Windows
Analysis Report
http://yaocanting.com
Overview
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 4080 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 2844 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2304 --fi eld-trial- handle=223 2,i,126669 0185625909 9238,77472 8546601321 2120,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 6548 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://yaocan ting.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
- • AV Detection
- • Phishing
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | HTTP Parser: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
yaocanting.com | 81.19.135.228 | true | false | unknown | |
www.google.com | 142.250.181.132 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
81.19.135.228 | yaocanting.com | Russian Federation | 24658 | IVC-ASRU | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.181.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1577761 |
Start date and time: | 2024-12-18 17:59:56 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://yaocanting.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@17/4@6/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, W MIADAP.exe, SIHClient.exe, con host.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 64.233.162.84, 172 .217.19.206, 172.217.21.35, 17 2.217.17.46, 217.20.58.100, 19 2.229.221.95, 172.217.17.35, 2 3.218.208.109, 20.12.23.50, 13 .107.246.63 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, accounts.google.com, slscr .update.microsoft.com, otelrul es.azureedge.net, ctldl.window supdate.com, clientservices.go ogleapis.com, fe3cr.delivery.m p.microsoft.com, clients2.goog le.com, ocsp.digicert.com, edg edl.me.gvt1.com, redirector.gv t1.com, update.googleapis.com, clients.l.google.com - Not all processes where analyz
ed, report is missing behavior information - VT rate limit hit for: http:/
/yaocanting.com
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 58296 |
Entropy (8bit): | 6.052265860508475 |
Encrypted: | false |
SSDEEP: | 768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM |
MD5: | CBB42513032D6C09E496731AC16C20A9 |
SHA1: | C92F38A701AAD58408451D24DD4C47B05F158CF0 |
SHA-256: | D189695B2F3BB92369881F2428FA861DCA9D9A94C638D9BDC4E2FA747D6F315B |
SHA-512: | 3D76F1018AFCEABA7CBB4083F4A5B5758966EC2AA5D5C6B07D72361782809F7ED4BD34ED9E0C4154D01A2DB7192155DE8251E5A834DD90B8D9823D916E1B7285 |
Malicious: | false |
Reputation: | low |
URL: | https://yaocanting.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1366 |
Entropy (8bit): | 4.613479396138565 |
Encrypted: | false |
SSDEEP: | 24:0pFV6NB8jVoF/JYBozSl5s6s77ffdg39v157NaTPuP3fkc4:0kBABozWX8dMh7NdM |
MD5: | 9ED2F42D562702AC623DA07660333BFD |
SHA1: | 8388C7D2F94AB5AD11023FB14B05A5C03CC1B73C |
SHA-256: | 0BAE6089419EA8F95D7DDF86BA40A6B6C8AE6FCA852DD9B70351F869E19DF27B |
SHA-512: | 81C2A15532BFF1FCE6EB0BA628DD20AB14F164D5B1C727CEBD2B8AB9D20026A71EFAD9005DD5604B1B7F15E8E1BD370DD34056F3AB3730A2394007FBDEFD5F76 |
Malicious: | false |
Reputation: | low |
URL: | https://yaocanting.com/ |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 70
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 18, 2024 18:00:41.622648954 CET | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Dec 18, 2024 18:00:51.230411053 CET | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Dec 18, 2024 18:00:54.904992104 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:00:54.905035019 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:00:54.905096054 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:00:54.905363083 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:00:54.905373096 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:00:56.641293049 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:00:56.641588926 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:00:56.641623020 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:00:56.643045902 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:00:56.643117905 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:00:56.644165039 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:00:56.644248962 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:00:56.685065985 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:00:56.685082912 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:00:56.731579065 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:00:56.883279085 CET | 49740 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:56.883621931 CET | 49741 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:57.003081083 CET | 80 | 49740 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:57.003160954 CET | 49740 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:57.003364086 CET | 80 | 49741 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:57.003390074 CET | 49740 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:57.003418922 CET | 49741 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:57.124304056 CET | 80 | 49740 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:58.332624912 CET | 80 | 49740 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:58.372561932 CET | 49740 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:58.481331110 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:58.481380939 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:58.481451988 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:58.482029915 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:58.482050896 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:59.980482101 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:59.980958939 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:59.980986118 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:59.982623100 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:59.982718945 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:59.987837076 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:59.987929106 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:00:59.988018990 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:00:59.988034964 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:00.030122042 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:00.535362005 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:00.535530090 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:00.535672903 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:00.536838055 CET | 49743 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:00.536860943 CET | 443 | 49743 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:00.626518011 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:00.626600027 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:00.626730919 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:00.627033949 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:00.627067089 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.087260962 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.087670088 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.087737083 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.088344097 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.088900089 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.088995934 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.089111090 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.135334015 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.766982079 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.767065048 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.767111063 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.767144918 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.767162085 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.767174959 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.767229080 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.883465052 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.883549929 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.883594990 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.883630991 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.883666039 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.883685112 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.960228920 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.960278988 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.960308075 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.960334063 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:02.960365057 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:02.960385084 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:03.036612988 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:03.036700010 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:03.036717892 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:03.036798000 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:03.036854029 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:03.037185907 CET | 49744 | 443 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:03.037220955 CET | 443 | 49744 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:06.311208963 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:06.311394930 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:06.311448097 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:01:07.202347994 CET | 49738 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:01:07.202378035 CET | 443 | 49738 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:11.600578070 CET | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
Dec 18, 2024 18:01:11.720998049 CET | 80 | 49723 | 199.232.214.172 | 192.168.2.4 |
Dec 18, 2024 18:01:11.721064091 CET | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
Dec 18, 2024 18:01:25.691015959 CET | 80 | 49724 | 84.201.208.104 | 192.168.2.4 |
Dec 18, 2024 18:01:25.691396952 CET | 49724 | 80 | 192.168.2.4 | 84.201.208.104 |
Dec 18, 2024 18:01:25.691442966 CET | 49724 | 80 | 192.168.2.4 | 84.201.208.104 |
Dec 18, 2024 18:01:25.810972929 CET | 80 | 49724 | 84.201.208.104 | 192.168.2.4 |
Dec 18, 2024 18:01:42.012115002 CET | 49741 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:42.132371902 CET | 80 | 49741 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:43.340886116 CET | 49740 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:43.460637093 CET | 80 | 49740 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:54.816942930 CET | 49769 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:01:54.817028999 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:54.817126989 CET | 49769 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:01:54.817513943 CET | 49769 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:01:54.817548990 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:56.515697002 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:56.520828009 CET | 49769 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:01:56.520890951 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:56.522386074 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:56.528656960 CET | 49769 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:01:56.528851986 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:01:56.575139999 CET | 49769 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:01:57.202227116 CET | 49741 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:57.322696924 CET | 80 | 49741 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:57.322870016 CET | 49741 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:58.369761944 CET | 80 | 49740 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:01:58.369847059 CET | 49740 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:59.202060938 CET | 49740 | 80 | 192.168.2.4 | 81.19.135.228 |
Dec 18, 2024 18:01:59.328548908 CET | 80 | 49740 | 81.19.135.228 | 192.168.2.4 |
Dec 18, 2024 18:02:06.244904041 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:02:06.245044947 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Dec 18, 2024 18:02:06.245120049 CET | 49769 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:02:07.204893112 CET | 49769 | 443 | 192.168.2.4 | 142.250.181.132 |
Dec 18, 2024 18:02:07.204971075 CET | 443 | 49769 | 142.250.181.132 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 18, 2024 18:00:50.961623907 CET | 53 | 58487 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:00:50.972234964 CET | 53 | 58856 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:00:53.656337976 CET | 53 | 51443 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:00:54.763504028 CET | 52270 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 18, 2024 18:00:54.763622999 CET | 57127 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 18, 2024 18:00:54.903795958 CET | 53 | 57127 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:00:54.904028893 CET | 53 | 52270 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:00:56.514007092 CET | 63585 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 18, 2024 18:00:56.514137030 CET | 62833 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 18, 2024 18:00:56.882229090 CET | 53 | 63585 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:00:56.882781029 CET | 53 | 62833 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:00:58.338079929 CET | 64472 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 18, 2024 18:00:58.338664055 CET | 64309 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 18, 2024 18:00:58.477596998 CET | 53 | 64472 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:00:58.478562117 CET | 53 | 64309 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:01:10.675188065 CET | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Dec 18, 2024 18:01:10.836261988 CET | 53 | 62982 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:01:29.451706886 CET | 53 | 65218 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:01:50.622917891 CET | 53 | 65506 | 1.1.1.1 | 192.168.2.4 |
Dec 18, 2024 18:01:52.105936050 CET | 53 | 51144 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 18, 2024 18:00:54.763504028 CET | 192.168.2.4 | 1.1.1.1 | 0xb933 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:00:54.763622999 CET | 192.168.2.4 | 1.1.1.1 | 0xa078 | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 18, 2024 18:00:56.514007092 CET | 192.168.2.4 | 1.1.1.1 | 0x62b2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:00:56.514137030 CET | 192.168.2.4 | 1.1.1.1 | 0xefe4 | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 18, 2024 18:00:58.338079929 CET | 192.168.2.4 | 1.1.1.1 | 0xbbcd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 18:00:58.338664055 CET | 192.168.2.4 | 1.1.1.1 | 0xef93 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 18, 2024 18:00:54.903795958 CET | 1.1.1.1 | 192.168.2.4 | 0xa078 | No error (0) | 65 | IN (0x0001) | false | |||
Dec 18, 2024 18:00:54.904028893 CET | 1.1.1.1 | 192.168.2.4 | 0xb933 | No error (0) | 142.250.181.132 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:00:56.882229090 CET | 1.1.1.1 | 192.168.2.4 | 0x62b2 | No error (0) | 81.19.135.228 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 18:00:58.477596998 CET | 1.1.1.1 | 192.168.2.4 | 0xbbcd | No error (0) | 81.19.135.228 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 81.19.135.228 | 80 | 2844 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 18, 2024 18:00:57.003390074 CET | 429 | OUT | |
Dec 18, 2024 18:00:58.332624912 CET | 398 | IN | |
Dec 18, 2024 18:01:43.340886116 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49741 | 81.19.135.228 | 80 | 2844 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 18, 2024 18:01:42.012115002 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49743 | 81.19.135.228 | 443 | 2844 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-18 17:00:59 UTC | 657 | OUT | |
2024-12-18 17:01:00 UTC | 295 | IN | |
2024-12-18 17:01:00 UTC | 1366 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49744 | 81.19.135.228 | 443 | 2844 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-18 17:01:02 UTC | 584 | OUT | |
2024-12-18 17:01:02 UTC | 191 | IN | |
2024-12-18 17:01:02 UTC | 16193 | IN | |
2024-12-18 17:01:02 UTC | 16384 | IN | |
2024-12-18 17:01:02 UTC | 16384 | IN | |
2024-12-18 17:01:03 UTC | 9335 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 12:00:45 |
Start date: | 18/12/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 12:00:48 |
Start date: | 18/12/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 12:00:54 |
Start date: | 18/12/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |