Windows
Analysis Report
http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
chrome.exe (PID: 7020 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 6328 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2156 --fi eld-trial- handle=194 8,i,144416 6974661422 9273,73374 2390642548 1173,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 3432 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://url938 5.sg.jbhun t.com/ls/c lick?upn=u 001.ZSe-2B qB89oX5Fdn ZieGxE36Gx BXxg-2BuMt kJFfe90RgJ 8GA-2BJyO2 kWOd9pXKdT a-2Fkjyawa Qogc4B0chq hSpEOYbwMV uJ9G-2FeX0 2TV7tMCTHH ucK-2BAb5T uWrSYSL7ON UqFk4iDkqs Q9m1GVm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
- • Phishing
- • Networking
- • System Summary
- • Boot Survival
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sendgrid.net | 167.89.115.61 | true | false | high | |
www.google.com | 172.217.19.228 | true | false | high | |
url9385.sg.jbhunt.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
167.89.115.61 | sendgrid.net | United States | 11377 | SENDGRIDUS | false | |
172.217.19.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.17 |
192.168.2.16 |
192.168.2.18 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1578559 |
Start date and time: | 2024-12-19 22:17:51 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@17/10@4/6 |
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, SIHClient.exe, Sgr mBroker.exe, conhost.exe, svch ost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.181.99, 64 .233.164.84, 172.217.17.78, 23 .32.238.74, 172.217.17.46, 142 .250.181.142, 172.217.17.35, 1 72.217.19.206, 92.122.16.236, 172.202.163.200 - Excluded domains from analysis
(whitelisted): clients1.googl e.com, fs.microsoft.com, clien ts2.google.com, edgedl.me.gvt1 .com, accounts.google.com, red irector.gvt1.com, slscr.update .microsoft.com, update.googlea pis.com, ctldl.windowsupdate.c om, clientservices.googleapis. com, clients.l.google.com, fe3 cr.delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - VT rate limit hit for: http:/
/url9385.sg.jbhunt.com/ls/clic k?upn=u001.ZSe-2BqB89oX5FdnZie GxE36GxBXxg-2BuMtkJFfe90RgJ8GA -2BJyO2kWOd9pXKdTa-2FkjyawaQog c4B0chqhSpEOYbwMVuJ9G-2FeX02TV 7tMCTHHucK-2BAb5TuWrSYSL7ONUqF k4iDkqsQ9m1GVm
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.989822284061744 |
Encrypted: | false |
SSDEEP: | 48:8Yd4T8YwH5ZidAKZdA1FehwiZUklqehTy+3:8rvoIy |
MD5: | AF8D6D715E9816D82424758ED9D11C0B |
SHA1: | ECF0A0DEEDBD46DD7D6E6BA539F7A920BB362BD9 |
SHA-256: | 9C0A3767A2ECC8A2632068BC6BDFE766C598A7F5439BF223F5EA1121D82F3091 |
SHA-512: | F78AB6A3AC0AD5FA3BDC4F0FC558E40723A3992FB003DE872FCFA1FF2E23B3F440F8E9DC672C6C21020CE6FA6C6347FFFAB1075A6912CFF016C76BD85BE4B2E3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.006690743693478 |
Encrypted: | false |
SSDEEP: | 48:8Zd4T8YwH5ZidAKZdA1seh/iZUkAQkqeh4y+2:8Uve9Q1y |
MD5: | C080F46D1DF91BCCFAE8A0366CA66ADA |
SHA1: | F8A70ECE62CDECCB5B792CA093FBCE06EE9410C8 |
SHA-256: | 405A3F40751AAA933B51D5B3176CD16873B7071532EBCC537367B0FDE705CB8E |
SHA-512: | 1A7A54AF3EC0398D92D532B0FFA5F6FA225BEB2E62DDF72CA8461212A39577E1437B964822699CF9183213D2E7B8BB1CF0F7FFD1255C77101ECA44607DE9D950 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.0123824215791535 |
Encrypted: | false |
SSDEEP: | 48:8ld4T8YAH5ZidAKZdA14meh7sFiZUkmgqeh7s6y+BX:8QvqnUy |
MD5: | 28E16DA68CEED73F0F0F5A2957610438 |
SHA1: | 73493E94EA474875C6722A82D36A634062121D01 |
SHA-256: | 03FF57A1C9071786490DC90AD0FB0512215B7745B200D76CCB5C2509A49EB513 |
SHA-512: | B16B7218E667D7551AFF4C91F622EDB776FBA3FA313E1F866C77AE701C2098014C8CA784836A283DFF0534D1AE49E3D621F4C153C2FF40AEB673E2BE4C272843 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.005032506995576 |
Encrypted: | false |
SSDEEP: | 48:8rxd4T8YwH5ZidAKZdA1TehDiZUkwqeh8y+R:84vVCy |
MD5: | E3BAE65184F61AF73E80E8E55973FBB9 |
SHA1: | D4710A849579752D30FE9B8960D7748EB7F70C49 |
SHA-256: | 0C1CFE591B76C29B45CA2BA4E486DB775D2CB06F74FCD08FF729D7ABD0ACA609 |
SHA-512: | A18DEECF3BABEADD44F2E6126F56212753F756DACC5E27C65271483D556142B5FECBFE054A8F5735923C599CA841E5FDD22FDC2305F4BF206A6602DB7BD9440A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9934056021293043 |
Encrypted: | false |
SSDEEP: | 48:8dd4T8YwH5ZidAKZdA1dehBiZUk1W1qehGy+C:8Ivl9my |
MD5: | FD24AE95FD30B9C00E11BEE15B41385F |
SHA1: | 072AF338D33B69272020988BB61D76CB606A30D8 |
SHA-256: | 30839741A20F4A9DDF6D325E84A05CEABA1CF89C078B2D9EACB5B633DA06334C |
SHA-512: | 6DC315C0B03E5AE3F2FB592EAC24412A253E009E21A78B347F18818318B000C7BA9A927445865B52F8CD932EBCEAA6C609522C16429BD97222121195E6FDF6A1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.000627544920566 |
Encrypted: | false |
SSDEEP: | 48:8gd4T8YwH5ZidAKZdA1duTeehOuTbbiZUk5OjqehOuTbUy+yT+:8zvNTfTbxWOvTbUy7T |
MD5: | 28634B805584F634949ED0BE6193C96F |
SHA1: | 7DC7E0ED47585875462B502859C13F7902EE1AD7 |
SHA-256: | CE4D11EC73EC7D637FBEC12856EC2D664304AB4E7212EBB08B62A2A96D451569 |
SHA-512: | 622E2538D9E8684E4A8F7276333E29C55B24452AF577F5DB77AC87542881DB838E1A5F0EF0FC4B49841447183EC3DD7DA850553E796DCFC762ECAA9593DEF2D3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 291 |
Entropy (8bit): | 4.477778146874743 |
Encrypted: | false |
SSDEEP: | 6:qzxUsjMR1X96b2+Ubghxc8le3rn9MGzMd4aa6++Oix9qD:kxBMR1knUkhGXpPoa6++3xMD |
MD5: | F0C66914A58FC74FC98A7C9BB4C288F2 |
SHA1: | 3E0E43F567138623CABFF91C14100D144AC56949 |
SHA-256: | 54E173BE753D03B2C163CEBBEE02BE7F4BDC1D6663154D4D60A3833F7BA3436B |
SHA-512: | 7AEDAEBA112D43E2B2FF845355199A11A141D637C0306155BE2356AE297DF118D2C0D2768D44C35A1D89841DB428E95686E29E9D15DEADF4233F3713893514BF |
Malicious: | false |
Reputation: | low |
URL: | http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 564 |
Entropy (8bit): | 4.72971822420855 |
Encrypted: | false |
SSDEEP: | 12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc |
MD5: | 8E325DC2FEA7C8900FC6C4B8C6C394FE |
SHA1: | 1B3291D4EEA179C84145B2814CB53E6A506EC201 |
SHA-256: | 0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2 |
SHA-512: | 084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14 |
Malicious: | false |
Reputation: | low |
URL: | http://url9385.sg.jbhunt.com/favicon.ico |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 50
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 19, 2024 22:18:19.513015032 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Dec 19, 2024 22:18:19.815731049 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Dec 19, 2024 22:18:20.423773050 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Dec 19, 2024 22:18:21.637733936 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Dec 19, 2024 22:18:23.501075029 CET | 49700 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:18:23.501597881 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:18:23.621153116 CET | 80 | 49700 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:18:23.621721983 CET | 80 | 49701 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:18:23.621843100 CET | 49700 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:18:23.621907949 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:18:23.622128963 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:18:23.742201090 CET | 80 | 49701 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:18:24.046814919 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Dec 19, 2024 22:18:24.717593908 CET | 80 | 49701 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:18:24.762844086 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:18:24.777825117 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:18:24.897346973 CET | 80 | 49701 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:18:24.909198999 CET | 49690 | 80 | 192.168.2.16 | 192.229.211.108 |
Dec 19, 2024 22:18:25.096308947 CET | 80 | 49701 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:18:25.141784906 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:18:27.261363983 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:27.261425972 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:27.261497021 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:27.261734009 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:27.261751890 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:27.682199001 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Dec 19, 2024 22:18:27.982825994 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Dec 19, 2024 22:18:28.584819078 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Dec 19, 2024 22:18:28.854825974 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Dec 19, 2024 22:18:28.958473921 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:28.958769083 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:28.958834887 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:28.959852934 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:28.959949970 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:28.963483095 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:28.963570118 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:29.013854980 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:29.013906956 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:29.062835932 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:29.794821978 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Dec 19, 2024 22:18:32.156058073 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Dec 19, 2024 22:18:32.203915119 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Dec 19, 2024 22:18:32.458909988 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Dec 19, 2024 22:18:33.068532944 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Dec 19, 2024 22:18:34.279923916 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Dec 19, 2024 22:18:36.691900969 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Dec 19, 2024 22:18:37.009927034 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Dec 19, 2024 22:18:38.463936090 CET | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Dec 19, 2024 22:18:38.653866053 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:38.653930902 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:38.654088020 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:40.588360071 CET | 49706 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:18:40.588387012 CET | 443 | 49706 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:18:41.496004105 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Dec 19, 2024 22:18:46.620063066 CET | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Dec 19, 2024 22:18:51.109081030 CET | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Dec 19, 2024 22:19:08.635355949 CET | 49700 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:19:08.755136013 CET | 80 | 49700 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:19:10.103435993 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:19:10.223325968 CET | 80 | 49701 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:19:23.944618940 CET | 49700 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:19:24.064917088 CET | 80 | 49700 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:19:24.065041065 CET | 49700 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:19:27.185693026 CET | 49711 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:19:27.185743093 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:19:27.185842991 CET | 49711 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:19:27.186147928 CET | 49711 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:19:27.186161041 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:19:28.972728014 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:19:28.973119974 CET | 49711 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:19:28.973153114 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:19:28.973680019 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:19:28.973997116 CET | 49711 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:19:28.974090099 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:19:29.022723913 CET | 49711 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:19:30.097496033 CET | 80 | 49701 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:19:30.097599983 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:19:30.591319084 CET | 49701 | 80 | 192.168.2.16 | 167.89.115.61 |
Dec 19, 2024 22:19:30.711170912 CET | 80 | 49701 | 167.89.115.61 | 192.168.2.16 |
Dec 19, 2024 22:19:38.689220905 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:19:38.689311981 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Dec 19, 2024 22:19:38.689390898 CET | 49711 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:19:40.590585947 CET | 49711 | 443 | 192.168.2.16 | 172.217.19.228 |
Dec 19, 2024 22:19:40.590626001 CET | 443 | 49711 | 172.217.19.228 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 19, 2024 22:18:22.480206013 CET | 53 | 58594 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:18:22.618448973 CET | 53 | 60533 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:18:23.206150055 CET | 61057 | 53 | 192.168.2.16 | 1.1.1.1 |
Dec 19, 2024 22:18:23.206290007 CET | 55432 | 53 | 192.168.2.16 | 1.1.1.1 |
Dec 19, 2024 22:18:23.500219107 CET | 53 | 61057 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:18:23.500473022 CET | 53 | 55432 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:18:25.400691032 CET | 53 | 56367 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:18:27.122637033 CET | 64944 | 53 | 192.168.2.16 | 1.1.1.1 |
Dec 19, 2024 22:18:27.122776985 CET | 52370 | 53 | 192.168.2.16 | 1.1.1.1 |
Dec 19, 2024 22:18:27.260169029 CET | 53 | 52370 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:18:27.260421038 CET | 53 | 64944 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:18:42.319834948 CET | 53 | 49450 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:19:01.332856894 CET | 53 | 52216 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:19:22.405539989 CET | 53 | 63553 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:19:23.855186939 CET | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Dec 19, 2024 22:19:24.084999084 CET | 53 | 62492 | 1.1.1.1 | 192.168.2.16 |
Dec 19, 2024 22:19:53.961884975 CET | 53 | 56711 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 19, 2024 22:18:23.206150055 CET | 192.168.2.16 | 1.1.1.1 | 0xa9c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 19, 2024 22:18:23.206290007 CET | 192.168.2.16 | 1.1.1.1 | 0xcb7c | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 19, 2024 22:18:27.122637033 CET | 192.168.2.16 | 1.1.1.1 | 0x48b3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 19, 2024 22:18:27.122776985 CET | 192.168.2.16 | 1.1.1.1 | 0x9a95 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | sendgrid.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.115.61 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.115.77 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.115.78 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.115.120 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.115.150 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.118.83 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.118.61 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.118.62 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.115.56 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.118.95 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.118.109 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.118.120 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.118.128 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.115.52 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.115.28 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500219107 CET | 1.1.1.1 | 192.168.2.16 | 0xa9c | No error (0) | 167.89.118.52 | A (IP address) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:23.500473022 CET | 1.1.1.1 | 192.168.2.16 | 0xcb7c | No error (0) | sendgrid.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 19, 2024 22:18:27.260169029 CET | 1.1.1.1 | 192.168.2.16 | 0x9a95 | No error (0) | 65 | IN (0x0001) | false | |||
Dec 19, 2024 22:18:27.260421038 CET | 1.1.1.1 | 192.168.2.16 | 0x48b3 | No error (0) | 172.217.19.228 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49701 | 167.89.115.61 | 80 | 6328 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 19, 2024 22:18:23.622128963 CET | 607 | OUT | |
Dec 19, 2024 22:18:24.717593908 CET | 489 | IN | |
Dec 19, 2024 22:18:24.777825117 CET | 557 | OUT | |
Dec 19, 2024 22:18:25.096308947 CET | 712 | IN | |
Dec 19, 2024 22:19:10.103435993 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49700 | 167.89.115.61 | 80 | 6328 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 19, 2024 22:19:08.635355949 CET | 6 | OUT |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 16:18:21 |
Start date: | 19/12/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 16:18:21 |
Start date: | 19/12/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 16:18:22 |
Start date: | 19/12/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |