Windows
Analysis Report
https://mydhl.express.dhl$tracking_link/
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5172 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA) chrome.exe (PID: 5612 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-G B --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1984 --fi eld-trial- handle=187 6,i,177459 4515983938 874,329945 1228353402 327,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
chrome.exe (PID: 6376 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http s://mydhl. express.dh l$tracking _link/ MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- cleanup
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Directory created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 172.217.13.206 | true | false | high | |
accounts.google.com | 172.217.13.109 | true | false | high | |
www.google.com | 172.217.13.100 | true | false | high | |
clients.l.google.com | 172.217.13.110 | true | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.13.109 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.13.110 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.13.100 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 38.0.0 Beryl |
Analysis ID: | 1315396 |
Start date and time: | 2023-09-27 18:27:14 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://mydhl.express.dhl$tracking_link/ |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@22/0@8/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, Ba ckgroundTransferHost.exe, back groundTaskHost.exe, svchost.ex e, wuapihost.exe - Excluded IPs from analysis (wh
itelisted): 172.217.13.131, 34 .104.35.123, 172.217.13.195 - Excluded domains from analysis
(whitelisted): www.bing.com, ris.api.iris.microsoft.com, cl ient.wns.windows.com, edgedl.m e.gvt1.com, update.googleapis. com, tse1.mm.bing.net, ctldl.w indowsupdate.com, clientservic es.googleapis.com, displaycata log.mp.microsoft.com, arc.msn. com - Not all processes where analyz
ed, report is missing behavior information - VT rate limit hit for: https:
//mydhl.express.dhl$tracking_l ink/
Download Network PCAP: filtered – full
- Total Packets: 49
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2023 18:27:54.523381948 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.523401976 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:54.523448944 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.524583101 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.524594069 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:54.542135000 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.542171001 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.542238951 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.542479992 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.542493105 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.774111986 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:54.774549007 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.774564028 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:54.776702881 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:54.776771069 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.779021978 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.779201031 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:54.779237032 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.794238091 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.794439077 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.794466019 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.794764042 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.794945002 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.795267105 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.795340061 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.796076059 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.796220064 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.796246052 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.796276093 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.822475910 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:54.823440075 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.823497057 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:54.839165926 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:54.839193106 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:54.870282888 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:54.885891914 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:55.027203083 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:55.027498007 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:55.027580976 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:55.028825045 CEST | 49786 | 443 | 192.168.2.4 | 172.217.13.109 |
Sep 27, 2023 18:27:55.028848886 CEST | 443 | 49786 | 172.217.13.109 | 192.168.2.4 |
Sep 27, 2023 18:27:55.043868065 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:55.044228077 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:55.044291973 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:55.044387102 CEST | 49787 | 443 | 192.168.2.4 | 172.217.13.110 |
Sep 27, 2023 18:27:55.044393063 CEST | 443 | 49787 | 172.217.13.110 | 192.168.2.4 |
Sep 27, 2023 18:27:59.021543980 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:27:59.021589994 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:27:59.021657944 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:27:59.021852970 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:27:59.021874905 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:27:59.267911911 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:27:59.268260956 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:27:59.268279076 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:27:59.269712925 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:27:59.269788027 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:27:59.270683050 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:27:59.270765066 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:27:59.319597006 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:27:59.319654942 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:27:59.366396904 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:28:09.251100063 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:09.251172066 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:09.251240015 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:28:10.538014889 CEST | 49789 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:28:10.538062096 CEST | 443 | 49789 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:58.973614931 CEST | 49826 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:28:58.973691940 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:58.973965883 CEST | 49826 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:28:58.974085093 CEST | 49826 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:28:58.974112988 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:59.213980913 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:59.214446068 CEST | 49826 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:28:59.214473009 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:59.215043068 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:59.215480089 CEST | 49826 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:28:59.215743065 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:28:59.269277096 CEST | 49826 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:29:09.196487904 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:29:09.196655989 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Sep 27, 2023 18:29:09.196748972 CEST | 49826 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:29:10.611681938 CEST | 49826 | 443 | 192.168.2.4 | 172.217.13.100 |
Sep 27, 2023 18:29:10.611725092 CEST | 443 | 49826 | 172.217.13.100 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2023 18:27:54.414583921 CEST | 58528 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2023 18:27:54.415605068 CEST | 52375 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2023 18:27:54.415831089 CEST | 50244 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2023 18:27:54.415999889 CEST | 52058 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2023 18:27:54.520185947 CEST | 53 | 50244 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:54.521155119 CEST | 53 | 51333 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:54.521799088 CEST | 53 | 58528 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:54.522262096 CEST | 53 | 52375 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:54.549154997 CEST | 53 | 52058 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:55.246236086 CEST | 53 | 52884 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:55.858062983 CEST | 60048 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2023 18:27:55.858424902 CEST | 63696 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2023 18:27:55.964663982 CEST | 53 | 63696 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:55.966888905 CEST | 53 | 60048 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:58.914153099 CEST | 58380 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2023 18:27:58.914153099 CEST | 51240 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2023 18:27:59.019412041 CEST | 53 | 51240 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:27:59.020622969 CEST | 53 | 58380 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:28:12.195467949 CEST | 53 | 64749 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:28:19.198510885 CEST | 53 | 65146 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:28:30.003868103 CEST | 53 | 62339 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:28:47.773494959 CEST | 53 | 60052 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2023 18:28:54.158864021 CEST | 53 | 55208 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Sep 27, 2023 18:27:54.549231052 CEST | 192.168.2.4 | 8.8.8.8 | d041 | (Port unreachable) | Destination Unreachable |
Sep 27, 2023 18:28:53.659429073 CEST | 192.168.2.4 | 8.8.8.8 | d0d8 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2023 18:27:54.414583921 CEST | 192.168.2.4 | 8.8.8.8 | 0xaefb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2023 18:27:54.415605068 CEST | 192.168.2.4 | 8.8.8.8 | 0x335f | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2023 18:27:54.415831089 CEST | 192.168.2.4 | 8.8.8.8 | 0x789c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2023 18:27:54.415999889 CEST | 192.168.2.4 | 8.8.8.8 | 0xf907 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2023 18:27:55.858062983 CEST | 192.168.2.4 | 8.8.8.8 | 0xeebc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2023 18:27:55.858424902 CEST | 192.168.2.4 | 8.8.8.8 | 0xde4a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2023 18:27:58.914153099 CEST | 192.168.2.4 | 8.8.8.8 | 0x6ea3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2023 18:27:58.914153099 CEST | 192.168.2.4 | 8.8.8.8 | 0x4595 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2023 18:27:54.520185947 CEST | 8.8.8.8 | 192.168.2.4 | 0x789c | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2023 18:27:54.520185947 CEST | 8.8.8.8 | 192.168.2.4 | 0x789c | No error (0) | 172.217.13.110 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2023 18:27:54.521799088 CEST | 8.8.8.8 | 192.168.2.4 | 0xaefb | No error (0) | 172.217.13.109 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2023 18:27:54.549154997 CEST | 8.8.8.8 | 192.168.2.4 | 0xf907 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2023 18:27:55.964663982 CEST | 8.8.8.8 | 192.168.2.4 | 0xde4a | No error (0) | 172.217.13.206 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2023 18:27:55.966888905 CEST | 8.8.8.8 | 192.168.2.4 | 0xeebc | No error (0) | 172.217.13.206 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2023 18:27:59.019412041 CEST | 8.8.8.8 | 192.168.2.4 | 0x4595 | No error (0) | 65 | IN (0x0001) | false | |||
Sep 27, 2023 18:27:59.020622969 CEST | 8.8.8.8 | 192.168.2.4 | 0x6ea3 | No error (0) | 172.217.13.100 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49786 | 172.217.13.109 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-09-27 16:27:54 UTC | 0 | OUT | |
2023-09-27 16:27:54 UTC | 1 | OUT | |
2023-09-27 16:27:55 UTC | 1 | IN | |
2023-09-27 16:27:55 UTC | 3 | IN | |
2023-09-27 16:27:55 UTC | 3 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49787 | 172.217.13.110 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-09-27 16:27:54 UTC | 1 | OUT | |
2023-09-27 16:27:55 UTC | 3 | IN | |
2023-09-27 16:27:55 UTC | 4 | IN | |
2023-09-27 16:27:55 UTC | 4 | IN | |
2023-09-27 16:27:55 UTC | 4 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:27:53 |
Start date: | 27/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff632090000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 18:27:53 |
Start date: | 27/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff632090000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:27:55 |
Start date: | 27/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff632090000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |