Windows
Analysis Report
http://bookedresults.my.id
Overview
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5488 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) chrome.exe (PID: 5720 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2596 --fi eld-trial- handle=252 0,i,150457 8994988907 0593,12427 8487747816 99257,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
chrome.exe (PID: 4500 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://booked results.my .id" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Boot Survival
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
13% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
13% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 172.253.62.106 | true | false | high | |
bookedresults.my.id | 69.49.230.198 | true | false |
| unknown |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.253.62.106 | www.google.com | United States | 15169 | GOOGLEUS | false | |
69.49.230.198 | bookedresults.my.id | United States | 46606 | UNIFIEDLAYER-AS-1US | false |
IP |
---|
192.168.2.10 |
192.168.2.3 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1415789 |
Start date and time: | 2024-03-26 13:45:59 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://bookedresults.my.id |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.win@16/10@6/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, SIHClient.exe, con host.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 172.253.62.101, 17 2.253.62.113, 172.253.62.139, 172.253.62.102, 172.253.62.100 , 172.253.62.138, 142.251.111. 84, 172.253.63.94, 34.104.35.1 23, 40.68.123.157, 192.229.211 .108, 20.242.39.171, 13.107.21 .200, 204.79.197.200, 142.251. 16.94 - Excluded domains from analysis
(whitelisted): www.bing.com, fs.microsoft.com, accounts.goo gle.com, slscr.update.microsof t.com, dual-a-0001.a-msedge.ne t, clientservices.googleapis.c om, www-www.bing.com.trafficma nager.net, fe3cr.delivery.mp.m icrosoft.com, fe3.delivery.mp. microsoft.com, clients2.google .com, edgedl.me.gvt1.com, ocsp .digicert.com, ocsp.edge.digic ert.com, glb.cws.prod.dcat.dsp .trafficmanager.net, www-bing- com.dual-a-0001.a-msedge.net, sls.update.microsoft.com, upda te.googleapis.com, clients.l.g oogle.com, glb.sls.prod.dcat.d sp.trafficmanager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtSetInformationFile c alls found.
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.9757352291225523 |
Encrypted: | false |
SSDEEP: | 48:8KdYTTbdnHyUidAKZdA1kLehwiZUklqehly+3:8lrds+y |
MD5: | CE13A62401BBCCE3A90CE01E5E4D486C |
SHA1: | A5F093131603B989A2B5D999C2B74869BAA48C3B |
SHA-256: | D4634C867D31F0268C6702A2ED996FDB606B4FDB56DDEB755D191BB692C8288C |
SHA-512: | FFBF6FC02B58099EAF808B492300848D9A309749632593D6BE25BFBED9BF2F4C2F155C83510B6A40CD4F693155DC06F3F2C6D2AC5EF219E678162DF4E3E3672C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9900394851122285 |
Encrypted: | false |
SSDEEP: | 48:8edYTTbdnHyUidAKZdA1DLeh/iZUkAQkqehuy+2:8hrdg9QXy |
MD5: | AD7FBDBD792D7390E8E67828C3C203EF |
SHA1: | 3C48D7839854D15C286C14D9763A453CDC065562 |
SHA-256: | DA5BBEEADF52F4D06BB87684793089ED78D2D59A421F054029AC32BE9FE9138C |
SHA-512: | 54EA713D8AADA35119678C2D810013C01DD9E51DD015D4EFDE45374CA0A587091C8CE354A86C02535FADA9AD490B1E99C91A232BF691832C25F53DCDD291B858 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2691 |
Entropy (8bit): | 3.999881927809523 |
Encrypted: | false |
SSDEEP: | 48:83dYTTbCnHyUidAKZdA14PLeh7sFiZUkmgqeh7sYy+BX:8OrCmnSy |
MD5: | E38A58610C85BFF76EE8AFEDCD170023 |
SHA1: | BF21E5B26F8731A6DA1581D62448DFD6854D347A |
SHA-256: | 234666EFDB5149AB612842702E93BF3F365D78D124EBCB3FC11F82C0E6F69CE9 |
SHA-512: | 979A4BEC920CF202F8B8618B7F1E196DA14C6D3F2232799D46CA780F08F3499CD8747DCFF89B94D7F38A3626379B66093F2C7501FE8355CA0B47FF507393D766 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9857068638051243 |
Encrypted: | false |
SSDEEP: | 48:8RdYTTbdnHyUidAKZdA1mLehDiZUkwqeh6y+R:80rdFgy |
MD5: | EFD54AB6C3F7AD8B93C071D2E0E14E3C |
SHA1: | 72013D854C63C5C69FA653545EBF70F97AE624CE |
SHA-256: | 7DF50F0CC1490A6955DE50B8E54BF4EBE5633F49B77229BBA61268DE543B482F |
SHA-512: | AC92F5264375E4A502B1B217AE2B2B14C4020B06FBF46EB11E362E6CFCB5C94B63C0BA3F7428D4CBEF5D67B74B05A3E8F690EEC4DD22A5048F9215F647DADBB7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9772141141915913 |
Encrypted: | false |
SSDEEP: | 48:8V8dYTTbdnHyUidAKZdA1oLehBiZUk1W1qehsy+C:81rd19My |
MD5: | 44F2A63221351EE21270DF0FEF0E553E |
SHA1: | 00DD33D8DA8DF95F663B56BBD424F8AAF78CDBBC |
SHA-256: | 3DE07578AC2FAD333A5128443B783DA7A09B9EA5A0F153A769AE44B16AB78406 |
SHA-512: | E460C94C8AF3F8F8993E457BB907960C4B7055EC4F16295D7595F13B97302654B91D67EDFB1BE39AAC9DB24875940D04FE417CCFC6E95DC6E8E355EFEE649FB8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.989544595921157 |
Encrypted: | false |
SSDEEP: | 48:82dYTTbdnHyUidAKZdA1duTBLehOuTbbiZUk5OjqehOuTbSy+yT+:8ZrdCT6TbxWOvTbSy7T |
MD5: | CBC1838B94DA95A78FC8A658F8FA1448 |
SHA1: | D1175C9415CE645D8EAFA361AA4BC06686264182 |
SHA-256: | B2C991EF5FEB4E6DCE49B6EB3921289E76CEB88BE5A6A05540508F65138AB34E |
SHA-512: | 679AEE8E26703A4EBBD1A576A6FF0690CD208BCF1D950DF8AB620527A5D2DB6EEBD63DA9FBDCD5606BDBC8665C3224BE433BEB7CED92F63B30DE62BDD961E550 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 315 |
Entropy (8bit): | 5.0572271090563765 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR |
MD5: | A34AC19F4AFAE63ADC5D2F7BC970C07F |
SHA1: | A82190FC530C265AA40A045C21770D967F4767B8 |
SHA-256: | D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3 |
SHA-512: | 42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765 |
Malicious: | false |
Reputation: | low |
URL: | http://bookedresults.my.id/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 8 |
Entropy (8bit): | 2.75 |
Encrypted: | false |
SSDEEP: | 3:4tT:W |
MD5: | 397D00B13C40E37711D9CBEA7FA61BD0 |
SHA1: | 1826B5600A8D92BD85FE5AB4E11005CF42F4027B |
SHA-256: | A68202A9E3005AD61F9EF52BA8288811DBD6F56022E8A9C901B31DD89DC9A51A |
SHA-512: | 6E9A642094E1EFA6ACECB9A28B05FEAF1811A3278D03AB2FB4FA8F731370FBFE7F406F2A9F71A542E14A5903A7591186D7047C9973DF4053EB698CAEC0FE6958 |
Malicious: | false |
Reputation: | low |
URL: | http://bookedresults.my.id/ |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 80
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2024 13:46:44.814233065 CET | 49681 | 443 | 192.168.2.3 | 20.189.173.5 |
Mar 26, 2024 13:46:45.126441002 CET | 49681 | 443 | 192.168.2.3 | 20.189.173.5 |
Mar 26, 2024 13:46:45.563913107 CET | 49677 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:46:45.564117908 CET | 49674 | 443 | 192.168.2.3 | 173.222.162.43 |
Mar 26, 2024 13:46:45.569264889 CET | 49675 | 443 | 192.168.2.3 | 104.98.116.155 |
Mar 26, 2024 13:46:45.569268942 CET | 49676 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:46:45.735753059 CET | 49681 | 443 | 192.168.2.3 | 20.189.173.5 |
Mar 26, 2024 13:46:45.957588911 CET | 49672 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:46:46.157722950 CET | 49671 | 443 | 192.168.2.3 | 204.79.197.203 |
Mar 26, 2024 13:46:46.938904047 CET | 49681 | 443 | 192.168.2.3 | 20.189.173.5 |
Mar 26, 2024 13:46:49.345145941 CET | 49681 | 443 | 192.168.2.3 | 20.189.173.5 |
Mar 26, 2024 13:46:53.829325914 CET | 49716 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:46:53.830276012 CET | 49717 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:46:53.939820051 CET | 80 | 49716 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:46:53.939948082 CET | 49716 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:46:53.940335989 CET | 80 | 49717 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:46:53.940349102 CET | 49716 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:46:53.940408945 CET | 49717 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:46:54.050537109 CET | 80 | 49716 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:46:54.051178932 CET | 80 | 49716 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:46:54.094449997 CET | 49716 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:46:54.145139933 CET | 49681 | 443 | 192.168.2.3 | 20.189.173.5 |
Mar 26, 2024 13:46:54.181761980 CET | 49716 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:46:54.292471886 CET | 80 | 49716 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:46:54.344985008 CET | 49716 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:46:55.015661001 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:46:55.015708923 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:46:55.015870094 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:46:55.016607046 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:46:55.016621113 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:46:55.168852091 CET | 49676 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:46:55.168869972 CET | 49675 | 443 | 192.168.2.3 | 104.98.116.155 |
Mar 26, 2024 13:46:55.168891907 CET | 49677 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:46:55.168893099 CET | 49674 | 443 | 192.168.2.3 | 173.222.162.43 |
Mar 26, 2024 13:46:55.238832951 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:46:55.260752916 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:46:55.260776043 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:46:55.262247086 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:46:55.262340069 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:46:55.264081955 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:46:55.264166117 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:46:55.309469938 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:46:55.309484005 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:46:55.356364965 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:46:55.559550047 CET | 49672 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:46:55.762609005 CET | 49671 | 443 | 192.168.2.3 | 204.79.197.203 |
Mar 26, 2024 13:46:56.350105047 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.350151062 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.350224972 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.352334976 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.352349043 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.552953005 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.553040028 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.557972908 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.557985067 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.558331966 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.606343031 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.630867004 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.676237106 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.736872911 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.736954927 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.737088919 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.737168074 CET | 49720 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.737185955 CET | 443 | 49720 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.802604914 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.802650928 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.802797079 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.803459883 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:56.803481102 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.999874115 CET | 443 | 49707 | 104.98.116.138 | 192.168.2.3 |
Mar 26, 2024 13:46:56.999901056 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:56.999977112 CET | 49707 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:46:57.000015974 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:57.001724005 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:57.001740932 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:57.001981974 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:57.003350019 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:57.048230886 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:57.189878941 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:57.189963102 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:57.190128088 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:57.192430973 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:57.192430973 CET | 49721 | 443 | 192.168.2.3 | 23.221.242.90 |
Mar 26, 2024 13:46:57.192457914 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:57.192470074 CET | 443 | 49721 | 23.221.242.90 | 192.168.2.3 |
Mar 26, 2024 13:46:59.297530890 CET | 80 | 49716 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:46:59.297602892 CET | 49716 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:47:00.969176054 CET | 49716 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:47:01.079554081 CET | 80 | 49716 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:47:03.747766018 CET | 49681 | 443 | 192.168.2.3 | 20.189.173.5 |
Mar 26, 2024 13:47:05.239943981 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:05.240026951 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:05.240407944 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:47:06.975990057 CET | 49719 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:47:06.976021051 CET | 443 | 49719 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:07.707081079 CET | 49707 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:47:07.707169056 CET | 49707 | 443 | 192.168.2.3 | 104.98.116.138 |
Mar 26, 2024 13:47:07.861890078 CET | 443 | 49707 | 104.98.116.138 | 192.168.2.3 |
Mar 26, 2024 13:47:07.861907959 CET | 443 | 49707 | 104.98.116.138 | 192.168.2.3 |
Mar 26, 2024 13:47:24.940804005 CET | 80 | 49717 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:47:24.940921068 CET | 49717 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:47:38.950655937 CET | 49717 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:47:39.062786102 CET | 80 | 49717 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:47:40.517710924 CET | 49708 | 80 | 192.168.2.3 | 72.21.81.240 |
Mar 26, 2024 13:47:40.611701012 CET | 80 | 49708 | 72.21.81.240 | 192.168.2.3 |
Mar 26, 2024 13:47:40.611763954 CET | 49708 | 80 | 192.168.2.3 | 72.21.81.240 |
Mar 26, 2024 13:47:54.963489056 CET | 49717 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:47:54.964163065 CET | 49726 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:47:54.964209080 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:54.964339018 CET | 49726 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:47:54.965830088 CET | 49726 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:47:54.965854883 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:55.073947906 CET | 80 | 49717 | 69.49.230.198 | 192.168.2.3 |
Mar 26, 2024 13:47:55.074027061 CET | 49717 | 80 | 192.168.2.3 | 69.49.230.198 |
Mar 26, 2024 13:47:55.184376955 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:55.192612886 CET | 49726 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:47:55.192629099 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:55.192967892 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:55.194685936 CET | 49726 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:47:55.194737911 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:47:55.248059988 CET | 49726 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:48:05.181898117 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:48:05.181968927 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Mar 26, 2024 13:48:05.182329893 CET | 49726 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:48:06.970690966 CET | 49726 | 443 | 192.168.2.3 | 172.253.62.106 |
Mar 26, 2024 13:48:06.970714092 CET | 443 | 49726 | 172.253.62.106 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2024 13:46:50.615053892 CET | 53 | 51054 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:46:50.658087969 CET | 53 | 53355 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:46:51.317475080 CET | 53 | 55286 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:46:52.378284931 CET | 65110 | 53 | 192.168.2.3 | 1.1.1.1 |
Mar 26, 2024 13:46:52.378492117 CET | 52651 | 53 | 192.168.2.3 | 1.1.1.1 |
Mar 26, 2024 13:46:53.389611959 CET | 49751 | 53 | 192.168.2.3 | 1.1.1.1 |
Mar 26, 2024 13:46:53.390019894 CET | 53479 | 53 | 192.168.2.3 | 1.1.1.1 |
Mar 26, 2024 13:46:53.825910091 CET | 53 | 65110 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:46:53.827136040 CET | 53 | 52651 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:46:54.572613955 CET | 53 | 53479 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:46:54.790155888 CET | 53 | 49751 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:46:54.916364908 CET | 52929 | 53 | 192.168.2.3 | 1.1.1.1 |
Mar 26, 2024 13:46:54.916809082 CET | 51386 | 53 | 192.168.2.3 | 1.1.1.1 |
Mar 26, 2024 13:46:55.011517048 CET | 53 | 52929 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:46:55.012058973 CET | 53 | 51386 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:47:09.125442028 CET | 53 | 60091 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:47:29.217211008 CET | 53 | 58871 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:47:48.521147966 CET | 138 | 138 | 192.168.2.3 | 192.168.2.255 |
Mar 26, 2024 13:47:50.433757067 CET | 53 | 64652 | 1.1.1.1 | 192.168.2.3 |
Mar 26, 2024 13:47:53.423945904 CET | 53 | 62436 | 1.1.1.1 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 26, 2024 13:46:54.572695971 CET | 192.168.2.3 | 1.1.1.1 | c235 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 26, 2024 13:46:52.378284931 CET | 192.168.2.3 | 1.1.1.1 | 0x495d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 26, 2024 13:46:52.378492117 CET | 192.168.2.3 | 1.1.1.1 | 0xaa6b | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 26, 2024 13:46:53.389611959 CET | 192.168.2.3 | 1.1.1.1 | 0xa1fe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 26, 2024 13:46:53.390019894 CET | 192.168.2.3 | 1.1.1.1 | 0x208b | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 26, 2024 13:46:54.916364908 CET | 192.168.2.3 | 1.1.1.1 | 0xaeea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 26, 2024 13:46:54.916809082 CET | 192.168.2.3 | 1.1.1.1 | 0x2f7d | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 26, 2024 13:46:53.825910091 CET | 1.1.1.1 | 192.168.2.3 | 0x495d | No error (0) | 69.49.230.198 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 13:46:54.790155888 CET | 1.1.1.1 | 192.168.2.3 | 0xa1fe | No error (0) | 69.49.230.198 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 13:46:55.011517048 CET | 1.1.1.1 | 192.168.2.3 | 0xaeea | No error (0) | 172.253.62.106 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 13:46:55.011517048 CET | 1.1.1.1 | 192.168.2.3 | 0xaeea | No error (0) | 172.253.62.105 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 13:46:55.011517048 CET | 1.1.1.1 | 192.168.2.3 | 0xaeea | No error (0) | 172.253.62.99 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 13:46:55.011517048 CET | 1.1.1.1 | 192.168.2.3 | 0xaeea | No error (0) | 172.253.62.147 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 13:46:55.011517048 CET | 1.1.1.1 | 192.168.2.3 | 0xaeea | No error (0) | 172.253.62.104 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 13:46:55.011517048 CET | 1.1.1.1 | 192.168.2.3 | 0xaeea | No error (0) | 172.253.62.103 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 13:46:55.012058973 CET | 1.1.1.1 | 192.168.2.3 | 0x2f7d | No error (0) | 65 | IN (0x0001) | false | |||
Mar 26, 2024 13:47:06.375319958 CET | 1.1.1.1 | 192.168.2.3 | 0xf4ee | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 26, 2024 13:47:06.375319958 CET | 1.1.1.1 | 192.168.2.3 | 0xf4ee | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.3 | 49716 | 69.49.230.198 | 80 | 5720 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 26, 2024 13:46:53.940349102 CET | 434 | OUT | |
Mar 26, 2024 13:46:54.051178932 CET | 248 | IN | |
Mar 26, 2024 13:46:54.181761980 CET | 382 | OUT | |
Mar 26, 2024 13:46:54.292471886 CET | 515 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.3 | 49717 | 69.49.230.198 | 80 | 5720 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 26, 2024 13:47:38.950655937 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.3 | 49720 | 23.221.242.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 12:46:56 UTC | 161 | OUT | |
2024-03-26 12:46:56 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.3 | 49721 | 23.221.242.90 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 12:46:56 UTC | 239 | OUT | |
2024-03-26 12:46:57 UTC | 774 | IN | |
2024-03-26 12:46:57 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 2 |
Start time: | 13:46:44 |
Start date: | 26/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c89f0000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 13:46:47 |
Start date: | 26/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c89f0000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 5 |
Start time: | 13:46:49 |
Start date: | 26/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c89f0000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |