FFBC8195CDFEBC1BD8015F |
SHA1: | 284FFD21218001A58F4EB8C0F07F2516F8B55E24 |
SHA-256: | 5169B46A1F9BFB9459E1A5574AEC49FB54B7C73F83CE13C885C10CD622099606 |
SHA-512: | 06F43F7016DF9813C091AC053292247639EEE05B4D79CA996E9F388C721EFCEFD39CDA33C5EFE2008246241D7EDBDDFB6D85EC597C356977AE5EBD03E67D7EE0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 3.9988227105601664 |
Encrypted: | false |
SSDEEP: | 48:8xtd0T+L8sH2idAKZdA14tseh7sFiZUkmgqeh7s7y+BX:8xUP/nRy |
MD5: | 931863DE655408DF8F548888CAA74E07 |
SHA1: | C7A293E2D661ABC98805A2F61A1AF5ACF854CBA6 |
SHA-256: | 3A95217AE222CB13ECB4E3B1E363AAFB4EA2CCD8B9369F36D6FAB9100519C338 |
SHA-512: | CB44F1C0D7092773C3D733652E04285DABDEADB9B9F488BE37A4AEB9C81FBC62E929E41198D907C83059002DAAA75531FA51D6F748FD2DE64C2D12294750DF8A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.990175702438507 |
Encrypted: | false |
SSDEEP: | 48:8hd0T+L8MH2idAKZdA1vehDiZUkwqehZy+R:8AP8jy |
MD5: | 91A0B99F1FF6B38BFEB8A2C4FCAEE7EA |
SHA1: | 9E7F8391D7A885920D07E952BA366C68690F5EA6 |
SHA-256: | 6D114662639CE9ACA4BC18F3EA604EA5F10FDFB8F976124BBE924329731D024F |
SHA-512: | 54D1608176EAEA988D9DA420D013ED111931B2DA078016E41E7ED0A9D35B198C7F6EECD8C709146CE681219F82404A147043102821663879E381E6250CB1652C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9799755386345126 |
Encrypted: | false |
SSDEEP: | 48:8ahd0T+L8MH2idAKZdA1hehBiZUk1W1qeh/y+C:8NPM9fy |
MD5: | 1B869B0FAF246B120E71259D6BDD138B |
SHA1: | B8202E744755D7612836F2FF39517FC3D7F60686 |
SHA-256: | 8D3FA9DA12B674C83EDE455AB210B896649E12A6FFE3503F3DC5F10C7B361473 |
SHA-512: | 36C017A23475CB5D4B8F4A7A68A0A0D6CCD6FBA8C9C2DE7AEDA94CF16EAB07249DE87DFEDF09F4603FBB982AE56917FD021BD8910DFD86C5B256D58B5573A96D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.986476862677518 |
Encrypted: | false |
SSDEEP: | 48:8Id0T+L8MH2idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8HPiT/TbxWOvTbRy7T |
MD5: | FB91C0575C153195AC2B62C6707A1D26 |
SHA1: | 09A52A636D9130034AC7134A96D0799F0A516A4B |
SHA-256: | 748278DBB4C1FB84D443AB847C358313456F20B30C0921D31D77FA98D21B32AE |
SHA-512: | CA95CD0EA36350A4AE3D709E2C48A2F12617481A011EBAB9DEC82148320C7EDC0C7E214427116DD97355D6489E3F637D8D99FE53CBE1A9E3E4A926FE2610E536 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 16:32:36.744180918 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:32:36.744184971 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:32:36.869173050 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:32:46.353552103 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:32:46.354099989 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:32:46.478578091 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:32:48.689999104 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 16:32:48.690099955 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:32:57.894959927 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:32:57.894998074 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:32:57.895059109 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:32:57.900239944 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:32:57.900254965 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:32:58.306405067 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:32:58.306699991 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:32:58.306725979 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:32:58.307975054 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:32:58.308028936 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:32:58.309043884 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:32:58.309111118 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:32:58.441780090 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:32:58.441785097 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:32:58.485441923 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:32:58.485480070 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:32:58.485719919 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:32:58.488255978 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:32:58.488269091 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:32:58.640223980 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:32:58.977904081 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:32:58.978065968 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:00.226949930 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:00.226980925 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:00.227463961 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:00.332514048 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.126734972 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.168127060 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444189072 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444226980 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444240093 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444293022 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.444305897 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444319010 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444328070 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444348097 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444366932 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.444366932 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.444387913 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.444412947 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.444828987 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444900990 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.444906950 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444922924 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.444973946 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.776748896 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.776778936 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.776819944 CEST | 49712 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 26, 2024 16:33:01.776828051 CEST | 443 | 49712 | 13.85.23.86 | 192.168.2.5 |
Apr 26, 2024 16:33:01.890049934 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:33:01.890358925 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:33:01.890799046 CEST | 49720 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:33:01.890831947 CEST | 443 | 49720 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 16:33:01.891324997 CEST | 49720 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:33:01.893115044 CEST | 49720 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:33:01.893127918 CEST | 443 | 49720 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 16:33:02.120095968 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 16:33:02.120273113 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 16:33:02.363743067 CEST | 443 | 49720 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 16:33:02.363826990 CEST | 49720 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 16:33:08.284569979 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:33:08.284631014 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:33:08.284737110 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:33:08.587852001 CEST | 49705 | 443 | 192.168.2.5 | 142.250.217.164 |
Apr 26, 2024 16:33:08.587873936 CEST | 443 | 49705 | 142.250.217.164 | 192.168.2.5 |
Apr 26, 2024 16:33:21.610914946 CEST | 443 | 49720 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 16:33:21.610976934 CEST | 49720 | 443 | 192.168.2.5 | 23.1.237.91 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 16:32:57.356848955 CEST | 58690 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 16:32:57.357076883 CEST | 59096 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 16:32:57.454087019 CEST | 53 | 58497 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 16:32:57.481990099 CEST | 53 | 58690 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 16:32:57.482729912 CEST | 53 | 59096 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 16:32:57.703362942 CEST | 53 | 52902 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 16:32:58.754287004 CEST | 53 | 53528 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 16:33:00.620033979 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:01.379005909 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:02.130743027 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:04.629256010 CEST | 55896 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 26, 2024 16:33:04.655147076 CEST | 54568 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 16:33:04.780560017 CEST | 53 | 54568 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 16:33:04.786845922 CEST | 53 | 55896 | 8.8.8.8 | 192.168.2.5 |
Apr 26, 2024 16:33:05.864007950 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:06.620543003 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:07.370990038 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:13.402899027 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:14.160470963 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:14.918121099 CEST | 137 | 137 | 192.168.2.5 | 192.168.2.255 |
Apr 26, 2024 16:33:18.509694099 CEST | 53 | 65488 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 16:32:57.356848955 CEST | 192.168.2.5 | 1.1.1.1 | 0x7c0a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 16:32:57.357076883 CEST | 192.168.2.5 | 1.1.1.1 | 0x6f44 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 16:33:04.629256010 CEST | 192.168.2.5 | 8.8.8.8 | 0x80e8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 16:33:04.655147076 CEST | 192.168.2.5 | 1.1.1.1 | 0x8fb2 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 16:32:57.481990099 CEST | 1.1.1.1 | 192.168.2.5 | 0x7c0a | No error (0) | 142.250.217.164 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 16:32:57.482729912 CEST | 1.1.1.1 | 192.168.2.5 | 0x6f44 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 26, 2024 16:33:04.780560017 CEST | 1.1.1.1 | 192.168.2.5 | 0x8fb2 | No error (0) | 142.250.217.238 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 16:33:04.786845922 CEST | 8.8.8.8 | 192.168.2.5 | 0x80e8 | No error (0) | 142.250.113.101 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 16:33:04.786845922 CEST | 8.8.8.8 | 192.168.2.5 | 0x80e8 | No error (0) | 142.250.113.139 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 16:33:04.786845922 CEST | 8.8.8.8 | 192.168.2.5 | 0x80e8 | No error (0) | 142.250.113.113 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 16:33:04.786845922 CEST | 8.8.8.8 | 192.168.2.5 | 0x80e8 | No error (0) | 142.250.113.100 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 16:33:04.786845922 CEST | 8.8.8.8 | 192.168.2.5 | 0x80e8 | No error (0) | 142.250.113.102 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 16:33:04.786845922 CEST | 8.8.8.8 | 192.168.2.5 | 0x80e8 | No error (0) | 142.250.113.138 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49712 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 14:33:01 UTC | 306 | OUT | |
2024-04-26 14:33:01 UTC | 560 | IN | |
2024-04-26 14:33:01 UTC | 15824 | IN | |
2024-04-26 14:33:01 UTC | 8666 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 16:32:37 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 16:32:46 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 16:32:59 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |