Windows
Analysis Report
http://url3262.oprgfinancialfr.com/wf/open?upn=u001.SLPpMeL7uMd5sO40Mlg8zTgUMWEe-2FkyBqjjfVYFFBvNkxOVn4Nb0JW4rkl1HdCEMIizdC6ipQTvI0Wy01Uw7axHTuka4IWxQ6W45EMek9U49uo-2BX1y4HMrxdgLlTiuEpR8lPCQxXYtIdmi4xSG1dQS6WURX1Qu4xXBnBj2eNYiawniNXmZTpo4mHJsWQj-2FK-2B53GNYOuzLTWaqHVkQ-2BmI9W3-2BI-2B5z-2BkUW8MsZKL56
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5996 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 4464 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1948 --fi eld-trial- handle=188 0,i,542332 1461586850 232,146294 1272735174 2325,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 5780 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://url326 2.oprgfina ncialfr.co m/wf/open? upn=u001.S LPpMeL7uMd 5sO40Mlg8z TgUMWEe-2F kyBqjjfVYF FBvNkxOVn4 Nb0JW4rkl1 HdCEMIizdC 6ipQTvI0Wy 01Uw7axHTu ka4IWxQ6W4 5EMek9U49u o-2BX1y4HM rxdgLlTiuE pR8lPCQxXY tIdmi4xSG1 dQS6WURX1Q u4xXBnBj2e NYiawniNXm ZTpo4mHJsW Qj-2FK-2B5 3GNYOuzLTW aqHVkQ-2Bm I9W3-2BI-2 B5z-2BkUW8 MsZKL560xb Tst98JEjgC PbmUuz0-2B vz6ap2g5bz -2FRCA0qJ4 LxKRjTfj6a tSREVQof-2 BlJZuuK3An 6rbMjXpIW1 -2F2N73Oo5 w-2F2qbLuQ FZa8cYZ-2F uXQ0KHJU-2 FuShB-2BWT H3azPunDo1 zgiQp-2F7d dHQHeC6jnA AzMMU-2FaV TgLiZ0-2BU Lw8qgsg9Pb QYK6ZY44IG bMFD2Ff-2F laS6a7D9nr SB2MomBZoK So9kx5RM4d L6K5PeEKKO Ehi9jZ6Dr7 -2FOcyQM8s BIj-2FnQ6Z zV5u9rT5ox bavhsqpmpR 67cHV2dFO- 2BccbeSach LLMVCZPeY7 VdjSmptTnx 7w6zLVL9Pm YNYVwhwhIG ol1VVQild- 2B1xxt0ZUa cRsomZ60Ib -2FtRy8-2B GDAOKMH7IX Fh8PpauB3K f5OrrmLh1J ihFsk2ehWz PmHZ9ocsL0 3WcDWsIkmH sb50BN7Vsh 691VXfd7uO uiP8yr-2Fy T7awA495Ys pV2BQ3fEik pAr56vTJm4 GqVThcEBJ1 JpWtIeDMWH UcHdn0sonI qD1fqG3DpY LwsOjsdtAM eE0k02jeMO gd2Hj-2B95 yKw4-2B5NK AS0kIk8aFi vskRL5DyQs F8SkI-2Fv1 QtnHttOTiy K6emJC2JLC JHW7NBZ-2F 0GSzq0SusK QgxgftdtqA UTvi3y1aZk 6LorB9kUUR ps-2Fe0RX" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sendgrid.net | 167.89.115.150 | true | false | unknown | |
www.google.com | 142.250.185.164 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
56.126.166.20.in-addr.arpa | unknown | unknown | false | unknown | |
url3262.oprgfinancialfr.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.68 | unknown | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
167.89.115.150 | sendgrid.net | United States | 11377 | SENDGRIDUS | false |
IP |
---|
192.168.2.6 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1445898 |
Start date and time: | 2024-05-22 18:19:28 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://url3262.oprgfinancialfr.com/wf/open?upn=u001.SLPpMeL7uMd5sO40Mlg8zTgUMWEe-2FkyBqjjfVYFFBvNkxOVn4Nb0JW4rkl1HdCEMIizdC6ipQTvI0Wy01Uw7axHTuka4IWxQ6W45EMek9U49uo-2BX1y4HMrxdgLlTiuEpR8lPCQxXYtIdmi4xSG1dQS6WURX1Qu4xXBnBj2eNYiawniNXmZTpo4mHJsWQj-2FK-2B53GNYOuzLTWaqHVkQ-2BmI9W3-2BI-2B5z-2BkUW8MsZKL560xbTst98JEjgCPbmUuz0-2Bvz6ap2g5bz-2FRCA0qJ4LxKRjTfj6atSREVQof-2BlJZuuK3An6rbMjXpIW1-2F2N73Oo5w-2F2qbLuQFZa8cYZ-2FuXQ0KHJU-2FuShB-2BWTH3azPunDo1zgiQp-2F7ddHQHeC6jnAAzMMU-2FaVTgLiZ0-2BULw8qgsg9PbQYK6ZY44IGbMFD2Ff-2FlaS6a7D9nrSB2MomBZoKSo9kx5RM4dL6K5PeEKKOEhi9jZ6Dr7-2FOcyQM8sBIj-2FnQ6ZzV5u9rT5oxbavhsqpmpR67cHV2dFO-2BccbeSachLLMVCZPeY7VdjSmptTnx7w6zLVL9PmYNYVwhwhIGol1VVQild-2B1xxt0ZUacRsomZ60Ib-2FtRy8-2BGDAOKMH7IXFh8PpauB3Kf5OrrmLh1JihFsk2ehWzPmHZ9ocsL03WcDWsIkmHsb50BN7Vsh691VXfd7uOuiP8yr-2FyT7awA495YspV2BQ3fEikpAr56vTJm4GqVThcEBJ1JpWtIeDMWHUcHdn0sonIqD1fqG3DpYLwsOjsdtAMeE0k02jeMOgd2Hj-2B95yKw4-2B5NKAS0kIk8aFivskRL5DyQsF8SkI-2Fv1QtnHttOTiyK6emJC2JLCJHW7NBZ-2F0GSzq0SusKQgxgftdtqAUTvi3y1aZk6LorB9kUURps-2Fe0RX |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@16/8@6/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.184.238, 173.194.76.84, 34.104.35.123, 52.165.165.26, 2.16.100.168, 88.221.110.91, 192.229.221.95, 52.165.164.15, 13.85.23.206, 20.3.187.198, 20.242.39.171, 20.166.126.56, 20.12.23.50, 13.85.23.86, 40.68.123.157, 142.250.186.35
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://url3262.oprgfinancialfr.com/wf/open?upn=u001.SLPpMeL7uMd5sO40Mlg8zTgUMWEe-2FkyBqjjfVYFFBvNkxOVn4Nb0JW4rkl1HdCEMIizdC6ipQTvI0Wy01Uw7axHTuka4IWxQ6W45EMek9U49uo-2BX1y4HMrxdgLlTiuEpR8lPCQxXYtIdmi4xSG1dQS6WURX1Qu4xXBnBj2eNYiawniNXmZTpo4mHJsWQj-2FK-2B53GNYOuzLTWaqHVkQ-2BmI9W3-2BI-2B5z-2BkUW8MsZKL560xbTst98JEjgCPbmUuz0-2Bvz6ap2g5bz-2FRCA0qJ4LxKRjTfj6atSREVQof-2BlJZuuK3An6rbMjXpIW1-2F2N73Oo5w-2F2qbLuQFZa8cYZ-2FuXQ0KHJU-2FuShB-2BWTH3azPunDo1zgiQp-2F7ddHQHeC6jnAAzMMU-2FaVTgLiZ0-2BULw8qgsg9PbQYK6ZY44IGbMFD2Ff-2FlaS6a7D9nrSB2MomBZoKSo9kx5RM4dL6K5PeEKKOEhi9jZ6Dr7-2FOcyQM8sBIj-2FnQ6ZzV5u9rT5oxbavhsqpmpR67cHV2dFO-2BccbeSachLLMVCZPeY7VdjSmptTnx7w6zLVL9PmYNYVwhwhIGol1VVQild-2B1xxt0ZUacRsomZ60Ib-2FtRy8-2BGDAOKMH7IXFh8PpauB3Kf5OrrmLh1JihFsk2ehWzPmHZ9ocsL03WcDWsIkmHsb50BN7Vsh691VXfd7uOuiP8yr-2FyT7awA495YspV2BQ3fEikpAr56vTJm4GqVThcEBJ1JpWtIeDMWHUcHdn0sonIqD1fqG3DpYLwsOjsdtAMeE0k02jeMOgd2Hj-2B95yKw4-2B5NKAS0kIk8aFivskRL5DyQsF8SkI-2Fv1QtnHttOTiyK6emJC2JLCJHW7NBZ-2F0GSzq0SusKQgxgftdtqAUTvi3y1aZk6LorB9k
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.983579333240803 |
Encrypted: | false |
SSDEEP: | 48:85drjTnrvfHUidAKZdA19ehwiZUklqehYy+3:8XjXvaHy |
MD5: | 42DE72DC940EAE6296EE17A436CDA56D |
SHA1: | C2000796B380F7257C086E08E189F42EE87C5801 |
SHA-256: | 18CC480141671BC1E00E7FA249AAAE9598AD2B69AD7CDF667C5B0695C7747AB8 |
SHA-512: | E26489EC5F2488CB90F54602521766EDBC1B28F216E7B6128AC00447235E185F0C4E993D18250A6F6E1BC067A2071DDB0FDA37559CA506B9DDABF7233704F48E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.995396144798576 |
Encrypted: | false |
SSDEEP: | 48:8fdrjTnrvfHUidAKZdA1weh/iZUkAQkqeh3y+2:8ZjXvw9QWy |
MD5: | E2EBF7586940D03C91B2318577A06D19 |
SHA1: | 6D7E1DAE725AC7BE174708B3B140A579C14A8648 |
SHA-256: | A86558097150C87E524186941B3308DF9D5414400B84251E93E439B6125E1505 |
SHA-512: | F40509AB6ABE7438F6C99D24F6152679303B82B466FA5962AAD9A610CA33381E0546D045296B305EBA67F75C85FCD643BFCFF31CDCF0BEFD438B16CC876F3AB7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.00898771288174 |
Encrypted: | false |
SSDEEP: | 48:8xEdrjTnrsHUidAKZdA14tseh7sFiZUkmgqeh7s1y+BX:8xQjX1nDy |
MD5: | 2B59F005D37858E2E1EC14BDA457CAAC |
SHA1: | 3DC46B2F93E89081B0FD800234ED76E00E168740 |
SHA-256: | 7B9A74F4CA340803EABC6AAB6B548E3A1ECE1EB349A8FE47E6CADE378444E419 |
SHA-512: | 5BB5C7356887AEB2DC268AA7D6691FAFCAF7C695037451B3710C469E996FDC85F45853D66F345C49236CC1B221291C794C80F1292317BC6DCD927878B37F7DD7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.997441429584973 |
Encrypted: | false |
SSDEEP: | 48:8VdrjTnrvfHUidAKZdA1vehDiZUkwqeh7y+R:8jjXvbNy |
MD5: | FAD1D30AED83878C2FB32220F9D7E710 |
SHA1: | E2A4369F6BC6D6EC5ADEF02725394148639C6F37 |
SHA-256: | C3E2959625F37B25F71659BA3BEEC2051E2DD7FE8FF2EB433A4C171CEC044B2D |
SHA-512: | 1C69865F3ECE352C624A75F110EEE071A7A183A315DB705EFD13C50D010792EBB45404294B2D0732B0EA4207101CD0621592CCE5E60631D0FEC16518D17142F1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9843020791475183 |
Encrypted: | false |
SSDEEP: | 48:8jdrjTnrvfHUidAKZdA1hehBiZUk1W1qehxy+C:89jXv79Ry |
MD5: | 6BAA074B680F89070EBAE00071BD6AE0 |
SHA1: | C40FAB69A2846D0248A606B7C8AFF9697951AFD9 |
SHA-256: | 7AC244F4F2123D908632046F768674D4BC614BCD9B0F7D3497B157B75E1393E0 |
SHA-512: | 41174D713C8CBE2C50BAFAFA611E3D2E2E2E7567ACE998C77F4499D2EE70792D1B5B106BFC9878631A1DB8FF0B9DF8E7B82195B2AFFBAE0AC14ADDA63EDC201C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.994929537913621 |
Encrypted: | false |
SSDEEP: | 48:8UdrjTnrvfHUidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbDy+yT+:8AjXvbT/TbxWOvTbDy7T |
MD5: | 5A081BE2187706B90BF396A8877CE0AB |
SHA1: | 0FB0DF062AD6A605A591748F47AB39C0A4B09A0D |
SHA-256: | 2C3483DAAABF15915B0398EC0AB4ACB9243A018A91F44AF2AEA996625EB88151 |
SHA-512: | 1847086270D6690CF5317285A59C7AAE9FBFDB1AD92558503119852F689E330DBF59CF4B27858CCD3A835AD5248058A44523A28A823CBEF40A8E790F33205B34 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 564 |
Entropy (8bit): | 4.72971822420855 |
Encrypted: | false |
SSDEEP: | 12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc |
MD5: | 8E325DC2FEA7C8900FC6C4B8C6C394FE |
SHA1: | 1B3291D4EEA179C84145B2814CB53E6A506EC201 |
SHA-256: | 0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2 |
SHA-512: | 084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14 |
Malicious: | false |
Reputation: | low |
URL: | http://url3262.oprgfinancialfr.com/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 18:20:11.785465002 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:20:11.785465002 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:20:11.898528099 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:20:18.819761038 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:20:18.820105076 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:20:18.851236105 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:20:18.851274014 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:20:18.851341963 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:20:18.851385117 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:20:18.851674080 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:20:18.860778093 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:20:18.865508080 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:20:19.330595016 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:20:19.377624035 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:20:19.383573055 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:20:19.435743093 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:20:19.435777903 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:20:19.490603924 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:20:19.535505056 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:20:20.332079887 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:20.332149982 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:20.332412004 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:20.332412958 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:20.332545996 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:20.983248949 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:20.983851910 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:20.983887911 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:20.984750032 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:20.984822989 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:20.986859083 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:20.986922026 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:21.033438921 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:21.033472061 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:21.080328941 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:21.392705917 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:20:21.392705917 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:20:21.500941992 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:20:22.388758898 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:22.388839006 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:22.389084101 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:22.391275883 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:22.391354084 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.071528912 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.071616888 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.074930906 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.074958086 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.075198889 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.107567072 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.150517941 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.258302927 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 22, 2024 18:20:23.258471012 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 22, 2024 18:20:23.380255938 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.380312920 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.380462885 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.380881071 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.380881071 CEST | 49714 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.380944014 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.380980015 CEST | 443 | 49714 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.434973001 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.435051918 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:23.435154915 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.435893059 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:23.435971022 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:24.124495983 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:24.124577999 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:24.125838995 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:24.125865936 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:24.126099110 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:24.127300978 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:24.170516014 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:24.471148014 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:24.471198082 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:24.471261978 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:24.472158909 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:24.472160101 CEST | 49715 | 443 | 192.168.2.5 | 2.18.97.153 |
May 22, 2024 18:20:24.472223043 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:24.472258091 CEST | 443 | 49715 | 2.18.97.153 | 192.168.2.5 |
May 22, 2024 18:20:31.103529930 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:31.103668928 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:31.103777885 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:31.824868917 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.164 |
May 22, 2024 18:20:31.824944019 CEST | 443 | 49713 | 142.250.185.164 | 192.168.2.5 |
May 22, 2024 18:20:35.734091997 CEST | 52471 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:35.788577080 CEST | 53 | 52471 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:35.788804054 CEST | 52471 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:35.788805008 CEST | 52471 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:35.798260927 CEST | 53 | 52471 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:36.266654968 CEST | 53 | 52471 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:36.267486095 CEST | 52471 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:36.273003101 CEST | 53 | 52471 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:36.273175955 CEST | 52471 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:50.292669058 CEST | 55017 | 53 | 192.168.2.5 | 162.159.36.2 |
May 22, 2024 18:20:50.301218033 CEST | 53 | 55017 | 162.159.36.2 | 192.168.2.5 |
May 22, 2024 18:20:50.301284075 CEST | 55017 | 53 | 192.168.2.5 | 162.159.36.2 |
May 22, 2024 18:20:50.301490068 CEST | 55017 | 53 | 192.168.2.5 | 162.159.36.2 |
May 22, 2024 18:20:50.358093023 CEST | 53 | 55017 | 162.159.36.2 | 192.168.2.5 |
May 22, 2024 18:20:50.755891085 CEST | 53 | 55017 | 162.159.36.2 | 192.168.2.5 |
May 22, 2024 18:20:50.762742996 CEST | 55017 | 53 | 192.168.2.5 | 162.159.36.2 |
May 22, 2024 18:20:50.768101931 CEST | 53 | 55017 | 162.159.36.2 | 192.168.2.5 |
May 22, 2024 18:20:50.768313885 CEST | 55017 | 53 | 192.168.2.5 | 162.159.36.2 |
May 22, 2024 18:21:03.862654924 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:21:03.867664099 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:21:04.502657890 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:21:04.507783890 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:21:19.230727911 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:21:19.230885029 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:21:19.732379913 CEST | 49709 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:21:19.737669945 CEST | 80 | 49709 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:21:20.386337042 CEST | 55023 | 443 | 192.168.2.5 | 142.250.185.68 |
May 22, 2024 18:21:20.386379957 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
May 22, 2024 18:21:20.386439085 CEST | 55023 | 443 | 192.168.2.5 | 142.250.185.68 |
May 22, 2024 18:21:20.386665106 CEST | 55023 | 443 | 192.168.2.5 | 142.250.185.68 |
May 22, 2024 18:21:20.386677980 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
May 22, 2024 18:21:21.023997068 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
May 22, 2024 18:21:21.024739981 CEST | 55023 | 443 | 192.168.2.5 | 142.250.185.68 |
May 22, 2024 18:21:21.024768114 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
May 22, 2024 18:21:21.025230885 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
May 22, 2024 18:21:21.027475119 CEST | 55023 | 443 | 192.168.2.5 | 142.250.185.68 |
May 22, 2024 18:21:21.027568102 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
May 22, 2024 18:21:21.079663038 CEST | 55023 | 443 | 192.168.2.5 | 142.250.185.68 |
May 22, 2024 18:21:24.498842955 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:21:24.498919964 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:21:25.726175070 CEST | 49710 | 80 | 192.168.2.5 | 167.89.115.150 |
May 22, 2024 18:21:25.731370926 CEST | 80 | 49710 | 167.89.115.150 | 192.168.2.5 |
May 22, 2024 18:21:30.921905994 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
May 22, 2024 18:21:30.922068119 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
May 22, 2024 18:21:30.922616959 CEST | 55023 | 443 | 192.168.2.5 | 142.250.185.68 |
May 22, 2024 18:21:31.977296114 CEST | 55023 | 443 | 192.168.2.5 | 142.250.185.68 |
May 22, 2024 18:21:31.977325916 CEST | 443 | 55023 | 142.250.185.68 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 18:20:17.625309944 CEST | 53 | 59508 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:17.625422001 CEST | 53 | 49350 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:18.759069920 CEST | 59919 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:18.759238958 CEST | 59902 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:18.801332951 CEST | 53 | 59919 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:18.856049061 CEST | 53 | 59902 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:19.036125898 CEST | 53 | 55407 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:20.315170050 CEST | 61355 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:20.315264940 CEST | 50783 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:20.324449062 CEST | 53 | 61355 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:20.331324100 CEST | 53 | 50783 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:35.733494997 CEST | 53 | 62715 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:35.980624914 CEST | 53 | 56031 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:20:50.291646004 CEST | 53 | 51684 | 162.159.36.2 | 192.168.2.5 |
May 22, 2024 18:20:50.762770891 CEST | 60299 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:20:50.815813065 CEST | 53 | 60299 | 1.1.1.1 | 192.168.2.5 |
May 22, 2024 18:21:20.377769947 CEST | 64125 | 53 | 192.168.2.5 | 1.1.1.1 |
May 22, 2024 18:21:20.385251045 CEST | 53 | 64125 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 22, 2024 18:20:18.856120110 CEST | 192.168.2.5 | 1.1.1.1 | c245 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 22, 2024 18:20:18.759069920 CEST | 192.168.2.5 | 1.1.1.1 | 0x6a39 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 18:20:18.759238958 CEST | 192.168.2.5 | 1.1.1.1 | 0x4b99 | Standard query (0) | 65 | IN (0x0001) | false | |
May 22, 2024 18:20:20.315170050 CEST | 192.168.2.5 | 1.1.1.1 | 0x3cdf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 18:20:20.315264940 CEST | 192.168.2.5 | 1.1.1.1 | 0xc419 | Standard query (0) | 65 | IN (0x0001) | false | |
May 22, 2024 18:20:50.762770891 CEST | 192.168.2.5 | 1.1.1.1 | 0x1a89 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
May 22, 2024 18:21:20.377769947 CEST | 192.168.2.5 | 1.1.1.1 | 0x9535 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 22, 2024 18:20:18.801332951 CEST | 1.1.1.1 | 192.168.2.5 | 0x6a39 | No error (0) | sendgrid.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 18:20:18.801332951 CEST | 1.1.1.1 | 192.168.2.5 | 0x6a39 | No error (0) | 167.89.115.150 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:20:18.801332951 CEST | 1.1.1.1 | 192.168.2.5 | 0x6a39 | No error (0) | 167.89.115.120 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:20:18.801332951 CEST | 1.1.1.1 | 192.168.2.5 | 0x6a39 | No error (0) | 167.89.123.124 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:20:18.801332951 CEST | 1.1.1.1 | 192.168.2.5 | 0x6a39 | No error (0) | 167.89.123.204 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:20:18.801332951 CEST | 1.1.1.1 | 192.168.2.5 | 0x6a39 | No error (0) | 167.89.115.56 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:20:18.801332951 CEST | 1.1.1.1 | 192.168.2.5 | 0x6a39 | No error (0) | 167.89.123.54 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:20:18.856049061 CEST | 1.1.1.1 | 192.168.2.5 | 0x4b99 | No error (0) | sendgrid.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 18:20:20.324449062 CEST | 1.1.1.1 | 192.168.2.5 | 0x3cdf | No error (0) | 142.250.185.164 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:20:20.331324100 CEST | 1.1.1.1 | 192.168.2.5 | 0xc419 | No error (0) | 65 | IN (0x0001) | false | |||
May 22, 2024 18:20:33.483659029 CEST | 1.1.1.1 | 192.168.2.5 | 0x42f8 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 18:20:33.483659029 CEST | 1.1.1.1 | 192.168.2.5 | 0x42f8 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 18:20:50.815813065 CEST | 1.1.1.1 | 192.168.2.5 | 0x1a89 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
May 22, 2024 18:21:20.385251045 CEST | 1.1.1.1 | 192.168.2.5 | 0x9535 | No error (0) | 142.250.185.68 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49710 | 167.89.115.150 | 80 | 4464 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 22, 2024 18:20:18.851674080 CEST | 1419 | OUT | |
May 22, 2024 18:20:19.330595016 CEST | 335 | IN | |
May 22, 2024 18:20:19.383573055 CEST | 1375 | OUT | |
May 22, 2024 18:20:19.490603924 CEST | 712 | IN | |
May 22, 2024 18:21:04.502657890 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49709 | 167.89.115.150 | 80 | 4464 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 22, 2024 18:21:03.862654924 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 2.18.97.153 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 16:20:23 UTC | 161 | OUT | |
2024-05-22 16:20:23 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49715 | 2.18.97.153 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 16:20:24 UTC | 239 | OUT | |
2024-05-22 16:20:24 UTC | 534 | IN | |
2024-05-22 16:20:24 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 12:20:12 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 12:20:14 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 12:20:18 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |