Windows
Analysis Report
https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6112 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --st art-maximi zed "about :blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408) - chrome.exe (PID: 2840 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1944 --fi eld-trial- handle=171 6,i,176125 7213018321 7976,18067 7481762387 46248,1310 72 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationTarg etPredicti on /prefet ch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- chrome.exe (PID: 1744 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http s://u29295 591.ct.sen dgrid.net/ ls/click?u pn=VkSn4XW H7hjzzomMw iQcuw-2FYY mSB2U-2BW1 XPwqV0-2Fd U7hmBf1cyG 0NF7BS582F mAAd4FVqlY DeTXTKVNHz hYb-2BXaxl 7HZu3Xoo-2 BArZq0Y9qz 9bR2l0oGyG BAhIuufaPc jVwAEUGDzt 8uQ2G4od4W 8jnkrbpYNE 1T2yA-2FUz kS2196uWZe a6K7hq-2B3 uErE1-2BSG sCR2CahYZr iXcGBGnk8p 51f00zj-2F qmoWm-2FPJ 2k2iSfWyYu 2KQy9-2FfL lD3rBfrbdk HeaGa-2BT- 2BjWGUjTen JARiBUw-3D -3D5yGT_mi Je9PyvvIkH FOzSHEPnhZ Tb-2BbpzMg r7mF5leA8I 6kikh8AQEB ROwz8yOXcX ZqZagXv0wB 2331sdK4nL hjjR-2BlwN z3eBu40mH4 YzwTVUpGJo fxskXgiQU- 2FyS5h5TCr u-2BrmQMYs v9DWD7oglm 72ZBKve2eT MtEXxAhPtN ErjH-2Fg4N jLTHFSHnSo QSJn56Vzlg vwXLHWY7GK kjy7YLmDFf WJKtzYSfq9 JMcD2seGyb zHudEgqFWY JChT2Rf-2B uWD8Yix16p aejX4eDoHG 0HT0sYrLlL W0fhtlqvL- 2FWl0EpP4Z -2BNr9Pjez NqK-2BS-2F okcm0bfYpi e4ATKbVcOF trmIr3yFFB tww9AIejTb 3eHa8SATlj dv5KeXRHXM BHkDLI5OPw i-2FdGcjCf HEAbMvNQnr GlPqGIAuCr M50kkgBB8h EJnF4vVpO5 uXEcFDv9x3 FbiSRtZa6B ZoHcRzS9eb OXUR-2BUTX Pa5Y2bmplZ 0X0oEmMOun E4ZyV3bLWj CN6z0oS-2F txrKDgaZFy cwo5zkbi4D bOSe7qTRit fp8DeFAfKV g6fTiX2VUf 0k1Yl7QNOO p4VOvUR-2F BFDIRL3tUW N1BKUUP292 tRsRHt-2Fi Uds43X5Je2 fQFxt3hCKN eT6muTWV13 K2j8Q5SIeg -2FXPLQN90 G3IJZJQBCn IKX-2Bv4yH E1ZFMkPAmy 174soiASDW OxZtDaWcWa 1nwBQ5UhJS z4RqXO-2Fs EmknfalihB JYBuXOalsk ghmjh8nLTo qbeFcxjfRM kExd-2BjX5 hyPOdlyysd qZafAc80bP OKM6Z9LVuL W2jzkCPAke E-2Fd9Os49 EUYZfI2eW- 2FCELp-2Br PIIsaVHthd 250I9EEII2 YOWvmr7IOU oZFBJ-2BWu wQACG53yxi 5EzjRIy2s0 nF-2BcVWUN -2FyWOjTZ7 8m-2B9vVju tleFPb3qcb YTk8GIvgfx NubqQMyCJX MaofYi98J5 VqMCOTC4no MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Directory created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Directory created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 4 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 5 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 142.250.203.109 | true | false | high | |
u29295591.ct.sendgrid.net | 167.89.123.122 | true | false | high | |
www.google.com | 142.250.203.100 | true | false | high | |
clients.l.google.com | 142.250.203.110 | true | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
167.89.123.122 | u29295591.ct.sendgrid.net | United States | 11377 | SENDGRIDUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.203.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.203.110 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.203.109 | accounts.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.1 |
192.168.2.7 |
127.0.0.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 715091 |
Start date and time: | 2022-10-03 16:11:42 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@25/0@7/8 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
- TCP Packets have been reduced to 100
- Excluded IPs from analysis (whitelisted): 142.250.203.99, 34.104.35.123
- Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtWriteVirtualMemory calls found.
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 3, 2022 16:12:46.955735922 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:46.955807924 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:46.955954075 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:46.957089901 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:46.957148075 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:46.957523108 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:46.957762003 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:46.957794905 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:46.957880020 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:46.958690882 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:46.958722115 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:46.959465981 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:46.959496021 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:46.959692001 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:46.959717035 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:46.992619038 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:46.992691994 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:46.992813110 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.000080109 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.000138998 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.059364080 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.069813967 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:47.069865942 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.071789980 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.071882010 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:47.121531010 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.160062075 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.160121918 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.161236048 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.161400080 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.162838936 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.162940979 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.381947041 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.384012938 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.404820919 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.404875994 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.405520916 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.405570030 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.405834913 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.405865908 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.406033039 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.406260014 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:47.406284094 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.406311035 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.406459093 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.406614065 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.406620026 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.406641006 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.406697035 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:47.406711102 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.408154011 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.408271074 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.411252022 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.411274910 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.411533117 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.411864996 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.411892891 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.414109945 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.414150953 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.414648056 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.441850901 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.442049026 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.442115068 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.442203045 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.447835922 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:47.453072071 CEST | 49711 | 443 | 192.168.2.6 | 142.250.203.110 |
Oct 3, 2022 16:12:47.453130007 CEST | 443 | 49711 | 142.250.203.110 | 192.168.2.6 |
Oct 3, 2022 16:12:47.459449053 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.459664106 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.459728956 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:47.462471008 CEST | 49709 | 443 | 192.168.2.6 | 142.250.203.109 |
Oct 3, 2022 16:12:47.462502003 CEST | 443 | 49709 | 142.250.203.109 | 192.168.2.6 |
Oct 3, 2022 16:12:47.497015953 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.497016907 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.497065067 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.597016096 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.649770021 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.649959087 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:47.650037050 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.673166990 CEST | 49707 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:47.673223972 CEST | 443 | 49707 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:48.174150944 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:48.174237967 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:48.289982080 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:48.290215969 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:48.290384054 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:48.296973944 CEST | 49710 | 443 | 192.168.2.6 | 167.89.123.122 |
Oct 3, 2022 16:12:48.297027111 CEST | 443 | 49710 | 167.89.123.122 | 192.168.2.6 |
Oct 3, 2022 16:12:49.581590891 CEST | 49717 | 443 | 192.168.2.6 | 142.250.203.100 |
Oct 3, 2022 16:12:49.581649065 CEST | 443 | 49717 | 142.250.203.100 | 192.168.2.6 |
Oct 3, 2022 16:12:49.581753016 CEST | 49717 | 443 | 192.168.2.6 | 142.250.203.100 |
Oct 3, 2022 16:12:49.582091093 CEST | 49717 | 443 | 192.168.2.6 | 142.250.203.100 |
Oct 3, 2022 16:12:49.582120895 CEST | 443 | 49717 | 142.250.203.100 | 192.168.2.6 |
Oct 3, 2022 16:12:49.649714947 CEST | 443 | 49717 | 142.250.203.100 | 192.168.2.6 |
Oct 3, 2022 16:12:49.650319099 CEST | 49717 | 443 | 192.168.2.6 | 142.250.203.100 |
Oct 3, 2022 16:12:49.650373936 CEST | 443 | 49717 | 142.250.203.100 | 192.168.2.6 |
Oct 3, 2022 16:12:49.652050018 CEST | 443 | 49717 | 142.250.203.100 | 192.168.2.6 |
Oct 3, 2022 16:12:49.652153969 CEST | 49717 | 443 | 192.168.2.6 | 142.250.203.100 |
Oct 3, 2022 16:12:49.654936075 CEST | 49717 | 443 | 192.168.2.6 | 142.250.203.100 |
Oct 3, 2022 16:12:49.654966116 CEST | 443 | 49717 | 142.250.203.100 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 3, 2022 16:12:46.658627033 CEST | 56331 | 53 | 192.168.2.6 | 8.8.8.8 |
Oct 3, 2022 16:12:46.663153887 CEST | 50506 | 53 | 192.168.2.6 | 8.8.8.8 |
Oct 3, 2022 16:12:46.665760994 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Oct 3, 2022 16:12:46.682894945 CEST | 53 | 50506 | 8.8.8.8 | 192.168.2.6 |
Oct 3, 2022 16:12:46.686300039 CEST | 53 | 56331 | 8.8.8.8 | 192.168.2.6 |
Oct 3, 2022 16:12:46.693325996 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Oct 3, 2022 16:12:49.517604113 CEST | 63863 | 53 | 192.168.2.6 | 8.8.8.8 |
Oct 3, 2022 16:12:49.543566942 CEST | 53 | 63863 | 8.8.8.8 | 192.168.2.6 |
Oct 3, 2022 16:12:49.549500942 CEST | 63229 | 53 | 192.168.2.6 | 8.8.8.8 |
Oct 3, 2022 16:12:49.568764925 CEST | 53 | 63229 | 8.8.8.8 | 192.168.2.6 |
Oct 3, 2022 16:13:49.589442968 CEST | 58917 | 53 | 192.168.2.6 | 8.8.8.8 |
Oct 3, 2022 16:13:49.607134104 CEST | 53 | 58917 | 8.8.8.8 | 192.168.2.6 |
Oct 3, 2022 16:13:49.650496006 CEST | 50343 | 53 | 192.168.2.6 | 8.8.8.8 |
Oct 3, 2022 16:13:49.669910908 CEST | 53 | 50343 | 8.8.8.8 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 3, 2022 16:12:46.658627033 CEST | 192.168.2.6 | 8.8.8.8 | 0xe7e4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2022 16:12:46.663153887 CEST | 192.168.2.6 | 8.8.8.8 | 0xbdb8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2022 16:12:46.665760994 CEST | 192.168.2.6 | 8.8.8.8 | 0x6c01 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2022 16:12:49.517604113 CEST | 192.168.2.6 | 8.8.8.8 | 0xc3d6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2022 16:12:49.549500942 CEST | 192.168.2.6 | 8.8.8.8 | 0x4d1c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2022 16:13:49.589442968 CEST | 192.168.2.6 | 8.8.8.8 | 0x7e65 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2022 16:13:49.650496006 CEST | 192.168.2.6 | 8.8.8.8 | 0xb2b6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 3, 2022 16:12:46.682894945 CEST | 8.8.8.8 | 192.168.2.6 | 0xbdb8 | No error (0) | 167.89.123.122 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:12:46.682894945 CEST | 8.8.8.8 | 192.168.2.6 | 0xbdb8 | No error (0) | 167.89.118.35 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:12:46.682894945 CEST | 8.8.8.8 | 192.168.2.6 | 0xbdb8 | No error (0) | 167.89.118.28 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:12:46.682894945 CEST | 8.8.8.8 | 192.168.2.6 | 0xbdb8 | No error (0) | 167.89.123.16 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:12:46.686300039 CEST | 8.8.8.8 | 192.168.2.6 | 0xe7e4 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 3, 2022 16:12:46.686300039 CEST | 8.8.8.8 | 192.168.2.6 | 0xe7e4 | No error (0) | 142.250.203.110 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:12:46.693325996 CEST | 8.8.8.8 | 192.168.2.6 | 0x6c01 | No error (0) | 142.250.203.109 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:12:49.543566942 CEST | 8.8.8.8 | 192.168.2.6 | 0xc3d6 | No error (0) | 142.250.203.100 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:12:49.568764925 CEST | 8.8.8.8 | 192.168.2.6 | 0x4d1c | No error (0) | 142.250.203.100 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:13:49.607134104 CEST | 8.8.8.8 | 192.168.2.6 | 0x7e65 | No error (0) | 142.250.203.100 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 16:13:49.669910908 CEST | 8.8.8.8 | 192.168.2.6 | 0xb2b6 | No error (0) | 142.250.203.100 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49711 | 142.250.203.110 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-10-03 14:12:47 UTC | 0 | OUT | |
2022-10-03 14:12:47 UTC | 3 | IN | |
2022-10-03 14:12:47 UTC | 4 | IN | |
2022-10-03 14:12:47 UTC | 4 | IN | |
2022-10-03 14:12:47 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49709 | 142.250.203.109 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-10-03 14:12:47 UTC | 0 | OUT | |
2022-10-03 14:12:47 UTC | 1 | OUT | |
2022-10-03 14:12:47 UTC | 4 | IN | |
2022-10-03 14:12:47 UTC | 6 | IN | |
2022-10-03 14:12:47 UTC | 6 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.6 | 49707 | 167.89.123.122 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-10-03 14:12:47 UTC | 1 | OUT | |
2022-10-03 14:12:47 UTC | 6 | IN | |
2022-10-03 14:12:47 UTC | 6 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.6 | 49710 | 167.89.123.122 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-10-03 14:12:48 UTC | 6 | OUT | |
2022-10-03 14:12:48 UTC | 8 | IN | |
2022-10-03 14:12:48 UTC | 8 | IN |
Click to jump to process
Target ID: | 0 |
Start time: | 16:12:42 |
Start date: | 03/10/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6f9750000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 1 |
Start time: | 16:12:44 |
Start date: | 03/10/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6f9750000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 2 |
Start time: | 16:12:44 |
Start date: | 03/10/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6f9750000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |