Windows
Analysis Report
http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6120 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5496 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2116 --fi eld-trial- handle=207 2,i,157043 7114853540 1124,78019 2053816740 934,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6424 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://ygi235 na1ffvmwka cq8ua9qd04 6vulia.oas tify.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com | 3.248.33.252 | true | false | unknown | |
www.google.com | 142.250.185.100 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.248.33.252 | PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com | United States | 16509 | AMAZON-02US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.100 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467856 |
Start date and time: | 2024-07-04 22:48:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@16/5@6/4 |
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.67, 216.58.206.78, 142.250.110.84, 34.104.35.123, 20.12.23.50, 199.232.210.172, 192.229.221.95, 52.165.164.15, 13.95.31.18, 142.250.181.227
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
Input | Output |
---|---|
URL: http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/ Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title 'ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com' does not contain any explicit request for sensitive information, hence no login form is present.","The text 'wfvcx6x68 ztq6kSowu 78 w2zjj gigz' does not create a sense of urgency or interest.","There is no CAPTCHA or anti-robot detection mechanism present in the webpage."]} |
Title: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com OCR: wfvcx6x68 ztq6kSowu 78 w2zjj gigz |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 55 |
Entropy (8bit): | 4.608099258743189 |
Encrypted: | false |
SSDEEP: | 3:qVZqTTGdPAxuyCDZcKa:qzUKd4cu |
MD5: | 9016DD1F1059B6CA63F5BF75FCFB2C34 |
SHA1: | AD80BE5F02421D382EC0552BCD6A14BF9558F7E2 |
SHA-256: | 426C1A86AEC88F0CD25E38B0487913AAECC941C3D7EB1EB5908537817C06E26A |
SHA-512: | 72BFEC2E1F62ADD0C3CE195CEEE9BC73D7F721F8EEB13BBDD69D19A27E87CC13702FC2FC70455032621FFF5D7AE5840CD320B6DA5DC3FEEFDC8D18DBCBDCD8C6 |
Malicious: | false |
Reputation: | low |
URL: | http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 84 |
Entropy (8bit): | 4.6061376606679545 |
Encrypted: | false |
SSDEEP: | 3:qVZqTTGdPAxuyCDwoAxuyCDZcKa:qzUKd4T5cu |
MD5: | 5BCAC5BA4CC9FE8ED9C340958265B22E |
SHA1: | F0B9B51078DA4EFC8E6F42FAA648A44B06395647 |
SHA-256: | E36DE8BE3A836C9653FF1527639B00A06CE686DF445144E138C4E000691BAB08 |
SHA-512: | 6AEA376FCA7641722FCFE0BE6FF01C49D69760774F8EA0249EDBB05129F45AA882F64A8A12D3600D97EEA949FFA372181EAA3B656D4AED1BA0C7D784D7C0C1AD |
Malicious: | false |
Reputation: | low |
URL: | http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55 |
Entropy (8bit): | 4.608099258743189 |
Encrypted: | false |
SSDEEP: | 3:qVZqTTGdPAxuyCDZcKa:qzUKd4cu |
MD5: | 9016DD1F1059B6CA63F5BF75FCFB2C34 |
SHA1: | AD80BE5F02421D382EC0552BCD6A14BF9558F7E2 |
SHA-256: | 426C1A86AEC88F0CD25E38B0487913AAECC941C3D7EB1EB5908537817C06E26A |
SHA-512: | 72BFEC2E1F62ADD0C3CE195CEEE9BC73D7F721F8EEB13BBDD69D19A27E87CC13702FC2FC70455032621FFF5D7AE5840CD320B6DA5DC3FEEFDC8D18DBCBDCD8C6 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 4, 2024 22:48:54.916831017 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
Jul 4, 2024 22:48:56.135577917 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 4, 2024 22:49:05.218965054 CEST | 49735 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:05.219233036 CEST | 49736 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:05.223720074 CEST | 80 | 49735 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:05.223944902 CEST | 80 | 49736 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:05.224026918 CEST | 49735 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:05.224205017 CEST | 49736 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:05.224205017 CEST | 49735 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:05.228964090 CEST | 80 | 49735 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:05.744767904 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 4, 2024 22:49:05.849631071 CEST | 80 | 49735 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:05.849915028 CEST | 80 | 49735 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:05.850583076 CEST | 49735 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:05.919838905 CEST | 49735 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:05.919981956 CEST | 49736 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:05.927818060 CEST | 80 | 49735 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:05.927944899 CEST | 80 | 49736 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:06.100934982 CEST | 80 | 49736 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:06.101202011 CEST | 80 | 49736 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:06.101252079 CEST | 49736 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:06.102153063 CEST | 49736 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:06.106910944 CEST | 80 | 49736 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:06.170509100 CEST | 49738 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:06.178752899 CEST | 80 | 49738 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:06.178836107 CEST | 49738 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:06.179209948 CEST | 49738 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:06.187509060 CEST | 80 | 49738 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:06.824584007 CEST | 80 | 49738 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:06.824696064 CEST | 80 | 49738 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:06.824743986 CEST | 49738 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:06.841741085 CEST | 49738 | 80 | 192.168.2.4 | 3.248.33.252 |
Jul 4, 2024 22:49:06.846482992 CEST | 80 | 49738 | 3.248.33.252 | 192.168.2.4 |
Jul 4, 2024 22:49:07.830931902 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:07.830980062 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:07.831048965 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:07.834008932 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:07.834022999 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:08.440041065 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:08.440090895 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:08.440227032 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:08.442461967 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:08.442475080 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:08.487251997 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:08.487642050 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:08.487669945 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:08.488547087 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:08.488652945 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:08.489998102 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:08.490061998 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:08.540563107 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:08.540575981 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:08.587258101 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:09.128022909 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.128108025 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.137598038 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.137612104 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.138000011 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.180998087 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.424654961 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.468545914 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.616874933 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.616995096 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.617048979 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.617233992 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.617259979 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.617275000 CEST | 49742 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.617280960 CEST | 443 | 49742 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.675734997 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.675786972 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:09.675853968 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.676707983 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:09.676722050 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:10.347722054 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:10.347809076 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:10.348990917 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:10.349001884 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:10.349325895 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:10.350378036 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:10.396497011 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:10.652287960 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:10.652367115 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:10.660401106 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:10.669441938 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:10.669461966 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:10.669503927 CEST | 49743 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 22:49:10.669509888 CEST | 443 | 49743 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 22:49:18.396291971 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:18.396358013 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:18.396416903 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:20.091801882 CEST | 49741 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:49:20.091825008 CEST | 443 | 49741 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:49:39.630053043 CEST | 80 | 49724 | 217.20.57.18 | 192.168.2.4 |
Jul 4, 2024 22:49:39.630233049 CEST | 49724 | 80 | 192.168.2.4 | 217.20.57.18 |
Jul 4, 2024 22:49:39.634613991 CEST | 49724 | 80 | 192.168.2.4 | 217.20.57.18 |
Jul 4, 2024 22:49:39.639436960 CEST | 80 | 49724 | 217.20.57.18 | 192.168.2.4 |
Jul 4, 2024 22:50:07.911686897 CEST | 49752 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:50:07.911744118 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:50:07.912587881 CEST | 49752 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:50:07.913095951 CEST | 49752 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:50:07.913113117 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:50:08.564912081 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:50:08.565179110 CEST | 49752 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:50:08.565203905 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:50:08.565483093 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:50:08.565830946 CEST | 49752 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:50:08.565882921 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:50:08.618803024 CEST | 49752 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:50:13.868722916 CEST | 49723 | 80 | 192.168.2.4 | 2.19.126.163 |
Jul 4, 2024 22:50:14.181046009 CEST | 49723 | 80 | 192.168.2.4 | 2.19.126.163 |
Jul 4, 2024 22:50:14.297488928 CEST | 80 | 49723 | 2.19.126.163 | 192.168.2.4 |
Jul 4, 2024 22:50:14.297867060 CEST | 80 | 49723 | 2.19.126.163 | 192.168.2.4 |
Jul 4, 2024 22:50:14.297909975 CEST | 49723 | 80 | 192.168.2.4 | 2.19.126.163 |
Jul 4, 2024 22:50:18.780929089 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:50:18.780993938 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Jul 4, 2024 22:50:18.781205893 CEST | 49752 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:50:20.090054989 CEST | 49752 | 443 | 192.168.2.4 | 142.250.185.100 |
Jul 4, 2024 22:50:20.090089083 CEST | 443 | 49752 | 142.250.185.100 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 4, 2024 22:49:03.888993025 CEST | 53 | 64019 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:03.895545006 CEST | 53 | 58744 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:05.181539059 CEST | 61833 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 22:49:05.181701899 CEST | 61562 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 22:49:05.217438936 CEST | 53 | 61833 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:05.218224049 CEST | 53 | 61562 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:05.465945005 CEST | 53 | 52217 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:06.119944096 CEST | 61056 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 22:49:06.120080948 CEST | 62224 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 22:49:06.167972088 CEST | 53 | 61056 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:06.168113947 CEST | 53 | 62224 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:07.812999964 CEST | 57887 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 22:49:07.813082933 CEST | 52470 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 22:49:07.819891930 CEST | 53 | 52470 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:07.820296049 CEST | 53 | 57887 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:22.695502996 CEST | 53 | 51805 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:49:25.436721087 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Jul 4, 2024 22:49:41.687381029 CEST | 53 | 63032 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:50:03.581209898 CEST | 53 | 63799 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 22:50:04.636687994 CEST | 53 | 55147 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 4, 2024 22:49:05.181539059 CEST | 192.168.2.4 | 1.1.1.1 | 0xe358 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 4, 2024 22:49:05.181701899 CEST | 192.168.2.4 | 1.1.1.1 | 0x7309 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 4, 2024 22:49:06.119944096 CEST | 192.168.2.4 | 1.1.1.1 | 0x736e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 4, 2024 22:49:06.120080948 CEST | 192.168.2.4 | 1.1.1.1 | 0xbc35 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 4, 2024 22:49:07.812999964 CEST | 192.168.2.4 | 1.1.1.1 | 0x6073 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 4, 2024 22:49:07.813082933 CEST | 192.168.2.4 | 1.1.1.1 | 0x2611 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 4, 2024 22:49:05.217438936 CEST | 1.1.1.1 | 192.168.2.4 | 0xe358 | No error (0) | PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:05.217438936 CEST | 1.1.1.1 | 192.168.2.4 | 0xe358 | No error (0) | 3.248.33.252 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:05.217438936 CEST | 1.1.1.1 | 192.168.2.4 | 0xe358 | No error (0) | 54.77.139.23 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:05.218224049 CEST | 1.1.1.1 | 192.168.2.4 | 0x7309 | No error (0) | PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:06.167972088 CEST | 1.1.1.1 | 192.168.2.4 | 0x736e | No error (0) | PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:06.167972088 CEST | 1.1.1.1 | 192.168.2.4 | 0x736e | No error (0) | 3.248.33.252 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:06.167972088 CEST | 1.1.1.1 | 192.168.2.4 | 0x736e | No error (0) | 54.77.139.23 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:06.168113947 CEST | 1.1.1.1 | 192.168.2.4 | 0xbc35 | No error (0) | PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:07.819891930 CEST | 1.1.1.1 | 192.168.2.4 | 0x2611 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 4, 2024 22:49:07.820296049 CEST | 1.1.1.1 | 192.168.2.4 | 0x6073 | No error (0) | 142.250.185.100 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:19.369026899 CEST | 1.1.1.1 | 192.168.2.4 | 0xd333 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:19.369026899 CEST | 1.1.1.1 | 192.168.2.4 | 0xd333 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:19.970189095 CEST | 1.1.1.1 | 192.168.2.4 | 0x5bf3 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:19.970189095 CEST | 1.1.1.1 | 192.168.2.4 | 0x5bf3 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:32.908307076 CEST | 1.1.1.1 | 192.168.2.4 | 0x7df6 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:32.908307076 CEST | 1.1.1.1 | 192.168.2.4 | 0x7df6 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:56.769762993 CEST | 1.1.1.1 | 192.168.2.4 | 0xecd8 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 4, 2024 22:49:56.769762993 CEST | 1.1.1.1 | 192.168.2.4 | 0xecd8 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 22:50:17.007587910 CEST | 1.1.1.1 | 192.168.2.4 | 0xe47 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 4, 2024 22:50:17.007587910 CEST | 1.1.1.1 | 192.168.2.4 | 0xe47 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49735 | 3.248.33.252 | 80 | 5496 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 4, 2024 22:49:05.224205017 CEST | 459 | OUT | |
Jul 4, 2024 22:49:05.849631071 CEST | 203 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 3.248.33.252 | 80 | 5496 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 4, 2024 22:49:05.919981956 CEST | 432 | OUT | |
Jul 4, 2024 22:49:06.100934982 CEST | 232 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49738 | 3.248.33.252 | 80 | 5496 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 4, 2024 22:49:06.179209948 CEST | 308 | OUT | |
Jul 4, 2024 22:49:06.824584007 CEST | 203 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49742 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 20:49:09 UTC | 161 | OUT | |
2024-07-04 20:49:09 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49743 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 20:49:10 UTC | 239 | OUT | |
2024-07-04 20:49:10 UTC | 514 | IN | |
2024-07-04 20:49:10 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 16:48:58 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 16:49:02 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 16:49:04 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |