Windows
Analysis Report
https://www.11775357.com/
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 6476 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 6464 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2036,i ,552794555 6923350627 ,158809018 7023256117 9,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2068 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 7396 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= printing.m ojom.Unsan dboxedPrin tBackendHo st --lang= en-US --se rvice-sand box-type=n one --no-p re-read-ma in-dll --f ield-trial -handle=20 36,i,55279 4555692335 0627,15880 9018702325 61179,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction - -variation s-seed-ver sion=20250 306-183004 .429000 -- mojo-platf orm-channe l-handle=5 036 /prefe tch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 7588 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://www.1 1775357.co m/" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
xin.jump4mnydu.xyz | 45.138.71.205 | true | false | high | |
www.google.com | 142.250.186.132 | true | false | high | |
www.11775357.com | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.138.71.205 | xin.jump4mnydu.xyz | Italy | 40676 | AS40676US | false | |
142.250.186.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1637938 |
Start date and time: | 2025-03-14 01:25:53 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://www.11775357.com/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@23/0@6/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis
(whitelisted): BackgroundTrans ferHost.exe, SIHClient.exe, ba ckgroundTaskHost.exe, svchost. exe - Excluded IPs from analysis (wh
itelisted): 216.58.206.46, 142 .250.184.227, 172.217.16.206, 142.251.168.84 - Excluded domains from analysis
(whitelisted): clients2.googl e.com, accounts.google.com, sl scr.update.microsoft.com, clie ntservices.googleapis.com, g.b ing.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.c om - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: https:
//www.11775357.com/
Download Network PCAP: filtered – full
- Total Packets: 109
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 01:26:42.797875881 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 01:26:43.109991074 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 01:26:43.719374895 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 01:26:43.766273022 CET | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
Mar 14, 2025 01:26:44.922506094 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 01:26:47.328835011 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 01:26:52.157521963 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 01:26:53.472601891 CET | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
Mar 14, 2025 01:26:55.167196989 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:26:55.167243004 CET | 443 | 49727 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:26:55.167515039 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:26:55.167726994 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:26:55.167747021 CET | 443 | 49727 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:26:55.365647078 CET | 443 | 49727 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:26:55.366368055 CET | 49728 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:26:55.366482019 CET | 443 | 49728 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:26:55.367110014 CET | 49728 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:26:55.367225885 CET | 49728 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:26:55.367238998 CET | 443 | 49728 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:26:55.566273928 CET | 443 | 49728 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:26:57.998081923 CET | 49733 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:57.998135090 CET | 443 | 49733 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:57.998197079 CET | 49733 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:57.998637915 CET | 49733 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:57.998648882 CET | 443 | 49733 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:57.999272108 CET | 49734 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:57.999309063 CET | 443 | 49734 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:57.999366045 CET | 49734 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:57.999633074 CET | 49734 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:57.999644041 CET | 443 | 49734 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:58.197904110 CET | 443 | 49733 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:58.197909117 CET | 443 | 49734 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:58.198484898 CET | 49735 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:58.198528051 CET | 443 | 49735 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:58.198585033 CET | 49735 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:58.198879004 CET | 49736 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:58.198919058 CET | 443 | 49736 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:58.198977947 CET | 49736 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:58.199229002 CET | 49735 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:58.199243069 CET | 443 | 49735 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:58.199484110 CET | 49736 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:58.199502945 CET | 443 | 49736 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:58.397452116 CET | 443 | 49735 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:58.397459984 CET | 443 | 49736 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.443469048 CET | 49739 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.443521976 CET | 443 | 49739 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.443577051 CET | 49739 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.443803072 CET | 49740 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.443844080 CET | 443 | 49740 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.443902016 CET | 49740 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.444207907 CET | 49739 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.444221973 CET | 443 | 49739 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.444799900 CET | 49740 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.444812059 CET | 443 | 49740 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.642047882 CET | 443 | 49739 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.642659903 CET | 49741 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.642694950 CET | 443 | 49741 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.642765045 CET | 49741 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.643131971 CET | 49741 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.643148899 CET | 443 | 49741 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.645824909 CET | 443 | 49740 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.646219969 CET | 49742 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.646239996 CET | 443 | 49742 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.646298885 CET | 49742 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.646709919 CET | 49742 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:26:59.646722078 CET | 443 | 49742 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.841882944 CET | 443 | 49741 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:26:59.845453978 CET | 443 | 49742 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:00.488948107 CET | 49743 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:27:00.489011049 CET | 443 | 49743 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:27:00.489125013 CET | 49743 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:27:00.489831924 CET | 49743 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:27:00.489846945 CET | 443 | 49743 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:27:00.690114021 CET | 443 | 49743 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:27:00.690849066 CET | 49744 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:27:00.690881014 CET | 443 | 49744 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:27:00.690963984 CET | 49744 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:27:00.691297054 CET | 49744 | 443 | 192.168.2.5 | 142.250.186.132 |
Mar 14, 2025 01:27:00.691309929 CET | 443 | 49744 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:27:00.889358044 CET | 443 | 49744 | 142.250.186.132 | 192.168.2.5 |
Mar 14, 2025 01:27:01.767011881 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 01:27:02.905246019 CET | 49745 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.905272007 CET | 443 | 49745 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:02.905359983 CET | 49745 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.906933069 CET | 49745 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.906946898 CET | 443 | 49745 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:02.907732010 CET | 443 | 49745 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:02.939377069 CET | 49746 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.939403057 CET | 443 | 49746 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:02.939507961 CET | 49746 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.939851046 CET | 49746 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.939861059 CET | 443 | 49746 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:02.940414906 CET | 443 | 49746 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:02.996380091 CET | 49747 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.996421099 CET | 443 | 49747 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:02.996490955 CET | 49747 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.996809959 CET | 49747 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:02.996822119 CET | 443 | 49747 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:02.997435093 CET | 443 | 49747 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.028176069 CET | 49748 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.028223991 CET | 443 | 49748 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.028292894 CET | 49748 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.028661013 CET | 49748 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.028676987 CET | 443 | 49748 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.029336929 CET | 443 | 49748 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.082644939 CET | 49749 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.082685947 CET | 443 | 49749 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.082758904 CET | 49749 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.083092928 CET | 49749 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.083107948 CET | 443 | 49749 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.083755016 CET | 443 | 49749 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.108768940 CET | 49750 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.108793974 CET | 443 | 49750 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.109024048 CET | 49750 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.109178066 CET | 49750 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.109188080 CET | 443 | 49750 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.109747887 CET | 443 | 49750 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.133275986 CET | 49751 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.133317947 CET | 443 | 49751 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.133397102 CET | 49751 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.133809090 CET | 49751 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.133822918 CET | 443 | 49751 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.134351969 CET | 443 | 49751 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.156924009 CET | 49752 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.156956911 CET | 443 | 49752 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.157032013 CET | 49752 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.157314062 CET | 49752 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 01:27:03.157329082 CET | 443 | 49752 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:03.157866001 CET | 443 | 49752 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 01:27:04.477415085 CET | 49754 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.477430105 CET | 443 | 49754 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 01:27:04.477514982 CET | 49754 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.481893063 CET | 49754 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.481905937 CET | 443 | 49754 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 01:27:04.482549906 CET | 443 | 49754 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 01:27:04.483299971 CET | 49755 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.483339071 CET | 443 | 49755 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 01:27:04.483414888 CET | 49755 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.483952045 CET | 49755 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.483967066 CET | 443 | 49755 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 01:27:04.484361887 CET | 443 | 49755 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 01:27:04.484987974 CET | 49756 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.485016108 CET | 443 | 49756 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 01:27:04.485097885 CET | 49756 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.485220909 CET | 49756 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.485246897 CET | 443 | 49756 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 01:27:04.485323906 CET | 49756 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 01:27:04.855215073 CET | 49758 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:04.855263948 CET | 443 | 49758 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:04.855392933 CET | 49758 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:04.856007099 CET | 49758 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:04.856017113 CET | 49759 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:04.856019020 CET | 443 | 49758 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:04.856050968 CET | 443 | 49759 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:04.856187105 CET | 49759 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:04.858108997 CET | 49759 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:04.858125925 CET | 443 | 49759 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:05.053941011 CET | 443 | 49758 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:05.054589033 CET | 49760 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:05.054614067 CET | 443 | 49760 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:05.054867029 CET | 49760 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:05.055118084 CET | 49760 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:05.055128098 CET | 443 | 49760 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:05.057672977 CET | 443 | 49759 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:05.058070898 CET | 49761 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:05.058095932 CET | 443 | 49761 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:05.058218002 CET | 49761 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:05.058475018 CET | 49761 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:05.058482885 CET | 443 | 49761 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:05.253087997 CET | 443 | 49760 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:05.256979942 CET | 443 | 49761 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.431807041 CET | 49764 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.431807995 CET | 49765 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.431853056 CET | 443 | 49764 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.431857109 CET | 443 | 49765 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.432075977 CET | 49765 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.432106972 CET | 49764 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.432571888 CET | 49765 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.432589054 CET | 443 | 49765 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.436026096 CET | 49764 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.436043978 CET | 443 | 49764 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.633506060 CET | 443 | 49764 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.634150982 CET | 49766 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.634188890 CET | 443 | 49766 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.634516001 CET | 49766 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.634655952 CET | 49766 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.634671926 CET | 443 | 49766 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.637851954 CET | 443 | 49765 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.638448000 CET | 49767 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.638489962 CET | 443 | 49767 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.638649940 CET | 49767 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.638988018 CET | 49767 | 443 | 192.168.2.5 | 45.138.71.205 |
Mar 14, 2025 01:27:11.639000893 CET | 443 | 49767 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.833019018 CET | 443 | 49766 | 45.138.71.205 | 192.168.2.5 |
Mar 14, 2025 01:27:11.837560892 CET | 443 | 49767 | 45.138.71.205 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 01:26:51.176683903 CET | 53 | 65153 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 01:26:51.183751106 CET | 53 | 57162 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 01:26:55.158129930 CET | 62649 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 01:26:55.158129930 CET | 50683 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 01:26:55.166204929 CET | 53 | 50683 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 01:26:55.166225910 CET | 53 | 62649 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 01:26:56.929286957 CET | 58735 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 01:26:56.929286957 CET | 57278 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 01:26:56.946296930 CET | 53 | 57278 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 01:26:56.946808100 CET | 63818 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 01:26:56.963244915 CET | 53 | 63818 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 01:26:57.942740917 CET | 61103 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 01:26:57.997276068 CET | 53 | 58735 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 01:26:59.100658894 CET | 53 | 61103 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 14, 2025 01:26:59.100755930 CET | 192.168.2.5 | 1.1.1.1 | c231 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 14, 2025 01:26:55.158129930 CET | 192.168.2.5 | 1.1.1.1 | 0x9f5e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:26:55.158129930 CET | 192.168.2.5 | 1.1.1.1 | 0xe2d0 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:26:56.929286957 CET | 192.168.2.5 | 1.1.1.1 | 0x3ccc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:26:56.929286957 CET | 192.168.2.5 | 1.1.1.1 | 0x6c11 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:26:56.946808100 CET | 192.168.2.5 | 1.1.1.1 | 0xcfe9 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:26:57.942740917 CET | 192.168.2.5 | 1.1.1.1 | 0x87af | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 14, 2025 01:26:55.166204929 CET | 1.1.1.1 | 192.168.2.5 | 0xe2d0 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 14, 2025 01:26:55.166225910 CET | 1.1.1.1 | 192.168.2.5 | 0x9f5e | No error (0) | 142.250.186.132 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 01:26:56.946296930 CET | 1.1.1.1 | 192.168.2.5 | 0x6c11 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:26:56.963244915 CET | 1.1.1.1 | 192.168.2.5 | 0xcfe9 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:26:57.997276068 CET | 1.1.1.1 | 192.168.2.5 | 0x3ccc | No error (0) | xin.cname66.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 01:26:57.997276068 CET | 1.1.1.1 | 192.168.2.5 | 0x3ccc | No error (0) | xin.jump4mnydu.xyz | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 01:26:57.997276068 CET | 1.1.1.1 | 192.168.2.5 | 0x3ccc | No error (0) | 45.138.71.205 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 01:26:59.100658894 CET | 1.1.1.1 | 192.168.2.5 | 0x87af | No error (0) | xin.cname66.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 01:26:59.100658894 CET | 1.1.1.1 | 192.168.2.5 | 0x87af | No error (0) | xin.jump4mnydu.xyz | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 01:26:59.100658894 CET | 1.1.1.1 | 192.168.2.5 | 0x87af | No error (0) | 45.138.71.205 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 20:26:45 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6cb0e0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 20:26:49 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6cb0e0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 20:26:52 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6cb0e0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 6 |
Start time: | 20:26:56 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6cb0e0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |