Windows
Analysis Report
http://click-revolut.com/start.php
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- chrome.exe (PID: 3000 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" --start-m aximized " about:blan k MD5: 6ACAE527E744C80997B25EF2A0485D5E) - chrome.exe (PID: 1964 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --fie ld-trial-h andle=972, 2084147119 475651501, 6741946135 564334171, 131072 --d isable-fea tures=Opti mizationGu ideModelDo wnloading, Optimizati onHints,Op timization HintsFetch ing,Optimi zationTarg etPredicti on --lang= en-US --se rvice-sand box-type=n etwork --e nable-audi o-service- sandbox -- mojo-platf orm-channe l-handle=1 368 /prefe tch:8 MD5: 6ACAE527E744C80997B25EF2A0485D5E)
- chrome.exe (PID: 1732 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" "http://c lick-revol ut.com/sta rt.php MD5: 6ACAE527E744C80997B25EF2A0485D5E)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 142.250.180.173 | true | false | high | |
click-revolut.com | 101.99.93.230 | true | false | unknown | |
clients.l.google.com | 142.250.184.78 | true | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | unknown | ||
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.184.78 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.180.173 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
101.99.93.230 | click-revolut.com | Malaysia | 45839 | SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY | false |
IP |
---|
192.168.2.255 |
127.0.0.1 |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 829687 |
Start date and time: | 2023-03-18 21:11:58 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://click-revolut.com/start.php |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 2 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@28/0@4/6 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): vga.dll
- Excluded IPs from analysis (whitelisted): 142.251.209.35, 34.104.35.123, 142.250.184.67
- Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com, www.gstatic.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- Report size getting too big, too many NtWriteVirtualMemory calls found.
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 18, 2023 21:13:01.131701946 CET | 49171 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:01.170856953 CET | 49172 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:01.181163073 CET | 80 | 49171 | 101.99.93.230 | 192.168.2.22 |
Mar 18, 2023 21:13:01.181329012 CET | 49171 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:01.220176935 CET | 80 | 49172 | 101.99.93.230 | 192.168.2.22 |
Mar 18, 2023 21:13:01.220339060 CET | 49172 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:01.231046915 CET | 80 | 49171 | 101.99.93.230 | 192.168.2.22 |
Mar 18, 2023 21:13:01.264676094 CET | 49173 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:01.266911983 CET | 49171 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:01.313889027 CET | 80 | 49173 | 101.99.93.230 | 192.168.2.22 |
Mar 18, 2023 21:13:01.314054012 CET | 49173 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:01.333414078 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:01.333451033 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:01.333518982 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:01.333964109 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:01.333981991 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:01.572734118 CET | 49171 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:02.261219025 CET | 49171 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:02.324541092 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:02.324608088 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:02.324702024 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:02.415764093 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:02.415800095 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:02.431313992 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:02.448827028 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:02.448848963 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:02.450680017 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:02.450799942 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:02.491168022 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:02.494421959 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:02.494452000 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:02.495012045 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:02.495074987 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:02.495847940 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:02.495907068 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:03.174649954 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:03.174706936 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:03.174808979 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:03.174869061 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:03.174915075 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:03.175148010 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:03.175151110 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:03.175174952 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:03.175266981 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:03.175287008 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:03.221793890 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:03.221863985 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:03.221895933 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:03.221966982 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:03.222033024 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:03.239104033 CET | 49176 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:03.239145994 CET | 443 | 49176 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:03.249412060 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:03.249471903 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:03.249496937 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:03.249970913 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:03.250022888 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:03.403189898 CET | 49175 | 443 | 192.168.2.22 | 142.250.180.173 |
Mar 18, 2023 21:13:03.403244019 CET | 443 | 49175 | 142.250.180.173 | 192.168.2.22 |
Mar 18, 2023 21:13:03.461410999 CET | 49171 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:03.511388063 CET | 80 | 49171 | 101.99.93.230 | 192.168.2.22 |
Mar 18, 2023 21:13:10.047576904 CET | 49186 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:10.047669888 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.047780037 CET | 49186 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:10.093904972 CET | 49186 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:10.093976021 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.180089951 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.186811924 CET | 49186 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:10.186846018 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.187704086 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.188597918 CET | 49186 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:10.188631058 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.188736916 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.188853025 CET | 49186 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:10.188870907 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.248115063 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.248471022 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:10.248584986 CET | 49186 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:10.306466103 CET | 49186 | 443 | 192.168.2.22 | 142.250.184.78 |
Mar 18, 2023 21:13:10.306533098 CET | 443 | 49186 | 142.250.184.78 | 192.168.2.22 |
Mar 18, 2023 21:13:13.424814939 CET | 49173 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:13.471817017 CET | 49172 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:13.724843025 CET | 49173 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:13.771821976 CET | 49172 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:14.324919939 CET | 49173 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:14.371928930 CET | 49172 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:15.525129080 CET | 49173 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:15.572130919 CET | 49172 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:17.967490911 CET | 49172 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:18.008512974 CET | 49173 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:22.768140078 CET | 49172 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:22.808171034 CET | 49173 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:48.513531923 CET | 49171 | 80 | 192.168.2.22 | 101.99.93.230 |
Mar 18, 2023 21:13:48.563740015 CET | 80 | 49171 | 101.99.93.230 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 18, 2023 21:12:56.824712992 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:12:57.574201107 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:12:58.324737072 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:12:58.455176115 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:12:58.456098080 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:12:59.205034971 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:12:59.205971956 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:12:59.840971947 CET | 54723 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 18, 2023 21:12:59.862382889 CET | 53 | 54723 | 8.8.8.8 | 192.168.2.22 |
Mar 18, 2023 21:12:59.955135107 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:12:59.956077099 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:01.070913076 CET | 58062 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 18, 2023 21:13:01.077491999 CET | 59241 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 18, 2023 21:13:01.106517076 CET | 53 | 59241 | 8.8.8.8 | 192.168.2.22 |
Mar 18, 2023 21:13:02.205001116 CET | 58062 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 18, 2023 21:13:02.233052969 CET | 53 | 58062 | 8.8.8.8 | 192.168.2.22 |
Mar 18, 2023 21:13:03.769119024 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:03.844715118 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:03.846055984 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:04.518580914 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:04.594597101 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:04.595510006 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:05.268698931 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:05.344671011 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:05.345637083 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:07.023123026 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:07.748198986 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:07.753016949 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:07.773073912 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:08.498143911 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:08.503082037 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:08.523127079 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:09.248275042 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:09.253221035 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:24.466310024 CET | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:41.605438948 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:42.354717016 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:43.104774952 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:56.460520029 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:57.209777117 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Mar 18, 2023 21:13:57.959872961 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 18, 2023 21:12:59.840971947 CET | 192.168.2.22 | 8.8.8.8 | 0x975d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 18, 2023 21:13:01.070913076 CET | 192.168.2.22 | 8.8.8.8 | 0xd2a3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 18, 2023 21:13:01.077491999 CET | 192.168.2.22 | 8.8.8.8 | 0x71d3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 18, 2023 21:13:02.205001116 CET | 192.168.2.22 | 8.8.8.8 | 0xd2a3 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 18, 2023 21:12:59.862382889 CET | 8.8.8.8 | 192.168.2.22 | 0x975d | No error (0) | 101.99.93.230 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2023 21:13:01.106517076 CET | 8.8.8.8 | 192.168.2.22 | 0x71d3 | No error (0) | 142.250.180.173 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2023 21:13:02.233052969 CET | 8.8.8.8 | 192.168.2.22 | 0xd2a3 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 18, 2023 21:13:02.233052969 CET | 8.8.8.8 | 192.168.2.22 | 0xd2a3 | No error (0) | 142.250.184.78 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49175 | 142.250.180.173 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49176 | 142.250.184.78 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49186 | 142.250.184.78 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49171 | 101.99.93.230 | 80 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 18, 2023 21:13:01.266911983 CET | 2 | OUT | |
Mar 18, 2023 21:13:01.572734118 CET | 4 | OUT | |
Mar 18, 2023 21:13:02.261219025 CET | 5 | OUT | |
Mar 18, 2023 21:13:03.461410999 CET | 154 | OUT | |
Mar 18, 2023 21:13:48.513531923 CET | 426 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49175 | 142.250.180.173 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-18 20:13:03 UTC | 0 | OUT | |
2023-03-18 20:13:03 UTC | 0 | OUT | |
2023-03-18 20:13:03 UTC | 2 | IN | |
2023-03-18 20:13:03 UTC | 4 | IN | |
2023-03-18 20:13:03 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49176 | 142.250.184.78 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-18 20:13:03 UTC | 0 | OUT | |
2023-03-18 20:13:03 UTC | 1 | IN | |
2023-03-18 20:13:03 UTC | 2 | IN | |
2023-03-18 20:13:03 UTC | 2 | IN | |
2023-03-18 20:13:03 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49186 | 142.250.184.78 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-18 20:13:10 UTC | 4 | OUT | |
2023-03-18 20:13:10 UTC | 5 | IN | |
2023-03-18 20:13:10 UTC | 6 | IN | |
2023-03-18 20:13:10 UTC | 6 | IN | |
2023-03-18 20:13:10 UTC | 6 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:12:20 |
Start date: | 18/03/2023 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f5b0000 |
File size: | 1820656 bytes |
MD5 hash: | 6ACAE527E744C80997B25EF2A0485D5E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 1 |
Start time: | 21:12:21 |
Start date: | 18/03/2023 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f5b0000 |
File size: | 1820656 bytes |
MD5 hash: | 6ACAE527E744C80997B25EF2A0485D5E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 4 |
Start time: | 21:12:22 |
Start date: | 18/03/2023 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f5b0000 |
File size: | 1820656 bytes |
MD5 hash: | 6ACAE527E744C80997B25EF2A0485D5E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |