Windows
Analysis Report
https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5312 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA) chrome.exe (PID: 5484 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1928 --fi eld-trial- handle=187 6,i,654047 7661063236 297,643032 1665533691 464,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
chrome.exe (PID: 6172 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http s://ssl.gs tatic.com/ ui/v1/icon s/mail/ima ges/favico n5.ico MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- cleanup
- • Phishing
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
Phishing |
---|
Source: | Matcher: |
Source: | HTTP Parser: |
Source: | Directory created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 172.217.2.205 | true | false | high | |
www.google.com | 142.250.217.228 | true | false | high | |
clients.l.google.com | 192.178.50.78 | true | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.178.50.78 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.217.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.2.205 | accounts.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.1 |
192.168.2.5 |
Joe Sandbox Version: | 38.0.0 Beryl |
Analysis ID: | 1314536 |
Start date and time: | 2023-09-26 15:17:00 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.phis.win@18/2@6/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): BackgroundTrans ferHost.exe, backgroundTaskHos t.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.64.195, 34 .104.35.123, 192.178.50.35, 14 2.250.217.195 - Excluded domains from analysis
(whitelisted): www.bing.com, ssl.gstatic.com, edgedl.me.gvt 1.com, update.googleapis.com, tse1.mm.bing.net, ctldl.window supdate.com, clientservices.go ogleapis.com, arc.msn.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtSetInformationFile c alls found.
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1572 |
Entropy (8bit): | 5.2647442020070505 |
Encrypted: | false |
SSDEEP: | 24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xTOS8f:3qD+2+pUAew85zsT9A |
MD5: | 13FEC0C2FBF5C47C4608CE0C9405E5A7 |
SHA1: | DAFB6CA27CFD22E88A2D53150C4350FCA3D32A21 |
SHA-256: | 7F25FD0260C4EF8C26A87A5A126634E846BA539C75E5D508103F4D98831654A5 |
SHA-512: | 7B9C5B92CDB7C3CEA0B6B862EBE67F75D92C1F1A8D5AAFE771CA50A724E4AF7F3C1CA280CBC53BF3EA3FB6344C41D1BA06BC032FC9B408C3B30BD301239CD001 |
Malicious: | false |
Reputation: | low |
URL: | https://ssl.gstatic.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3638 |
Entropy (8bit): | 5.221239686843055 |
Encrypted: | false |
SSDEEP: | 48:CgMqimFX1jpR6Knb1l/ZwqXwNzO2amB3+IlT59BuTLE7+2Tps:CgM5mFXppR9nb1lhVwF0IlZ0LV2m |
MD5: | 2DB0D88CEA7A3CEF82DEBA04D4C9F354 |
SHA1: | 96BF8F66AF19920AF4B12C19F17D535477F611AC |
SHA-256: | 5C853D14E4ECDA15C5F570AF65BFD35B16514D025F16D40219DF0A1E3C9817A1 |
SHA-512: | 7B82D3023A4935E2D416FF30C41611B99EA178706E5710165F2C06E9CDE0AF060F9718A893D7743D5504B99D9FD1F923BE77D35DCEB66CFD8AC0BC47681D90C0 |
Malicious: | false |
Reputation: | low |
URL: | https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 34
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2023 15:17:48.476347923 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:48.476432085 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:48.476519108 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:48.477202892 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:48.477233887 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:48.488401890 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:48.488437891 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:48.488563061 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:48.488883018 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:48.488893986 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:48.793771982 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:48.794142962 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:48.794190884 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:48.795557022 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:48.795643091 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:48.798192978 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:48.798280954 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:48.798752069 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:48.798778057 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:48.798799992 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:48.798938990 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:48.798974037 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:48.799365997 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:48.799439907 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:48.800084114 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:48.800137043 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:48.801949024 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:48.802018881 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:48.802082062 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:48.802098036 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:48.847918987 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:48.847975969 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:49.067929029 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:49.068362951 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:49.068625927 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:49.069372892 CEST | 49774 | 443 | 192.168.2.7 | 192.178.50.78 |
Sep 26, 2023 15:17:49.069387913 CEST | 443 | 49774 | 192.178.50.78 | 192.168.2.7 |
Sep 26, 2023 15:17:49.073537111 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:49.073682070 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:49.073736906 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:49.074528933 CEST | 49775 | 443 | 192.168.2.7 | 172.217.2.205 |
Sep 26, 2023 15:17:49.074548960 CEST | 443 | 49775 | 172.217.2.205 | 192.168.2.7 |
Sep 26, 2023 15:17:53.225368977 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:17:53.225405931 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:17:53.225558043 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:17:53.225886106 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:17:53.225897074 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:17:53.504200935 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:17:53.551635981 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:17:53.551656961 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:17:53.553354025 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:17:53.553426981 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:17:53.592133045 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:17:53.592370987 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:17:53.637268066 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:17:53.637300968 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:17:53.684108019 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:18:03.483058929 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:03.483141899 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:03.483206987 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:18:04.467061996 CEST | 49779 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:18:04.467109919 CEST | 443 | 49779 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:53.217957020 CEST | 49794 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:18:53.218038082 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:53.218125105 CEST | 49794 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:18:53.218595028 CEST | 49794 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:18:53.218615055 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:53.487654924 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:53.488023996 CEST | 49794 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:18:53.488059044 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:53.488372087 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:53.488895893 CEST | 49794 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:18:53.488953114 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:18:53.540414095 CEST | 49794 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:19:03.483128071 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:19:03.483303070 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Sep 26, 2023 15:19:03.483381033 CEST | 49794 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:19:04.467535973 CEST | 49794 | 443 | 192.168.2.7 | 142.250.217.228 |
Sep 26, 2023 15:19:04.467585087 CEST | 443 | 49794 | 142.250.217.228 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2023 15:17:48.333165884 CEST | 64203 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 26, 2023 15:17:48.333376884 CEST | 51379 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 26, 2023 15:17:48.333892107 CEST | 61147 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 26, 2023 15:17:48.334202051 CEST | 55216 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 26, 2023 15:17:48.459976912 CEST | 53 | 51379 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:17:48.471266031 CEST | 53 | 64203 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:17:48.471488953 CEST | 53 | 61147 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:17:48.471570015 CEST | 53 | 50045 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:17:48.488033056 CEST | 53 | 55216 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:17:49.290024042 CEST | 53 | 62899 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:17:49.645473003 CEST | 53 | 53869 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:17:53.004812002 CEST | 61639 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 26, 2023 15:17:53.005100012 CEST | 59873 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 26, 2023 15:17:53.142802954 CEST | 53 | 59873 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:17:53.157855034 CEST | 53 | 61639 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:18:06.402836084 CEST | 53 | 53166 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:18:13.369920969 CEST | 53 | 57250 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:18:23.765330076 CEST | 53 | 49578 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:18:41.901617050 CEST | 53 | 54402 | 8.8.8.8 | 192.168.2.7 |
Sep 26, 2023 15:18:48.220968962 CEST | 53 | 65158 | 8.8.8.8 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 26, 2023 15:17:48.333165884 CEST | 192.168.2.7 | 8.8.8.8 | 0x41de | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2023 15:17:48.333376884 CEST | 192.168.2.7 | 8.8.8.8 | 0x92cd | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 26, 2023 15:17:48.333892107 CEST | 192.168.2.7 | 8.8.8.8 | 0xf660 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2023 15:17:48.334202051 CEST | 192.168.2.7 | 8.8.8.8 | 0x4bd5 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 26, 2023 15:17:53.004812002 CEST | 192.168.2.7 | 8.8.8.8 | 0xe51f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2023 15:17:53.005100012 CEST | 192.168.2.7 | 8.8.8.8 | 0x3a9a | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 26, 2023 15:17:48.459976912 CEST | 8.8.8.8 | 192.168.2.7 | 0x92cd | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 26, 2023 15:17:48.471266031 CEST | 8.8.8.8 | 192.168.2.7 | 0x41de | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 26, 2023 15:17:48.471266031 CEST | 8.8.8.8 | 192.168.2.7 | 0x41de | No error (0) | 192.178.50.78 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2023 15:17:48.471488953 CEST | 8.8.8.8 | 192.168.2.7 | 0xf660 | No error (0) | 172.217.2.205 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2023 15:17:53.142802954 CEST | 8.8.8.8 | 192.168.2.7 | 0x3a9a | No error (0) | 65 | IN (0x0001) | false | |||
Sep 26, 2023 15:17:53.157855034 CEST | 8.8.8.8 | 192.168.2.7 | 0xe51f | No error (0) | 142.250.217.228 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49775 | 172.217.2.205 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-09-26 13:17:48 UTC | 0 | OUT | |
2023-09-26 13:17:48 UTC | 0 | OUT | |
2023-09-26 13:17:49 UTC | 2 | IN | |
2023-09-26 13:17:49 UTC | 4 | IN | |
2023-09-26 13:17:49 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.7 | 49774 | 192.178.50.78 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-09-26 13:17:48 UTC | 0 | OUT | |
2023-09-26 13:17:49 UTC | 1 | IN | |
2023-09-26 13:17:49 UTC | 2 | IN | |
2023-09-26 13:17:49 UTC | 2 | IN | |
2023-09-26 13:17:49 UTC | 2 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 15:17:46 |
Start date: | 26/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8900000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 15:17:46 |
Start date: | 26/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8900000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 15:17:48 |
Start date: | 26/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8900000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |