Windows
Analysis Report
http://assets.unlayer.com
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5028 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) chrome.exe (PID: 1036 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2328 --fi eld-trial- handle=200 4,i,689574 4723872298 390,105727 8598721393 9283,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
chrome.exe (PID: 5076 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://assets .unlayer.c om" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
d14hpj5n6rtu02.cloudfront.net | 18.172.112.35 | true | false | unknown | |
www.google.com | 216.58.212.132 | true | false | high | |
assets.unlayer.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
216.58.212.132 | www.google.com | United States | 15169 | GOOGLEUS | false | |
18.172.112.35 | d14hpj5n6rtu02.cloudfront.net | United States | 3 | MIT-GATEWAYSUS | false |
IP |
---|
192.168.2.6 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1601639 |
Start date and time: | 2025-01-28 19:46:55 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://assets.unlayer.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@16/4@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): WMIADAP.exe, SI HClient.exe, backgroundTaskHos t.exe, svchost.exe - TCP Packets have been reduced
to 100 - Excluded IPs from analysis (wh
itelisted): 216.58.206.35, 142 .250.185.142, 74.125.133.84, 1 72.217.16.206, 142.250.186.174 , 142.250.186.142, 2.17.190.73 , 84.201.210.22, 142.250.185.1 10, 142.250.181.238, 142.250.1 86.110, 142.250.185.238, 142.2 50.185.227, 142.250.185.174, 2 16.58.206.78, 13.107.246.45, 1 84.28.90.27, 23.56.254.164, 17 2.202.163.200 - Excluded domains from analysis
(whitelisted): client.wns.win dows.com, fs.microsoft.com, ac counts.google.com, otelrules.a zureedge.net, slscr.update.mic rosoft.com, ctldl.windowsupdat e.com, clientservices.googleap is.com, fe3cr.delivery.mp.micr osoft.com, clients2.google.com , ocsp.digicert.com, edgedl.me .gvt1.com, redirector.gvt1.com , update.googleapis.com, clien ts.l.google.com - Not all processes where analyz
ed, report is missing behavior information - VT rate limit hit for: http:/
/assets.unlayer.com
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 111 |
Entropy (8bit): | 4.655766260772407 |
Encrypted: | false |
SSDEEP: | 3:vFWWMNHU8LdgCfZbZj+PBMkmKqWWU66bukoL9KgqLn:TMVBd/ZbZjZvKtWRV8g6n |
MD5: | B6C792C0F58FA3EC92173C074885221F |
SHA1: | 0DDE8FD9111D807E202B2FB37F8BCC4052FD861E |
SHA-256: | A824BC7739E226E1B40EA0F8C4E4F4C6F796FC3B4ABFA6E9ABE3BD119A30D938 |
SHA-512: | 83C8B765EDCC44F6AAF19445881C315239095B4AC90E9BB85716084DB9B9EC75F74876B49340CBAF5AE8D173E517AF9EAF82E628D1D32090CD0B4AC8A5D08875 |
Malicious: | false |
Reputation: | low |
URL: | http://assets.unlayer.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 190 |
Entropy (8bit): | 5.196615545092292 |
Encrypted: | false |
SSDEEP: | 3:vFWWMNHU8LdgCfZbZj+yFioWWUqXHFl6U93AUQUeLXPbETtx3xjg6NNdztNadKLn:TMVBd/ZbZjLF2WPXFl6yje7PbmtDjBN/ |
MD5: | 01C768EF002C8300219B7C71A3B5B3F5 |
SHA1: | B364EA92A3CC74B6098C89ABAC41586D4CB52FFA |
SHA-256: | 7C498024046B9F7BC48026E5A06DC44FCEEF17CE6464DADC4FF45C65F6F885D8 |
SHA-512: | DA2DD11B79BCB21B1D7BAA9FD2DADECA57E7D404349E679920C9949B836232A6D60FC522945F7086CA122BF7CE500FDD6A9CCAF1706F558F66A1F2CFB635C967 |
Malicious: | false |
Reputation: | low |
URL: | http://assets.unlayer.com/ |
Preview: |
- Total Packets: 58
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2025 19:47:44.188425064 CET | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Jan 28, 2025 19:47:44.250781059 CET | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Jan 28, 2025 19:47:44.469564915 CET | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Jan 28, 2025 19:47:51.769396067 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:51.769429922 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:51.769579887 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:51.770960093 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:51.770971060 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:52.658495903 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:52.658600092 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:52.664258003 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:52.664305925 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:52.664551973 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:52.668102026 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:52.668200016 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:52.668215036 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:52.668430090 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:52.711322069 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:52.843184948 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:52.843403101 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:52.843461037 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:52.843674898 CET | 49712 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:47:52.843696117 CET | 443 | 49712 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:47:53.858254910 CET | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Jan 28, 2025 19:47:53.889554024 CET | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Jan 28, 2025 19:47:54.024729013 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:47:54.024837971 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:47:54.025204897 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:47:54.025404930 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:47:54.025418997 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:47:54.153068066 CET | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Jan 28, 2025 19:47:54.687067032 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:47:54.688654900 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:47:54.688676119 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:47:54.689786911 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:47:54.689862013 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:47:54.696839094 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:47:54.696907997 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:47:54.749639988 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:47:54.749659061 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:47:54.796504974 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:47:55.793752909 CET | 443 | 49705 | 173.222.162.64 | 192.168.2.6 |
Jan 28, 2025 19:47:55.793945074 CET | 49705 | 443 | 192.168.2.6 | 173.222.162.64 |
Jan 28, 2025 19:47:56.818165064 CET | 49736 | 80 | 192.168.2.6 | 18.172.112.35 |
Jan 28, 2025 19:47:56.818356991 CET | 49737 | 80 | 192.168.2.6 | 18.172.112.35 |
Jan 28, 2025 19:47:56.822972059 CET | 80 | 49736 | 18.172.112.35 | 192.168.2.6 |
Jan 28, 2025 19:47:56.823050976 CET | 49736 | 80 | 192.168.2.6 | 18.172.112.35 |
Jan 28, 2025 19:47:56.823086023 CET | 80 | 49737 | 18.172.112.35 | 192.168.2.6 |
Jan 28, 2025 19:47:56.823159933 CET | 49737 | 80 | 192.168.2.6 | 18.172.112.35 |
Jan 28, 2025 19:47:56.829087973 CET | 49736 | 80 | 192.168.2.6 | 18.172.112.35 |
Jan 28, 2025 19:47:56.833914042 CET | 80 | 49736 | 18.172.112.35 | 192.168.2.6 |
Jan 28, 2025 19:47:57.557012081 CET | 80 | 49736 | 18.172.112.35 | 192.168.2.6 |
Jan 28, 2025 19:47:57.602082968 CET | 49736 | 80 | 192.168.2.6 | 18.172.112.35 |
Jan 28, 2025 19:47:57.969566107 CET | 49736 | 80 | 192.168.2.6 | 18.172.112.35 |
Jan 28, 2025 19:47:57.974436045 CET | 80 | 49736 | 18.172.112.35 | 192.168.2.6 |
Jan 28, 2025 19:47:58.610773087 CET | 80 | 49736 | 18.172.112.35 | 192.168.2.6 |
Jan 28, 2025 19:47:58.655447006 CET | 49736 | 80 | 192.168.2.6 | 18.172.112.35 |
Jan 28, 2025 19:48:01.618073940 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:01.618135929 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:01.618232965 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:01.618905067 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:01.618917942 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:02.425573111 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:02.425684929 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:02.428708076 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:02.428728104 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:02.428994894 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:02.431340933 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:02.431387901 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:02.431395054 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:02.431512117 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:02.475333929 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:02.608268023 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:02.608344078 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:02.608453989 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:02.608761072 CET | 49769 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:02.608783960 CET | 443 | 49769 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:04.579288006 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:48:04.579370022 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:48:04.579416037 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:48:05.965486050 CET | 49718 | 443 | 192.168.2.6 | 216.58.212.132 |
Jan 28, 2025 19:48:05.965502977 CET | 443 | 49718 | 216.58.212.132 | 192.168.2.6 |
Jan 28, 2025 19:48:19.430368900 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:19.430394888 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:19.430479050 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:19.431279898 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:19.431294918 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:20.241460085 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:20.241641045 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:20.249650002 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:20.249675035 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:20.250031948 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:20.252609968 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:20.252722025 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:20.252734900 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:20.252922058 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Jan 28, 2025 19:48:20.299336910 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:20.427995920 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:20.428081989 CET | 443 | 49888 | 40.115.3.253 | 192.168.2.6 |
Jan 28, 2025 19:48:20.428150892 CET | 49888 | 443 | 192.168.2.6 | 40.115.3.253 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2025 19:47:51.684588909 CET | 53 | 59406 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:47:51.686161041 CET | 53 | 64661 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:47:52.751209974 CET | 53 | 61588 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:47:54.015758038 CET | 60762 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 28, 2025 19:47:54.016175985 CET | 56689 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 28, 2025 19:47:54.023328066 CET | 53 | 60762 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:47:54.023652077 CET | 53 | 56689 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:47:56.803646088 CET | 50567 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 28, 2025 19:47:56.803803921 CET | 57207 | 53 | 192.168.2.6 | 1.1.1.1 |
Jan 28, 2025 19:47:56.814299107 CET | 53 | 50567 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:47:56.817137957 CET | 53 | 57207 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:48:09.835484982 CET | 53 | 49695 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:48:28.758049011 CET | 53 | 62760 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:48:50.776254892 CET | 53 | 60517 | 1.1.1.1 | 192.168.2.6 |
Jan 28, 2025 19:48:51.089179039 CET | 53 | 50983 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 28, 2025 19:47:54.015758038 CET | 192.168.2.6 | 1.1.1.1 | 0x50a5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 28, 2025 19:47:54.016175985 CET | 192.168.2.6 | 1.1.1.1 | 0x6305 | Standard query (0) | 65 | IN (0x0001) | false | |
Jan 28, 2025 19:47:56.803646088 CET | 192.168.2.6 | 1.1.1.1 | 0x426d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 28, 2025 19:47:56.803803921 CET | 192.168.2.6 | 1.1.1.1 | 0x4092 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 28, 2025 19:47:54.023328066 CET | 1.1.1.1 | 192.168.2.6 | 0x50a5 | No error (0) | 216.58.212.132 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 19:47:54.023652077 CET | 1.1.1.1 | 192.168.2.6 | 0x6305 | No error (0) | 65 | IN (0x0001) | false | |||
Jan 28, 2025 19:47:56.814299107 CET | 1.1.1.1 | 192.168.2.6 | 0x426d | No error (0) | d14hpj5n6rtu02.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jan 28, 2025 19:47:56.814299107 CET | 1.1.1.1 | 192.168.2.6 | 0x426d | No error (0) | 18.172.112.35 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 19:47:56.814299107 CET | 1.1.1.1 | 192.168.2.6 | 0x426d | No error (0) | 18.172.112.96 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 19:47:56.814299107 CET | 1.1.1.1 | 192.168.2.6 | 0x426d | No error (0) | 18.172.112.112 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 19:47:56.814299107 CET | 1.1.1.1 | 192.168.2.6 | 0x426d | No error (0) | 18.172.112.85 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 19:47:56.817137957 CET | 1.1.1.1 | 192.168.2.6 | 0x4092 | No error (0) | d14hpj5n6rtu02.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Target ID: | 1 |
Start time: | 13:47:46 |
Start date: | 28/01/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 13:47:48 |
Start date: | 28/01/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 13:47:55 |
Start date: | 28/01/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |