Windows
Analysis Report
http://162.159.134.233:443
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 4732 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA) - chrome.exe (PID: 5896 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2092 --fi eld-trial- handle=177 6,i,587268 3989168897 515,642043 4662059444 935,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- chrome.exe (PID: 6528 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http ://162.159 .134.233:4 43 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- cleanup
- • AV Detection
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
10% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 142.250.65.237 | true | false | high | |
www.google.com | 142.251.32.100 | true | false | high | |
clients.l.google.com | 142.251.32.110 | true | false | high | |
clients2.google.com | unknown | unknown | false | high | |
tse1.mm.bing.net | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.32.110 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.32.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.65.237 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
162.159.134.233 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 38.0.0 Beryl |
Analysis ID: | 1315772 |
Start date and time: | 2023-09-28 12:26:41 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 1m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://162.159.134.233:443 |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@20/0@7/6 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis
(whitelisted): backgroundTaskH ost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.65.195, 34 .104.35.123, 20.96.153.111, 20 4.79.197.200, 13.107.21.200 - Excluded domains from analysis
(whitelisted): edgedl.me.gvt1 .com, mm-mm.bing.net.trafficma nager.net, dual-a-0001.a-msedg e.net, clientservices.googleap is.com, arc.trafficmanager.net , arc.msn.com, iris-de-prod-az sc-v2-eus2.eastus2.cloudapp.az ure.com - Not all processes where analyz
ed, report is missing behavior information
Download Network PCAP: filtered – full
- Total Packets: 67
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 28, 2023 12:27:26.548548937 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.548634052 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:26.549093008 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.550252914 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.550287962 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:26.550627947 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.550712109 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.550806999 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.550961971 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.550991058 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.822549105 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:26.822598934 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.822889090 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.822913885 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:26.823219061 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.823299885 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.823811054 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.823967934 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.824733973 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:26.824794054 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.824852943 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.825062990 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.825608015 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.825689077 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:26.825804949 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.825926065 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.826018095 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.826020956 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.866524935 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.866549015 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:26.867635965 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.867647886 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:26.867741108 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:26.867796898 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:26.907669067 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:26.907716036 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:27.002557993 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:27.002934933 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:27.007711887 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:27.011315107 CEST | 49793 | 443 | 192.168.2.3 | 142.251.32.110 |
Sep 28, 2023 12:27:27.011354923 CEST | 443 | 49793 | 142.251.32.110 | 192.168.2.3 |
Sep 28, 2023 12:27:27.021370888 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:27.021737099 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:27.027865887 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:27.030411005 CEST | 49791 | 443 | 192.168.2.3 | 142.250.65.237 |
Sep 28, 2023 12:27:27.030425072 CEST | 443 | 49791 | 142.250.65.237 | 192.168.2.3 |
Sep 28, 2023 12:27:27.816953897 CEST | 49794 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.817029953 CEST | 443 | 49794 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:27.817208052 CEST | 49795 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.817286015 CEST | 443 | 49795 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:27.817586899 CEST | 49794 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.817656994 CEST | 49795 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.827106953 CEST | 49795 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.827183008 CEST | 443 | 49795 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:27.827266932 CEST | 443 | 49795 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:27.827756882 CEST | 49794 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.827836037 CEST | 443 | 49794 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:27.827914000 CEST | 443 | 49794 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:27.828959942 CEST | 49796 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.829035044 CEST | 443 | 49796 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:27.829591990 CEST | 49796 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.829591990 CEST | 49796 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:27.829719067 CEST | 443 | 49796 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:27.829823017 CEST | 443 | 49796 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.927531004 CEST | 49798 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.927604914 CEST | 443 | 49798 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.927843094 CEST | 49798 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.927983046 CEST | 49799 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.928020000 CEST | 443 | 49799 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.928812981 CEST | 49799 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.992029905 CEST | 49799 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.992105961 CEST | 443 | 49799 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.992203951 CEST | 443 | 49799 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.993299961 CEST | 49798 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.993379116 CEST | 443 | 49798 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.993643045 CEST | 443 | 49798 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.998056889 CEST | 49800 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.998105049 CEST | 443 | 49800 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.998174906 CEST | 49800 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.998276949 CEST | 49800 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:28.998285055 CEST | 443 | 49800 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:28.998533964 CEST | 443 | 49800 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:31.060776949 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:31.060822964 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:31.076550007 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:31.106724024 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:31.106796026 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:31.316592932 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:31.351701975 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:31.351726055 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:31.355612040 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:31.355808973 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:31.355823040 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:31.361596107 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:31.362056017 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:31.416271925 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:31.416295052 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:31.476643085 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:34.013835907 CEST | 49802 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.013926029 CEST | 443 | 49802 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:34.014107943 CEST | 49803 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.014159918 CEST | 49802 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.014185905 CEST | 443 | 49803 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:34.014303923 CEST | 49803 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.017781973 CEST | 49803 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.017823935 CEST | 443 | 49803 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:34.017936945 CEST | 443 | 49803 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:34.018273115 CEST | 49802 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.018309116 CEST | 443 | 49802 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:34.018424034 CEST | 443 | 49802 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:34.018870115 CEST | 49804 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.018925905 CEST | 443 | 49804 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:34.019017935 CEST | 49804 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.019237995 CEST | 49804 | 443 | 192.168.2.3 | 162.159.134.233 |
Sep 28, 2023 12:27:34.019272089 CEST | 443 | 49804 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:34.019323111 CEST | 443 | 49804 | 162.159.134.233 | 192.168.2.3 |
Sep 28, 2023 12:27:41.292586088 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:41.292725086 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Sep 28, 2023 12:27:41.292818069 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:42.588677883 CEST | 49801 | 443 | 192.168.2.3 | 142.251.32.100 |
Sep 28, 2023 12:27:42.588774920 CEST | 443 | 49801 | 142.251.32.100 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 28, 2023 12:27:26.449409962 CEST | 50598 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2023 12:27:26.449409962 CEST | 63088 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2023 12:27:26.449579000 CEST | 52726 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2023 12:27:26.449722052 CEST | 65279 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2023 12:27:26.546725035 CEST | 53 | 50598 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:26.546899080 CEST | 53 | 65279 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:26.546916008 CEST | 53 | 52726 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:26.547574997 CEST | 53 | 50357 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:26.549348116 CEST | 53 | 63088 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:27.176835060 CEST | 53 | 54711 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:30.927447081 CEST | 54477 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2023 12:27:30.927967072 CEST | 58283 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2023 12:27:31.019110918 CEST | 53 | 54477 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:31.025428057 CEST | 53 | 58283 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:44.218545914 CEST | 53 | 58131 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2023 12:27:47.316548109 CEST | 57846 | 53 | 192.168.2.3 | 8.8.8.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 28, 2023 12:27:26.449409962 CEST | 192.168.2.3 | 8.8.8.8 | 0x8ccc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 28, 2023 12:27:26.449409962 CEST | 192.168.2.3 | 8.8.8.8 | 0xecc2 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 28, 2023 12:27:26.449579000 CEST | 192.168.2.3 | 8.8.8.8 | 0x7e4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 28, 2023 12:27:26.449722052 CEST | 192.168.2.3 | 8.8.8.8 | 0xadef | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 28, 2023 12:27:30.927447081 CEST | 192.168.2.3 | 8.8.8.8 | 0x50ef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 28, 2023 12:27:30.927967072 CEST | 192.168.2.3 | 8.8.8.8 | 0x987b | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 28, 2023 12:27:47.316548109 CEST | 192.168.2.3 | 8.8.8.8 | 0x81d7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 28, 2023 12:27:26.546725035 CEST | 8.8.8.8 | 192.168.2.3 | 0x8ccc | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 28, 2023 12:27:26.546725035 CEST | 8.8.8.8 | 192.168.2.3 | 0x8ccc | No error (0) | 142.251.32.110 | A (IP address) | IN (0x0001) | false | ||
Sep 28, 2023 12:27:26.546916008 CEST | 8.8.8.8 | 192.168.2.3 | 0x7e4 | No error (0) | 142.250.65.237 | A (IP address) | IN (0x0001) | false | ||
Sep 28, 2023 12:27:26.549348116 CEST | 8.8.8.8 | 192.168.2.3 | 0xecc2 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 28, 2023 12:27:31.019110918 CEST | 8.8.8.8 | 192.168.2.3 | 0x50ef | No error (0) | 142.251.32.100 | A (IP address) | IN (0x0001) | false | ||
Sep 28, 2023 12:27:31.025428057 CEST | 8.8.8.8 | 192.168.2.3 | 0x987b | No error (0) | 65 | IN (0x0001) | false | |||
Sep 28, 2023 12:27:47.417308092 CEST | 8.8.8.8 | 192.168.2.3 | 0x81d7 | No error (0) | mm-mm.bing.net.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49791 | 142.250.65.237 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49793 | 142.251.32.110 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.3 | 49804 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:34.019237995 CEST | 101 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49795 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:27.827106953 CEST | 88 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49794 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:27.827756882 CEST | 89 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.3 | 49796 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:27.829591990 CEST | 89 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.3 | 49799 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:28.992029905 CEST | 91 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.3 | 49798 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:28.993299961 CEST | 91 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.3 | 49800 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:28.998276949 CEST | 92 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.3 | 49803 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:34.017781973 CEST | 99 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.3 | 49802 | 162.159.134.233 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 28, 2023 12:27:34.018273115 CEST | 100 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49791 | 142.250.65.237 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-09-28 10:27:26 UTC | 0 | OUT | |
2023-09-28 10:27:26 UTC | 0 | OUT | |
2023-09-28 10:27:27 UTC | 2 | IN | |
2023-09-28 10:27:27 UTC | 4 | IN | |
2023-09-28 10:27:27 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49793 | 142.251.32.110 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-09-28 10:27:26 UTC | 0 | OUT | |
2023-09-28 10:27:26 UTC | 1 | IN | |
2023-09-28 10:27:26 UTC | 2 | IN | |
2023-09-28 10:27:26 UTC | 2 | IN | |
2023-09-28 10:27:26 UTC | 2 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 12:27:24 |
Start date: | 28/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65c530000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 12:27:25 |
Start date: | 28/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65c530000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 12:27:26 |
Start date: | 28/09/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65c530000 |
File size: | 3'219'224 bytes |
MD5 hash: | 8D1C4713ACB7CC2AAAEE4477C58A80BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |