Windows
Analysis Report
https://3jryhyqvpxiqpvx.duckdns.org/
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6864 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2704 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2148 --fi eld-trial- handle=190 4,i,940448 6237465622 227,936197 8775791284 982,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 7024 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://3jryh yqvpxiqpvx .duckdns.o rg/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | SlashNext: |
Source: | Avira URL Cloud: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 14 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.250.181.238 | true | false | unknown | |
3jryhyqvpxiqpvx.duckdns.org | 103.13.207.150 | true | true | unknown | |
www.google.com | 216.58.206.36 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
103.13.207.150 | 3jryhyqvpxiqpvx.duckdns.org | unknown | 55843 | ATS-GLNET-SGAcclivisTechnologySolutionSG | true | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
216.58.206.36 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.8 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466513 |
Start date and time: | 2024-07-03 00:52:35 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://3jryhyqvpxiqpvx.duckdns.org/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.troj.win@19/10@11/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.185.174, 74.125.71.84, 34.104.35.123, 184.28.90.27, 52.165.165.26, 192.229.221.95, 13.85.23.206, 13.95.31.18
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://3jryhyqvpxiqpvx.duckdns.org/
Input | Output |
---|---|
URL: https://3jryhyqvpxiqpvx.duckdns.org/ Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title and text of the webpage do not contain a login form, as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The title and text of the webpage do not create a sense of urgency or interest, as there are no phrases that encourage the user to click a link or view a document.","The title and text of the webpage do not contain a CAPTCHA or any other anti-robot detection mechanism."]} |
Title: 404 Not Found OCR: 404 Not Found The resource requested could not be tound on this server' Proudly 1K)wered by LiteS'Eed Web Server Please advised that LiteSgE-ed Technologies Inc. is not a web hosting cornpany and, as such, has no contr(l over found on this site. |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9849882236824445 |
Encrypted: | false |
SSDEEP: | 48:820dJTR1WHXZidAKZdA1oehwiZUklqehhy+3:82+bFiy |
MD5: | 9B87061CD0387747BBAD74B58419FEEE |
SHA1: | E7E43C1DDEEEE483C47710387F1223FAF8B65149 |
SHA-256: | 175E23FE8EFC62FB18735DA774D911950D39484066E5C211FEF47BE104BE010B |
SHA-512: | 86663D7549C04E43555FFB72BAD0BA34ADF99D738D6E7AB53869F80E1EEBBD9534202E8709679F3CD3D0A1E7F2ECCDB6B68F841E801DBEB7B1664017D31AAA60 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.002586831927899 |
Encrypted: | false |
SSDEEP: | 48:8H0dJTR1WHXZidAKZdA1leh/iZUkAQkqehSy+2:8H+bf9Q/y |
MD5: | 40CCAB3A75DD5CC0A581E91A22158B4A |
SHA1: | 5DF8D4236A24939F7354F64FC66D022ACD4CD4AF |
SHA-256: | 018E60AA6C7E0B8021BA97F0A1D988FAEC4AC24C84CAD81852AC1A4ABA1BD101 |
SHA-512: | D14CF255AF16839273B3B3E85BF2403B4D9FB1FCBF2FD2CF1A42F61E5AD7D749953080D3262AB6CF1674C0983FB66E7BCBDDA26B98C3928E5E5F347CBA61037B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.009646309875094 |
Encrypted: | false |
SSDEEP: | 48:8s0dJTR1bHXZidAKZdA14t5eh7sFiZUkmgqeh7sgy+BX:8s+bMnmy |
MD5: | 29F04EE5DA7C30106D543749EBBED8C1 |
SHA1: | 6C94D26E0E8425C24BFA373E15A967BF1B90CA12 |
SHA-256: | 149DD437221900726BF83E8A242A273680F6C2E16A5E902ED05164D538C86D19 |
SHA-512: | 0F5D56B67BE16C1AB94C45B439981B0C146357386297E831184FF0ED21FCF1A1D23B638CC3FF81ECE72D75957DB691DFFBDB70707969F6EA54507E78217BD03B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9999012652144934 |
Encrypted: | false |
SSDEEP: | 48:8N0dJTR1WHXZidAKZdA16ehDiZUkwqehuy+R:8N+bsoy |
MD5: | 8B7BC7281FD3C07834E53AE07834A498 |
SHA1: | 6E5799D088289DBA3A4EB111D6C9165BAFCC056F |
SHA-256: | 7721B658331FE141B47A94D7432566C2571819B9FCC4255E852E04A3F93F3C0F |
SHA-512: | 272C7201BCCF47FD7E75E5E4BDF68DC8C7D8F9C09E51AA65F253E7E525A02C5394B234F97943C95FF8F97325A51558A0338DA1D61491B6144D09EE71E9A171C5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.989640024563065 |
Encrypted: | false |
SSDEEP: | 48:8W0dJTR1WHXZidAKZdA1UehBiZUk1W1qehEy+C:8W+bc9ky |
MD5: | 48DA9B0292C0012AF40C49D30A286565 |
SHA1: | 97DE571ADDD206821955FC1EC1F78CB4D95E238C |
SHA-256: | D570EDE6C3FABB999D46758B1950E4D8F3B4F6C0338103FDCF366406C1F40B0B |
SHA-512: | EE8362281513783D26F072AA24814BD3596970E2D81D1181E125368D08B593E0E7B4F6696B1F66A6F367B2DDAB02B7DCAF9E51888787E8065486B5305A182952 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 4.002834075256519 |
Encrypted: | false |
SSDEEP: | 48:890dJTR1WHXZidAKZdA1duTrehOuTbbiZUk5OjqehOuTbmy+yT+:89+bZTYTbxWOvTbmy7T |
MD5: | 55986C07AF9D46BCF1EE663C9C864D44 |
SHA1: | 6BFCA940A9931239E1B2D081923B0C8464A2D32D |
SHA-256: | A4E7FB171AB4610DB8A253E5551D0DCFCE8D3EB93F4B9F81A4FB198691995712 |
SHA-512: | 928CFA3B15C7CFCB81DEEDCE6A5E7F443AA7D1445A2D6AE5D311E06EE216766D3A95A77D328F636B951614D5C062214032F36A5791A8B90149375443D0E16B62 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1249 |
Entropy (8bit): | 5.242453121762845 |
Encrypted: | false |
SSDEEP: | 24:hYYIzD6yJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rq6Kj2CZLY5Mc6NDLYzkYKLlOM |
MD5: | F58515DFE987F7E027C8A71BBC884621 |
SHA1: | BEC6AEBF5940EA88FBBFF5748D539453D49FA284 |
SHA-256: | 679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43 |
SHA-512: | F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140 |
Malicious: | false |
Reputation: | low |
URL: | https://3jryhyqvpxiqpvx.duckdns.org/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1249 |
Entropy (8bit): | 5.242453121762845 |
Encrypted: | false |
SSDEEP: | 24:hYYIzD6yJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rq6Kj2CZLY5Mc6NDLYzkYKLlOM |
MD5: | F58515DFE987F7E027C8A71BBC884621 |
SHA1: | BEC6AEBF5940EA88FBBFF5748D539453D49FA284 |
SHA-256: | 679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43 |
SHA-512: | F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140 |
Malicious: | false |
Reputation: | low |
URL: | https://3jryhyqvpxiqpvx.duckdns.org/ |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 3, 2024 00:53:22.314754963 CEST | 49677 | 80 | 192.168.2.8 | 192.229.211.108 |
Jul 3, 2024 00:53:25.392858982 CEST | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:25.736623049 CEST | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:26.033482075 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Jul 3, 2024 00:53:27.283584118 CEST | 49671 | 443 | 192.168.2.8 | 204.79.197.203 |
Jul 3, 2024 00:53:27.627217054 CEST | 49677 | 80 | 192.168.2.8 | 192.229.211.108 |
Jul 3, 2024 00:53:34.993659019 CEST | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:35.337393999 CEST | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:35.634288073 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Jul 3, 2024 00:53:36.097585917 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:36.097631931 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:36.097702026 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:36.098479033 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:36.098490000 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:36.767530918 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:36.780014992 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:36.780029058 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:36.781428099 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:36.781543016 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:36.789300919 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:36.789500952 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:36.838146925 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:36.838162899 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:36.885046005 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:37.056936026 CEST | 443 | 49704 | 23.206.229.226 | 192.168.2.8 |
Jul 3, 2024 00:53:37.057090998 CEST | 49704 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:38.259862900 CEST | 49677 | 80 | 192.168.2.8 | 192.229.211.108 |
Jul 3, 2024 00:53:39.969378948 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:39.969420910 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:39.969626904 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:39.970190048 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:39.970227957 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:39.972315073 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:39.972372055 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:39.972500086 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:39.974215031 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:39.974231005 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.952548981 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.952969074 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:43.952999115 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.954179049 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.954250097 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:43.956195116 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.961395979 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:43.961416960 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.961889982 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:43.961983919 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.962435961 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:43.962444067 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.962723017 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:43.962816954 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:43.965272903 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:43.965385914 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:44.009409904 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:44.009547949 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:44.009565115 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:44.056905985 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:44.532695055 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:44.532814026 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:44.532960892 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:44.535465002 CEST | 49716 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:44.535485029 CEST | 443 | 49716 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:44.734077930 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:44.780503035 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:45.074816942 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:45.074925900 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:45.074966908 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:45.094558001 CEST | 49715 | 443 | 192.168.2.8 | 103.13.207.150 |
Jul 3, 2024 00:53:45.094584942 CEST | 443 | 49715 | 103.13.207.150 | 192.168.2.8 |
Jul 3, 2024 00:53:46.712155104 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:46.712243080 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:46.712560892 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:47.817305088 CEST | 52656 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:47.822163105 CEST | 53 | 52656 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:47.822237968 CEST | 52656 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:47.825081110 CEST | 52656 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:47.830132961 CEST | 53 | 52656 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:48.223329067 CEST | 49704 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:48.223472118 CEST | 49704 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:48.224152088 CEST | 52657 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:48.224189997 CEST | 443 | 52657 | 23.206.229.226 | 192.168.2.8 |
Jul 3, 2024 00:53:48.224406004 CEST | 52657 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:48.224782944 CEST | 52657 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 3, 2024 00:53:48.224798918 CEST | 443 | 52657 | 23.206.229.226 | 192.168.2.8 |
Jul 3, 2024 00:53:48.230777979 CEST | 443 | 49704 | 23.206.229.226 | 192.168.2.8 |
Jul 3, 2024 00:53:48.230792046 CEST | 443 | 49704 | 23.206.229.226 | 192.168.2.8 |
Jul 3, 2024 00:53:48.288309097 CEST | 53 | 52656 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:48.289086103 CEST | 52656 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:48.294250965 CEST | 53 | 52656 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:48.294336081 CEST | 52656 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:48.487992048 CEST | 49712 | 443 | 192.168.2.8 | 216.58.206.36 |
Jul 3, 2024 00:53:48.488028049 CEST | 443 | 49712 | 216.58.206.36 | 192.168.2.8 |
Jul 3, 2024 00:53:48.814909935 CEST | 443 | 52657 | 23.206.229.226 | 192.168.2.8 |
Jul 3, 2024 00:53:48.814999104 CEST | 52657 | 443 | 192.168.2.8 | 23.206.229.226 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 3, 2024 00:53:31.821005106 CEST | 53 | 60801 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:31.890501976 CEST | 53 | 63969 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:32.874773026 CEST | 53 | 58487 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:32.962089062 CEST | 59777 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:32.962249994 CEST | 64379 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:33.083372116 CEST | 53 | 64379 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:33.084541082 CEST | 53 | 59777 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:33.086286068 CEST | 54025 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:33.207492113 CEST | 53 | 54025 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:33.265103102 CEST | 51956 | 53 | 192.168.2.8 | 8.8.8.8 |
Jul 3, 2024 00:53:33.265368938 CEST | 63159 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:33.273260117 CEST | 53 | 63159 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:33.280337095 CEST | 53 | 51956 | 8.8.8.8 | 192.168.2.8 |
Jul 3, 2024 00:53:34.270370007 CEST | 49931 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:34.270545006 CEST | 52393 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:34.376251936 CEST | 53 | 52393 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:34.392126083 CEST | 53 | 49931 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:36.077881098 CEST | 64443 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:36.078655958 CEST | 60773 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:36.088872910 CEST | 53 | 64443 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:36.094470978 CEST | 53 | 60773 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:39.438585043 CEST | 56476 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:39.438745022 CEST | 56891 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 3, 2024 00:53:39.560286045 CEST | 53 | 56891 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:39.560734987 CEST | 53 | 56476 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:47.815913916 CEST | 53 | 60935 | 1.1.1.1 | 192.168.2.8 |
Jul 3, 2024 00:53:49.925880909 CEST | 53 | 49203 | 1.1.1.1 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 3, 2024 00:53:32.962089062 CEST | 192.168.2.8 | 1.1.1.1 | 0xb0de | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:32.962249994 CEST | 192.168.2.8 | 1.1.1.1 | 0x299f | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 3, 2024 00:53:33.086286068 CEST | 192.168.2.8 | 1.1.1.1 | 0xca1e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:33.265103102 CEST | 192.168.2.8 | 8.8.8.8 | 0xf123 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:33.265368938 CEST | 192.168.2.8 | 1.1.1.1 | 0xdfa5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:34.270370007 CEST | 192.168.2.8 | 1.1.1.1 | 0xb16f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:34.270545006 CEST | 192.168.2.8 | 1.1.1.1 | 0xf00d | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 3, 2024 00:53:36.077881098 CEST | 192.168.2.8 | 1.1.1.1 | 0x306f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:36.078655958 CEST | 192.168.2.8 | 1.1.1.1 | 0x8a81 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 3, 2024 00:53:39.438585043 CEST | 192.168.2.8 | 1.1.1.1 | 0xafdb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:39.438745022 CEST | 192.168.2.8 | 1.1.1.1 | 0x6910 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 3, 2024 00:53:33.083372116 CEST | 1.1.1.1 | 192.168.2.8 | 0x299f | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Jul 3, 2024 00:53:33.084541082 CEST | 1.1.1.1 | 192.168.2.8 | 0xb0de | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:33.207492113 CEST | 1.1.1.1 | 192.168.2.8 | 0xca1e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:33.273260117 CEST | 1.1.1.1 | 192.168.2.8 | 0xdfa5 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
Jul 3, 2024 00:53:33.280337095 CEST | 8.8.8.8 | 192.168.2.8 | 0xf123 | No error (0) | 172.217.168.78 | A (IP address) | IN (0x0001) | false | ||
Jul 3, 2024 00:53:34.392126083 CEST | 1.1.1.1 | 192.168.2.8 | 0xb16f | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jul 3, 2024 00:53:36.088872910 CEST | 1.1.1.1 | 192.168.2.8 | 0x306f | No error (0) | 216.58.206.36 | A (IP address) | IN (0x0001) | false | ||
Jul 3, 2024 00:53:36.094470978 CEST | 1.1.1.1 | 192.168.2.8 | 0x8a81 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 3, 2024 00:53:39.560286045 CEST | 1.1.1.1 | 192.168.2.8 | 0x6910 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Jul 3, 2024 00:53:39.560734987 CEST | 1.1.1.1 | 192.168.2.8 | 0xafdb | No error (0) | 103.13.207.150 | A (IP address) | IN (0x0001) | false | ||
Jul 3, 2024 00:53:46.670767069 CEST | 1.1.1.1 | 192.168.2.8 | 0x6d5e | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 3, 2024 00:53:46.670767069 CEST | 1.1.1.1 | 192.168.2.8 | 0x6d5e | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49716 | 103.13.207.150 | 443 | 2704 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 22:53:43 UTC | 696 | OUT | |
2024-07-02 22:53:44 UTC | 211 | IN | |
2024-07-02 22:53:44 UTC | 1249 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49715 | 103.13.207.150 | 443 | 2704 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 22:53:44 UTC | 610 | OUT | |
2024-07-02 22:53:45 UTC | 211 | IN | |
2024-07-02 22:53:45 UTC | 1249 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:53:25 |
Start date: | 02/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:53:29 |
Start date: | 02/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:53:31 |
Start date: | 02/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |