Windows
Analysis Report
http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU9
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 2000 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 2940 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2380 --fi eld-trial- handle=219 2,i,251654 2292744883 314,145537 5107034360 0966,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 5052 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://url326 2.oprgfina ncialfr.co m/ls/click ?upn=u001. Py-2FcVSQn dQw6RxCcuX KZAkIbpg7v eTyaATDA9W yQ-2BdfnQO lJCAtyxyM2 LttobGTTRE Aa6DvWt93a w7r4mI6XcQ -3D-3DTVLG _EGP3Au5Nd 4wfZMjv-2F VYS-2BosKP TjHXLlZHo7 VlqcFpGwrG YOCSKztVMy sWQjzbar-2 FW1ZxqaQBw pOnANmz2l7 JQKHQNGYc1 yVpGOUUIOh LNVhBMqy8- 2Fd4EoLg7I vzeeyZw-2F UdwXjU94n8 -2FTf0-2FF o33LjLQaii hW9sQ3an1F gOeUjqrZz8 iiGEsS6BVY N84-2FmGbN tr1ZzP40rS q7xxOIoo1V ngJcAQlyKX VIrnsbnHbp vaWrSKP0jV oim9e3R9Pn SfJSfbZfL0 2CYHvU0L1e bgTrAYuW8N sfK8a3G-2F x9drvUNNk1 IYefkGAgTM R5ua2V6bl- 2FkqyESUn1 byM70hrAq5 PFfoTUMiCC Wa5-2FLl4X AuHhjNR4wu m-2BrSftAe zak8Lq2oLi RHsjT7RQDx TH14wtM-2B 9R7iUOm-2B kcyy8LPYro W7SXfNcBmf Oph2Zvc4Q5 ftrDt7pZjh -2BQChohaW S6mT3P8xYH tIqkH1gx1Z FF9mWSa-2B -2Bf5jnWT6 9wrfUgcqKm N3qZ0VKezS A-2F-2FJSs r9gQl4k5zy l4g4yoesf3 GXM4oeMP0h 9cVXyHUP-2 Fl5RIkXdB8 d82yNNHWce JuJWHGGkwm nhn0Pdu8tL hXeF4AJnwk 7IdCNgRFEK P3qHo285Dp Hw3gtIASMR v8wdwDh4-2 FuqeGddAIR -2B8nT6KgU sddU-2Ba-2 FNkqAiYW-2 FGwQEYWEKj r0gnp6kI1d 0vIBgS1cs7 aXXaDXWr4m aA25bPLzQQ xxoj04UjQU ZXM4n3nfE2 AmrBHYhZBS ATFkaXuJRv PVO5ugje2F NLeI-2BbGA XKEvt9kgSO PazAt2u5-2 FbEBDjppVO No6611YUN8 vFYIohCKNX MkHyIHKNMq kkXjxcqF3x BphbVw7wDc ATGRIdNZJY -3D" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sendgrid.net | 167.89.115.150 | true | false | unknown | |
www.google.com | 216.58.206.36 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
url3262.oprgfinancialfr.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
167.89.115.150 | sendgrid.net | United States | 11377 | SENDGRIDUS | false | |
216.58.206.36 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1445893 |
Start date and time: | 2024-05-22 18:03:17 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@21/10@4/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.185.238, 173.194.76.84, 34.104.35.123, 40.127.169.103, 173.222.108.210, 173.222.108.226, 192.229.221.95, 52.165.164.15, 20.166.126.56, 142.250.184.195, 131.107.255.255
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, dns.msftncsi.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9k
Input | Output |
---|---|
URL: http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yV Model: Perplexity: mixtral-8x7b-instruct | { "loginform": false, "reasons": [ "The provided text does not contain a login form.", "The text indicates that the link has been disabled.", "There are no form elements or input fields present in the text." ] } |
Link Disabled You have clicked on a disabled link |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9851967913146793 |
Encrypted: | false |
SSDEEP: | 48:8gdKT2KXHFidAKZdA19ehwiZUklqehsJy+3:8FrHBJy |
MD5: | 75FD4CC0A511812E0139E8F693F10D58 |
SHA1: | 5BDDA53D4446709BBE1D29A120BEF6BE70F03416 |
SHA-256: | F12A2C5DB60DD796898CE14C85E0445D1FF9B0ECED11F2B7B235BC045E1B6174 |
SHA-512: | 4994B0A0CCDF618E5045A2CA5803D81AE2E172A0E097819F554CFC5AA5461B7D815C6B2FC6FF34833DE356DBAF0FB96EB2D7BD23815224540362A795F1CC972B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9989927558005167 |
Encrypted: | false |
SSDEEP: | 48:83dKT2KXHFidAKZdA1weh/iZUkAQkqehxJy+2:8Yrt9Q+Jy |
MD5: | FA5D58F6CCB03C4326E880FBDAE90C33 |
SHA1: | C3C99B777A4D745EEA864D1CB86A7A65AA8FA4C5 |
SHA-256: | 90831865ADB8ED2B7EF72B4BC25582CCAB142D4CB6550CE5A28A19E70939AC12 |
SHA-512: | BD430A114D1441D5A649EC65F48C7866C64DB7913C24E756E35CD2C0533B574FF64E3C6A2AF035BE8BC173564C3951A31449004B1541DE3FE34BBD1CC6092976 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.01013057830245 |
Encrypted: | false |
SSDEEP: | 48:8x7dKT2KsHFidAKZdA14tseh7sFiZUkmgqeh7srJy+BX:8x0rIndJy |
MD5: | F2C6F069128A89402A073DB0867F13C9 |
SHA1: | 4944217B6CF69E67F3B4011421BB997A452105B8 |
SHA-256: | 201AC6A2071FB7C82CF0401C3102A0C57B430DC594BD882BE88F5482EFC1F114 |
SHA-512: | BD5204C5A0415BAC1AE2A2A3D8AAAF058772AE8EF9ABE23A067DDC42588E68613DD83BE5EC4CFD9CCC734AECE91F94FF880B14489C09FC538F75C824687596C9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9974960732005718 |
Encrypted: | false |
SSDEEP: | 48:8GdKT2KXHFidAKZdA1vehDiZUkwqeh1Jy+R:8/rOjJy |
MD5: | DFED0101CA01A14934A01E0B3DDEB34C |
SHA1: | F6EC5DAB52094B2F016A9636F94BEDEF3A3C001A |
SHA-256: | 89FEE6F2395AFF8F0D6BC599904B4E87A5A6231CF11E50B5A08AA06C6CAEDFBC |
SHA-512: | FF15317A630ED74A7D8B4CD74285D2D4EA5020A3F836E03CE346486D703A2125E6BA266A421A57B2EC2EAD77E3F5D5E5AC932B3DCC1E44D7C4B457A03BDB6D00 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.986235460175037 |
Encrypted: | false |
SSDEEP: | 48:8S7dKT2KXHFidAKZdA1hehBiZUk1W1qehnJy+C:8S0r+9HJy |
MD5: | 50AF33DCBB2CEAB7DF53FA5DD9540CB1 |
SHA1: | 5B76867F8EC8A4F82923CA007DB2D1C66FC2DB81 |
SHA-256: | 66E47BA9503FC17152887C5CF847FE87F65084F30891CBBD80629307157A979F |
SHA-512: | B118D1530B65A211D64B5AA97C3544F7B7030055A89A02B38EC6CA9F52EE85376F0954D19C203E6C58E2307F2AD7319E1EC0667A70BA30458EF4B59FC8ECA7C8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9965666838763316 |
Encrypted: | false |
SSDEEP: | 48:8EdKT2KXHFidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbdJy+yT+:8RrgT/TbxWOvTbdJy7T |
MD5: | 095EC82AAF2F713A3C82BEE573EFDD69 |
SHA1: | 0576AA5586E9319A4B1FE1C1F0A24A7703383032 |
SHA-256: | 4ADCEB905051786C433477159E07C5CC24A6AAAAC4447FAD5B8F264476D077CA |
SHA-512: | 72FDE92B7AED47D4FF8ECA1354655A7C965E863531E4E816023F53F98BBCDFC3FB8713EF0F02F7C3406F670EE5D8A090871346933D58BFFD5C3B7D0DE8A38B8D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 132 |
Entropy (8bit): | 4.401640733272911 |
Encrypted: | false |
SSDEEP: | 3:qVZxgRONMuyRQ1XbZ6iMi6byNCELFZhZkwxEQpIVLZPHj:qzxUQgCX96+PhxppIV1D |
MD5: | 310E794861855F03DACD1A6BD12A5D26 |
SHA1: | 7B1E76A469D9B35349C242A1C7EB5FE5E1F8AA92 |
SHA-256: | 6F25D08A0DA028A31DB3CB3FD36FC6AA36ED01BF44058520DC8689763A1B0F6A |
SHA-512: | 3CEE575EF31C8ABE2E51EE6BD8281DD921776B89F347EDA63EAA2D74803ABDCA6A8FC13568B6278BCA0C2DAAC75A7A5AF2E4E963A8CAB9FAF576AFDFC66BBC67 |
Malicious: | false |
Reputation: | low |
URL: | http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 564 |
Entropy (8bit): | 4.72971822420855 |
Encrypted: | false |
SSDEEP: | 12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc |
MD5: | 8E325DC2FEA7C8900FC6C4B8C6C394FE |
SHA1: | 1B3291D4EEA179C84145B2814CB53E6A506EC201 |
SHA-256: | 0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2 |
SHA-512: | 084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14 |
Malicious: | false |
Reputation: | low |
URL: | http://url3262.oprgfinancialfr.com/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 18:03:59.121793985 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:03:59.121793985 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:03:59.231163979 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:04:06.596956015 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:06.597469091 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:06.601952076 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:06.602040052 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:06.602269888 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:06.606832981 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:06.606909990 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:06.611845970 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:06.616580009 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:07.069447994 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:07.111222982 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:07.237474918 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:07.244189024 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:07.248964071 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:07.382822990 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:07.436908007 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:08.727513075 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:04:08.727513075 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:04:08.815448046 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:08.815496922 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:08.815565109 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:08.815912962 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:08.815924883 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:08.836890936 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:04:09.475410938 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:09.475997925 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:09.476025105 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:09.477031946 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:09.477139950 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:09.480603933 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:09.480681896 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:09.526031017 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:09.526057005 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:09.571341991 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:09.872394085 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:09.872478008 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:09.878253937 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:09.880770922 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:09.880810976 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:10.500307083 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 22, 2024 18:04:10.500401020 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:04:10.572129965 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:10.572213888 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:10.576142073 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:10.576154947 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:10.576548100 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:10.618220091 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:10.619558096 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:10.666496038 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:10.922955990 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:10.923028946 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:10.923085928 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:10.930404902 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:10.930433035 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:11.117512941 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:11.117558002 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:11.117835045 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:11.118855000 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:11.118870974 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:11.756047964 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:11.756131887 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:11.759968042 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:11.759989023 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:11.760248899 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:11.780953884 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:11.822527885 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:12.044079065 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:12.044130087 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:12.044323921 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:12.044966936 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:12.044966936 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:04:12.045010090 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:12.045039892 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:04:19.380403042 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:19.380465031 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:19.380533934 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:19.479947090 CEST | 49713 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:04:19.480017900 CEST | 443 | 49713 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:04:27.208947897 CEST | 53735 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:27.214601040 CEST | 53 | 53735 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:27.214682102 CEST | 53735 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:27.214729071 CEST | 53735 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:27.278311968 CEST | 53 | 53735 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:27.866667032 CEST | 53 | 53735 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:27.867305040 CEST | 53735 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:27.874118090 CEST | 53 | 53735 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:27.874926090 CEST | 53735 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:51.618587017 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:51.623744965 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:04:52.384327888 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:04:52.389374971 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:05:07.012196064 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:05:07.012279034 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:05:07.479495049 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:05:07.484469891 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:05:08.854465961 CEST | 53740 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:05:08.854557037 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:05:08.854640007 CEST | 53740 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:05:08.854882956 CEST | 53740 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:05:08.854912043 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:05:10.263629913 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:05:10.263967037 CEST | 53740 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:05:10.264036894 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:05:10.264383078 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:05:10.265103102 CEST | 53740 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:05:10.265166998 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:05:10.306106091 CEST | 53740 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:05:12.382412910 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:05:12.382517099 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:05:13.466872931 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:05:13.472395897 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:05:20.173408985 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:05:20.173568964 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
May 22, 2024 18:05:20.173645020 CEST | 53740 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:05:21.471492052 CEST | 53740 | 443 | 192.168.2.5 | 216.58.206.36 |
May 22, 2024 18:05:21.471529961 CEST | 443 | 53740 | 216.58.206.36 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 18:04:05.031303883 CEST | 53 | 54241 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:05.037698030 CEST | 53 | 56966 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:06.175091982 CEST | 53 | 63863 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:06.517626047 CEST | 51647 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:06.517795086 CEST | 55106 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:06.591578960 CEST | 53 | 55106 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:06.596363068 CEST | 53 | 51647 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:08.800533056 CEST | 63459 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:08.800895929 CEST | 58878 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:04:08.809412003 CEST | 53 | 63459 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:08.814097881 CEST | 53 | 58878 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:23.244564056 CEST | 53 | 64374 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:04:27.208465099 CEST | 53 | 64749 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:05:04.567385912 CEST | 53 | 63764 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 22, 2024 18:04:05.031461954 CEST | 192.168.2.5 | 1.1.1.1 | c22d | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 22, 2024 18:04:06.517626047 CEST | 192.168.2.5 | 1.1.1.1 | 0x3528 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 18:04:06.517795086 CEST | 192.168.2.5 | 1.1.1.1 | 0x3eeb | Standard query (0) | 65 | IN (0x0001) | false | |
May 22, 2024 18:04:08.800533056 CEST | 192.168.2.5 | 1.1.1.1 | 0xbea7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 18:04:08.800895929 CEST | 192.168.2.5 | 1.1.1.1 | 0x7bd9 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 22, 2024 18:04:06.591578960 CEST | 1.1.1.1 | 192.168.2.5 | 0x3eeb | No error (0) | sendgrid.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 18:04:06.596363068 CEST | 1.1.1.1 | 192.168.2.5 | 0x3528 | No error (0) | sendgrid.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 18:04:06.596363068 CEST | 1.1.1.1 | 192.168.2.5 | 0x3528 | No error (0) | 167.89.115.150 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:04:06.596363068 CEST | 1.1.1.1 | 192.168.2.5 | 0x3528 | No error (0) | 167.89.115.56 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:04:06.596363068 CEST | 1.1.1.1 | 192.168.2.5 | 0x3528 | No error (0) | 167.89.123.124 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:04:06.596363068 CEST | 1.1.1.1 | 192.168.2.5 | 0x3528 | No error (0) | 167.89.123.204 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:04:06.596363068 CEST | 1.1.1.1 | 192.168.2.5 | 0x3528 | No error (0) | 167.89.115.120 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:04:06.596363068 CEST | 1.1.1.1 | 192.168.2.5 | 0x3528 | No error (0) | 167.89.123.54 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:04:08.809412003 CEST | 1.1.1.1 | 192.168.2.5 | 0xbea7 | No error (0) | 216.58.206.36 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:04:08.814097881 CEST | 1.1.1.1 | 192.168.2.5 | 0x7bd9 | No error (0) | 65 | IN (0x0001) | false | |||
May 22, 2024 18:04:20.850100994 CEST | 1.1.1.1 | 192.168.2.5 | 0x7b2f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 18:04:20.850100994 CEST | 1.1.1.1 | 192.168.2.5 | 0x7b2f | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49709 | 167.89.115.150 | 80 | 2940 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 22, 2024 18:04:06.602269888 CEST | 1493 | OUT | |
May 22, 2024 18:04:07.069447994 CEST | 330 | IN | |
May 22, 2024 18:04:07.237474918 CEST | 1449 | OUT | |
May 22, 2024 18:04:07.382822990 CEST | 712 | IN | |
May 22, 2024 18:04:52.384327888 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49710 | 167.89.115.150 | 80 | 2940 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 22, 2024 18:04:51.618587017 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 2.18.97.153 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 16:04:10 UTC | 161 | OUT | |
2024-05-22 16:04:10 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49715 | 2.18.97.153 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 16:04:11 UTC | 239 | OUT | |
2024-05-22 16:04:12 UTC | 534 | IN | |
2024-05-22 16:04:12 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 12:04:00 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 12:04:03 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 12:04:05 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |