Windows
Analysis Report
http://d5074.top/
Overview
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 6496 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 3180 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2060 --fi eld-trial- handle=174 0,i,128632 1784998385 1515,15282 3249642565 00606,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 3872 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://d5074. top/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
19% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.250.147.139 | true | false | unknown | |
www.google.com | 216.58.206.68 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
d5074.top | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
216.58.206.68 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1447755 |
Start date and time: | 2024-05-27 00:47:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://d5074.top/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@19/6@17/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.184.227, 172.217.16.206, 74.125.71.84, 34.104.35.123, 184.28.90.27, 20.114.59.183, 2.19.126.137, 2.19.126.151, 192.229.221.95, 20.3.187.198, 13.85.23.206, 52.165.164.15
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.982964048152061 |
Encrypted: | false |
SSDEEP: | 48:8UdUTYIMH3idAKZdA19ehwiZUklqehAy+3:8/PY/y |
MD5: | CE81F4A14F7A177DF6AD1D1FD3DBD952 |
SHA1: | 99FE639EDECB1D04FFF76B2E4C736C70988ED569 |
SHA-256: | EADDA9639CAE7286D4B4CBFC8949D9B5DE99A8282C445AC498F10D20FE93E5CD |
SHA-512: | 5986918D94A5829FD208F6544F71F52700F457597B1E26F3935735C387E69647F6147CACBC018C12DE912A5B434F560829BC71918E0EA31D54DF1D6F06AD4735 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9982871650158227 |
Encrypted: | false |
SSDEEP: | 48:8udUTYIMH3idAKZdA1weh/iZUkAQkqehvy+2:8hPy9Q+y |
MD5: | CBC093069FC5EC0F6367DD0C5A56CD6E |
SHA1: | B939B3B1DBD3339AD7341FD8A9182D07A5C7D65E |
SHA-256: | D0D510897E7C2BD89D03EC384682E291B7BE4B82ACD4B091352471A41BC80E0B |
SHA-512: | 4B72B40874CA278714264121559E2AA07CF28A70750C6B3B505FB791CB512CD7D6E1BB6ADDB70D8881D048DFF54BBCA75C7F596F9C4107E597E780D58C0F493D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.008594419788154 |
Encrypted: | false |
SSDEEP: | 48:8xpdUTYIsH3idAKZdA14tseh7sFiZUkmgqeh7sVy+BX:8x4PanLy |
MD5: | A9BF506E11E7B21437018F0E2F52CC42 |
SHA1: | 786427F93F6437A1C0D90B2818C7DDCA8D1C7ECE |
SHA-256: | 8ED40A2009F48A2D171B294E15DAAA02C91A20ECA87ACECBF17F3764553FD618 |
SHA-512: | CCC0EA2447BA25E8C556DEAD5E800E469B9EC20EF5F64B74E1AABFE0128A0D71150A0B6A57E2E7768483A04F96771A543E2AD5BAB54E3128A6954C73F5F59F49 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.998093852713138 |
Encrypted: | false |
SSDEEP: | 48:8GdUTYIMH3idAKZdA1vehDiZUkwqehjy+R:8ZPZty |
MD5: | C6AFC3D3968DB17289B9E2AAD740B7B3 |
SHA1: | 196C64AD1CE91BC4834BA700FD5E1DDC78283B24 |
SHA-256: | 78D1DEEB407DB862C424BAAF96E246C7E81B428A174F4BA4786B46E1BAE86D50 |
SHA-512: | 4B05AA4B1C82E555DE08685CBD4FAA1A980376DC4582609FF66735FB102140AD9E6753C484B85B189F3998835E50607369B192DE9ED599AC2CCEFA8C56E5E0F4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.985917779071791 |
Encrypted: | false |
SSDEEP: | 48:8ndUTYIMH3idAKZdA1hehBiZUk1W1qehBy+C:8uPp9hy |
MD5: | 627A88372EF9934791CEDC9E7627918C |
SHA1: | F8EAEFFD1A0EB4DE5D29AC473E9A84B8979947EF |
SHA-256: | A533CC8C1C181C9A3DC9570A10C7DA1C6EE2A29CA269D2B2DF5D983E14140358 |
SHA-512: | A3E33AD2BA21465F9CC51FC63B6DE3603616F3202D7334B910CF8478F6821E4836B7BBE98ACBC779033545D3840DABCDFAA431D4BD3861B5E13BE78203A4C4CE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9980781911135437 |
Encrypted: | false |
SSDEEP: | 48:80dUTYIMH3idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbLy+yT+:8fP1T/TbxWOvTbLy7T |
MD5: | 7376FA9527D6C7CC6537BC5FDFC40367 |
SHA1: | 6FBC97BF45C4EDC4FCAA39717A6325D1A9309D83 |
SHA-256: | 8B9B9C5C9164CD9BBC3815AE35D8A1DEC06FB56F98F61948BDCBBE2B38ECED13 |
SHA-512: | F4F9AA7281D1179CB9134001BADEA148EDE938E19F0784A0C38240EBAAD88F596D80988BEA9521AE09DAD25DF965C521E1B6AAEDE469541B23ED8D7ACE4C26CD |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 27, 2024 00:48:14.843429089 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 27, 2024 00:48:14.843429089 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 27, 2024 00:48:14.952894926 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 27, 2024 00:48:23.212029934 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:23.212086916 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:23.212306976 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:23.217856884 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:23.217874050 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:23.911021948 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:23.919883013 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:23.919900894 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:23.921428919 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:23.921498060 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:23.922944069 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:23.923051119 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:23.977999926 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:23.978018045 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:24.024853945 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:24.446751118 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 27, 2024 00:48:24.446751118 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 27, 2024 00:48:24.556113005 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 27, 2024 00:48:26.278621912 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 27, 2024 00:48:26.278812885 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 27, 2024 00:48:33.843080997 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:33.843242884 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:33.843310118 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:33.961596012 CEST | 49711 | 443 | 192.168.2.5 | 216.58.206.68 |
May 27, 2024 00:48:33.961632967 CEST | 443 | 49711 | 216.58.206.68 | 192.168.2.5 |
May 27, 2024 00:48:40.018281937 CEST | 50335 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:40.023283958 CEST | 53 | 50335 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:40.023358107 CEST | 50335 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:40.023401022 CEST | 50335 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:40.048896074 CEST | 53 | 50335 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:40.518024921 CEST | 53 | 50335 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:40.519861937 CEST | 50335 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:40.553976059 CEST | 53 | 50335 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:40.554029942 CEST | 50335 | 53 | 192.168.2.5 | 1.1.1.1 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 27, 2024 00:48:19.174606085 CEST | 53 | 50140 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:19.189950943 CEST | 53 | 51973 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:20.288635969 CEST | 53 | 61710 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:20.817317009 CEST | 57475 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:20.817317009 CEST | 65123 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:20.844248056 CEST | 53 | 57475 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:20.848612070 CEST | 57628 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:21.197101116 CEST | 53 | 65123 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:21.197904110 CEST | 56511 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:21.554598093 CEST | 53 | 57628 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:21.615206003 CEST | 52531 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:21.621892929 CEST | 53 | 56511 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:22.059932947 CEST | 53 | 52531 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:22.084028006 CEST | 65157 | 53 | 192.168.2.5 | 8.8.8.8 |
May 27, 2024 00:48:22.084217072 CEST | 49203 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:22.091542006 CEST | 53 | 65157 | 8.8.8.8 | 192.168.2.5 |
May 27, 2024 00:48:22.098242998 CEST | 53 | 49203 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:23.088618040 CEST | 50329 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:23.093328953 CEST | 53553 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:23.102765083 CEST | 53 | 50329 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:23.112235069 CEST | 53267 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:23.127342939 CEST | 64855 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:23.127952099 CEST | 63978 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:23.182960033 CEST | 53 | 64855 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:23.224029064 CEST | 53 | 63978 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:23.371495962 CEST | 53 | 53267 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:23.519620895 CEST | 53 | 53553 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:28.719535112 CEST | 55855 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:28.724060059 CEST | 58894 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:28.948673010 CEST | 53 | 58894 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:28.949270964 CEST | 60296 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:29.055672884 CEST | 53 | 60296 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:29.385406017 CEST | 53 | 55855 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:29.386462927 CEST | 56102 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:30.069251060 CEST | 53 | 56102 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:30.070260048 CEST | 64623 | 53 | 192.168.2.5 | 1.1.1.1 |
May 27, 2024 00:48:30.080532074 CEST | 53 | 64623 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:38.463924885 CEST | 53 | 61936 | 1.1.1.1 | 192.168.2.5 |
May 27, 2024 00:48:40.017649889 CEST | 53 | 61346 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 27, 2024 00:48:21.621970892 CEST | 192.168.2.5 | 1.1.1.1 | c1e0 | (Port unreachable) | Destination Unreachable |
May 27, 2024 00:48:23.224124908 CEST | 192.168.2.5 | 1.1.1.1 | c1fe | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 27, 2024 00:48:20.817317009 CEST | 192.168.2.5 | 1.1.1.1 | 0x1867 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:20.817317009 CEST | 192.168.2.5 | 1.1.1.1 | 0xa5f3 | Standard query (0) | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:20.848612070 CEST | 192.168.2.5 | 1.1.1.1 | 0xbdd6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:21.197904110 CEST | 192.168.2.5 | 1.1.1.1 | 0x8644 | Standard query (0) | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:21.615206003 CEST | 192.168.2.5 | 1.1.1.1 | 0x635e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:22.084028006 CEST | 192.168.2.5 | 8.8.8.8 | 0x9378 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:22.084217072 CEST | 192.168.2.5 | 1.1.1.1 | 0x93d8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:23.088618040 CEST | 192.168.2.5 | 1.1.1.1 | 0x452a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:23.093328953 CEST | 192.168.2.5 | 1.1.1.1 | 0x99f | Standard query (0) | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:23.112235069 CEST | 192.168.2.5 | 1.1.1.1 | 0xd19 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:23.127342939 CEST | 192.168.2.5 | 1.1.1.1 | 0x749a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:23.127952099 CEST | 192.168.2.5 | 1.1.1.1 | 0xc5da | Standard query (0) | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:28.719535112 CEST | 192.168.2.5 | 1.1.1.1 | 0xc6c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:28.724060059 CEST | 192.168.2.5 | 1.1.1.1 | 0x777a | Standard query (0) | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:28.949270964 CEST | 192.168.2.5 | 1.1.1.1 | 0x8335 | Standard query (0) | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:29.386462927 CEST | 192.168.2.5 | 1.1.1.1 | 0xef2a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:30.070260048 CEST | 192.168.2.5 | 1.1.1.1 | 0x8524 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 27, 2024 00:48:20.844248056 CEST | 1.1.1.1 | 192.168.2.5 | 0x1867 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:21.197101116 CEST | 1.1.1.1 | 192.168.2.5 | 0xa5f3 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:21.554598093 CEST | 1.1.1.1 | 192.168.2.5 | 0xbdd6 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:21.621892929 CEST | 1.1.1.1 | 192.168.2.5 | 0x8644 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:22.059932947 CEST | 1.1.1.1 | 192.168.2.5 | 0x635e | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:22.091542006 CEST | 8.8.8.8 | 192.168.2.5 | 0x9378 | No error (0) | 142.250.147.139 | A (IP address) | IN (0x0001) | false | ||
May 27, 2024 00:48:22.091542006 CEST | 8.8.8.8 | 192.168.2.5 | 0x9378 | No error (0) | 142.250.147.102 | A (IP address) | IN (0x0001) | false | ||
May 27, 2024 00:48:22.091542006 CEST | 8.8.8.8 | 192.168.2.5 | 0x9378 | No error (0) | 142.250.147.138 | A (IP address) | IN (0x0001) | false | ||
May 27, 2024 00:48:22.091542006 CEST | 8.8.8.8 | 192.168.2.5 | 0x9378 | No error (0) | 142.250.147.101 | A (IP address) | IN (0x0001) | false | ||
May 27, 2024 00:48:22.091542006 CEST | 8.8.8.8 | 192.168.2.5 | 0x9378 | No error (0) | 142.250.147.100 | A (IP address) | IN (0x0001) | false | ||
May 27, 2024 00:48:22.091542006 CEST | 8.8.8.8 | 192.168.2.5 | 0x9378 | No error (0) | 142.250.147.113 | A (IP address) | IN (0x0001) | false | ||
May 27, 2024 00:48:22.098242998 CEST | 1.1.1.1 | 192.168.2.5 | 0x93d8 | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
May 27, 2024 00:48:23.102765083 CEST | 1.1.1.1 | 192.168.2.5 | 0x452a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:23.182960033 CEST | 1.1.1.1 | 192.168.2.5 | 0x749a | No error (0) | 216.58.206.68 | A (IP address) | IN (0x0001) | false | ||
May 27, 2024 00:48:23.224029064 CEST | 1.1.1.1 | 192.168.2.5 | 0xc5da | No error (0) | 65 | IN (0x0001) | false | |||
May 27, 2024 00:48:23.371495962 CEST | 1.1.1.1 | 192.168.2.5 | 0xd19 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:23.519620895 CEST | 1.1.1.1 | 192.168.2.5 | 0x99f | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:28.948673010 CEST | 1.1.1.1 | 192.168.2.5 | 0x777a | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:29.055672884 CEST | 1.1.1.1 | 192.168.2.5 | 0x8335 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
May 27, 2024 00:48:29.385406017 CEST | 1.1.1.1 | 192.168.2.5 | 0xc6c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:30.069251060 CEST | 1.1.1.1 | 192.168.2.5 | 0xef2a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:30.080532074 CEST | 1.1.1.1 | 192.168.2.5 | 0x8524 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
May 27, 2024 00:48:36.367027998 CEST | 1.1.1.1 | 192.168.2.5 | 0x3b25 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 27, 2024 00:48:36.367027998 CEST | 1.1.1.1 | 192.168.2.5 | 0x3b25 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:48:15 |
Start date: | 26/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:48:17 |
Start date: | 26/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:48:20 |
Start date: | 26/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |