Windows
Analysis Report
https://invitations.microsoft.com/Content/Images/PixelWarning.png
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 1440 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3168 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2076 --fi eld-trial- handle=201 6,i,117557 5779707560 5135,58069 1890082503 1610,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 2804 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://invit ations.mic rosoft.com /Content/I mages/Pixe lWarning.p ng" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.184.196 | true | false |
| unknown |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.184.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467976 |
Start date and time: | 2024-07-05 07:54:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://invitations.microsoft.com/Content/Images/PixelWarning.png |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@21/11@2/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.46, 74.125.133.84, 34.104.35.123, 40.126.32.6, 40.126.32.66, 40.126.32.131, 40.126.32.129, 52.165.165.26, 93.184.221.240, 192.229.221.95, 52.165.164.15, 13.95.31.18, 142.250.185.131, 131.107.255.255
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, na.privatelink.msidentity.com, clientservices.googleapis.com, wu.azureedge.net, dns.msftncsi.com, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, invitations.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, prdf.aadg.msidentity.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.f.prd.aadg.akadns.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, www.tm.f.prd.aadg.trafficmanager.net, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.974925720222649 |
Encrypted: | false |
SSDEEP: | 48:8oMdbTDPBHMidAKZdA19ehwiZUklqehGfy+3:8/vYhfy |
MD5: | 9C2E31C5155798423E2C3AA98F85AE13 |
SHA1: | 59A71FCFA1B1F1201E6A798040F49FF62814D803 |
SHA-256: | 25D61CCDCFE9F4F85FAA1F7E8FC82B8C0B72E0459FDEC07ABA4C1DDE7482CDE9 |
SHA-512: | AE920A3026587F697ED65DB193A362C5BE0A06D73E040620807DDE96CC5AC66B690FD7F38EDE26ECBE2E77182855CAED656486D20A8819D0ED23F0AD497D59D7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.990844544570956 |
Encrypted: | false |
SSDEEP: | 48:8tMdbTDPBHMidAKZdA1weh/iZUkAQkqehRfy+2:8+vy9QEfy |
MD5: | A249C26FDBAF453A8760149018FEE040 |
SHA1: | 7756BECA18A802C1714C0039C9A49D0353E3AFD2 |
SHA-256: | 144A4741B02F650D74580022DA7FCB75A34DC49E75BD2E40EAD173D6C58CFA11 |
SHA-512: | 7EF4F7EECEBA6B8B0E9E8C3842E15AE09E93FEB3966A5879FF82C6B524B182ECE1C95D2E98796C8203E28BC991C038AED4A7D7C553AC032484FF968FB40BBACC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.002129875176463 |
Encrypted: | false |
SSDEEP: | 48:8xDMdbTDPsHMidAKZdA14tseh7sFiZUkmgqeh7sHfy+BX:8xsvlnVfy |
MD5: | 09C5ABD85287F36A92460B32DF612E12 |
SHA1: | F823310BACAF4060CEA3BC0FF381B2EC60DB7D66 |
SHA-256: | DDE3A8179E4CA8D9A24C33D1EF5127326399AFCFA48AE393AB1923822029FBA4 |
SHA-512: | 843FBBAAF09103637C913A091AF710C5D501B84EAE79871CDB606E260B1495950C9E9A5C54B719DB5254A6C401A838071274BCD7706AD46D3341A54E601F53DE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9852273521164983 |
Encrypted: | false |
SSDEEP: | 48:8OMdbTDPBHMidAKZdA1vehDiZUkwqehdfy+R:8lvZPfy |
MD5: | EC792F745D8520FECB1D7B1EAEB30925 |
SHA1: | D01625952A918FCA9520695D45C4FCFA6ED961A5 |
SHA-256: | B54C7EF68A0AD7E27C27109A9480BA0BA5AB0AF09BFF2311050F10C829BB46DF |
SHA-512: | 7DC948B84DABDE921F71EB27A1A643E665A69E524422F4AFCA5627B61A6ED77B421CB6FE0E765E8F7B31FB3AE0E07C2B18072F8C2D42E97BB16B3B0337BCEA10 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.976734913367897 |
Encrypted: | false |
SSDEEP: | 48:8+MdbTDPBHMidAKZdA1hehBiZUk1W1qeh7fy+C:81vp9bfy |
MD5: | 163880F954A2004472912E8148145D8B |
SHA1: | 77E5037FEDC8F80B56306A6489D59964320227AA |
SHA-256: | CB7A7FA157B0610DEE4795043F006804C7D3B493FDDCA8759B4EF2FFAF8E158D |
SHA-512: | 79D310F6B7BBDE3604E283C74A385E5B23EECE1E07C007A54E735CC6831DCB3E220697C6A531A71538715AA27DD32EFF95CDA87894DF4FCCF768C185A0D56EBC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9870824306477957 |
Encrypted: | false |
SSDEEP: | 48:8kMdbTDPBHMidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbVfy+yT+:8Tv1T/TbxWOvTbVfy7T |
MD5: | 88AFDDDD65124EDB8CC84D8AA656F1E2 |
SHA1: | E8B5AB4E1FF18BE039CF334A9A4E98D162D0E4D5 |
SHA-256: | 7A49456DD85C0DF5632BA47AC479BDA1FA2C69C22DECCF5C221BDABDA36063C5 |
SHA-512: | CAA17FEC7AFE5B6182DBCEF005A316F07C0E695C10AD30E3EB259CC2B1476263E8C385720EBE1204A333946347818CB23F7BD4BEEB835D6E7BE235108A1A77C1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 32038 |
Entropy (8bit): | 5.104352236785294 |
Encrypted: | false |
SSDEEP: | 384:9FMKxxje8gZryMDXe3ibKSo3MdXA1SPrQHg4M:bpr68gVy1i2SzdXA1wrQHg4M |
MD5: | 4859E39AE6C0F1F428F2126A6BB32BD9 |
SHA1: | 1C0C85678AE963BC96D0B7FBE1EB89074CF1FBE0 |
SHA-256: | A94F8A8553CAEA8430DD4CA3CC01D4E318D19828F74CB65453FFB7F5D9E2F44D |
SHA-512: | 97541B40D8BEAC0DD8831EF8D2814EFEF10CFB185DF316E05B4F3AEF0A2D1839FB7A39D90F141F490E21B2955C32DF9D690785CC4DEF97CDFCE21ACF9BBAA2C7 |
Malicious: | false |
Reputation: | low |
URL: | https://invitations.microsoft.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 383 |
Entropy (8bit): | 7.050385702289711 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPIcE/6TsR/mUd2mjkxIk3y0X+MX0k8ZH7uigh5sS9ugOQwO0cSwhSeUp:6v/7DE/6Ts/m40qWyrKUBtg3sYoQB0cg |
MD5: | 1491F0ED395648F84FA99B95D2BF3754 |
SHA1: | 6F03026F8BDA020AB1EA6958ED5490A62875838A |
SHA-256: | 88B910CC0E55EBE5A65B121C4CBC5D2A61C59C011FA40986DE97CB1A45A126A7 |
SHA-512: | E17979DF12DD520739679FBA3AEE7A203866F62BD8703D86410F26BC7211FB5F21C275A4158F9D8A56D9EF8EF62A9BDC7897763D70CCD5944BBF834D20E18278 |
Malicious: | false |
Reputation: | low |
URL: | https://invitations.microsoft.com/Content/Images/PixelWarning.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32038 |
Entropy (8bit): | 5.104352236785294 |
Encrypted: | false |
SSDEEP: | 384:9FMKxxje8gZryMDXe3ibKSo3MdXA1SPrQHg4M:bpr68gVy1i2SzdXA1wrQHg4M |
MD5: | 4859E39AE6C0F1F428F2126A6BB32BD9 |
SHA1: | 1C0C85678AE963BC96D0B7FBE1EB89074CF1FBE0 |
SHA-256: | A94F8A8553CAEA8430DD4CA3CC01D4E318D19828F74CB65453FFB7F5D9E2F44D |
SHA-512: | 97541B40D8BEAC0DD8831EF8D2814EFEF10CFB185DF316E05B4F3AEF0A2D1839FB7A39D90F141F490E21B2955C32DF9D690785CC4DEF97CDFCE21ACF9BBAA2C7 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 07:55:06.628721952 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 07:55:06.628722906 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 07:55:06.738092899 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 07:55:16.122569084 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:16.122603893 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:16.122684956 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:16.122908115 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:16.122920990 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:16.240241051 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 07:55:16.240241051 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 07:55:16.349622011 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 07:55:16.775101900 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:16.775476933 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:16.775490999 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:16.776530027 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:16.776598930 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:16.821515083 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:16.821788073 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:16.865505934 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:16.865519047 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:16.909065008 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:17.513207912 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:17.513237000 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:17.513377905 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:17.516109943 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:17.516124964 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.003761053 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Jul 5, 2024 07:55:18.003868103 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Jul 5, 2024 07:55:18.161423922 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.161619902 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.165826082 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.165836096 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.166094065 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.208170891 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.248507977 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.426063061 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.426129103 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.426187038 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.481122017 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.481163025 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.481178045 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.481184959 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.596335888 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.596364021 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:18.596429110 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.597002983 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:18.597014904 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:19.268914938 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:19.269130945 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:19.271007061 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:19.271025896 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:19.271274090 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:19.274933100 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:19.320503950 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:19.559710026 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:19.559772015 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:19.560636044 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:19.560636044 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:19.560925007 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
Jul 5, 2024 07:55:19.560945034 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
Jul 5, 2024 07:55:26.674170971 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:26.674245119 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:26.674293041 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:26.905523062 CEST | 49714 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:55:26.905551910 CEST | 443 | 49714 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:55:34.467020988 CEST | 62777 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 07:55:34.471950054 CEST | 53 | 62777 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:34.472137928 CEST | 62777 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 07:55:34.472225904 CEST | 62777 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 07:55:34.477108002 CEST | 53 | 62777 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:34.929200888 CEST | 53 | 62777 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:34.929827929 CEST | 62777 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 07:55:34.934971094 CEST | 53 | 62777 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:34.935146093 CEST | 62777 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 07:56:16.152755022 CEST | 62781 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:56:16.152789116 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:56:16.152848959 CEST | 62781 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:56:16.153512955 CEST | 62781 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:56:16.153528929 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:56:16.811089039 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:56:16.811469078 CEST | 62781 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:56:16.811486959 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:56:16.811830044 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:56:16.812778950 CEST | 62781 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:56:16.812846899 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:56:16.865664959 CEST | 62781 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:56:26.741270065 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:56:26.741339922 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Jul 5, 2024 07:56:26.741450071 CEST | 62781 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:56:26.855389118 CEST | 62781 | 443 | 192.168.2.5 | 142.250.184.196 |
Jul 5, 2024 07:56:26.855401993 CEST | 443 | 62781 | 142.250.184.196 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 5, 2024 07:55:12.356462002 CEST | 53 | 52621 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:12.417244911 CEST | 53 | 63243 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:13.436669111 CEST | 53 | 57741 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:16.102896929 CEST | 55019 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 07:55:16.103379011 CEST | 61033 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 5, 2024 07:55:16.109719038 CEST | 53 | 55019 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:16.110174894 CEST | 53 | 61033 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:30.420798063 CEST | 53 | 53297 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:55:34.466124058 CEST | 53 | 58051 | 1.1.1.1 | 192.168.2.5 |
Jul 5, 2024 07:56:11.937083006 CEST | 53 | 55976 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 5, 2024 07:55:16.102896929 CEST | 192.168.2.5 | 1.1.1.1 | 0x767a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 5, 2024 07:55:16.103379011 CEST | 192.168.2.5 | 1.1.1.1 | 0xa306 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 5, 2024 07:55:16.109719038 CEST | 1.1.1.1 | 192.168.2.5 | 0x767a | No error (0) | 142.250.184.196 | A (IP address) | IN (0x0001) | false | ||
Jul 5, 2024 07:55:16.110174894 CEST | 1.1.1.1 | 192.168.2.5 | 0xa306 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 5, 2024 07:55:28.327848911 CEST | 1.1.1.1 | 192.168.2.5 | 0x203 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 5, 2024 07:55:28.327848911 CEST | 1.1.1.1 | 192.168.2.5 | 0x203 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49715 | 2.19.244.127 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-05 05:55:18 UTC | 161 | OUT | |
2024-07-05 05:55:18 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49716 | 2.19.244.127 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-05 05:55:19 UTC | 239 | OUT | |
2024-07-05 05:55:19 UTC | 535 | IN | |
2024-07-05 05:55:19 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 01:55:05 |
Start date: | 05/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 01:55:09 |
Start date: | 05/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 01:55:12 |
Start date: | 05/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |