Windows
Analysis Report
https://11775357.com/
Overview
Detection
Score: | 48 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5576 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 2176 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2024,i ,114593598 7004933934 ,107162303 2347223475 6,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2056 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 6900 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://11775 357.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
xin.jump4mnydu.xyz | 45.138.71.205 | true | false | high | |
www.google.com | 142.250.186.100 | true | false | high | |
11775357.com | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.138.71.205 | xin.jump4mnydu.xyz | Italy | 40676 | AS40676US | false | |
142.250.186.100 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1637946 |
Start date and time: | 2025-03-14 01:26:53 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://11775357.com/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@21/0@5/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis
(whitelisted): SIHClient.exe, SgrmBroker.exe, backgroundTask Host.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 172.217.18.3, 216. 58.206.46, 108.177.15.84, 216. 58.206.78, 2.23.77.188 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, ocsp. digicert.com, accounts.google. com, slscr.update.microsoft.co m, clientservices.googleapis.c om, clients.l.google.com, fe3c r.delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: https:
//11775357.com/
Download Network PCAP: filtered – full
- Total Packets: 118
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 01:27:51.157033920 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:27:51.562657118 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:27:52.259638071 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:27:53.469168901 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:27:55.875211954 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:27:56.196640015 CET | 49735 | 443 | 192.168.2.4 | 142.250.186.100 |
Mar 14, 2025 01:27:56.196687937 CET | 443 | 49735 | 142.250.186.100 | 192.168.2.4 |
Mar 14, 2025 01:27:56.196914911 CET | 49735 | 443 | 192.168.2.4 | 142.250.186.100 |
Mar 14, 2025 01:27:56.197151899 CET | 49735 | 443 | 192.168.2.4 | 142.250.186.100 |
Mar 14, 2025 01:27:56.197166920 CET | 443 | 49735 | 142.250.186.100 | 192.168.2.4 |
Mar 14, 2025 01:27:56.405304909 CET | 443 | 49735 | 142.250.186.100 | 192.168.2.4 |
Mar 14, 2025 01:27:56.405867100 CET | 49736 | 443 | 192.168.2.4 | 142.250.186.100 |
Mar 14, 2025 01:27:56.405911922 CET | 443 | 49736 | 142.250.186.100 | 192.168.2.4 |
Mar 14, 2025 01:27:56.406100035 CET | 49736 | 443 | 192.168.2.4 | 142.250.186.100 |
Mar 14, 2025 01:27:56.406380892 CET | 49736 | 443 | 192.168.2.4 | 142.250.186.100 |
Mar 14, 2025 01:27:56.406395912 CET | 443 | 49736 | 142.250.186.100 | 192.168.2.4 |
Mar 14, 2025 01:27:56.605334044 CET | 443 | 49736 | 142.250.186.100 | 192.168.2.4 |
Mar 14, 2025 01:27:58.235276937 CET | 49739 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.235321999 CET | 443 | 49739 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.235445976 CET | 49739 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.238044977 CET | 49740 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.238132954 CET | 443 | 49740 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.238400936 CET | 49739 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.238425970 CET | 49740 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.238440990 CET | 443 | 49739 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.245043993 CET | 49740 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.245078087 CET | 443 | 49740 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.437407017 CET | 443 | 49739 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.440323114 CET | 49741 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.440392017 CET | 443 | 49741 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.440457106 CET | 49741 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.440762997 CET | 49741 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.440777063 CET | 443 | 49741 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.445200920 CET | 443 | 49740 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.445635080 CET | 49742 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.445688009 CET | 443 | 49742 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.445734978 CET | 49742 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.446019888 CET | 49742 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:58.446033001 CET | 443 | 49742 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.543680906 CET | 49744 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.543720961 CET | 443 | 49744 | 23.199.214.10 | 192.168.2.4 |
Mar 14, 2025 01:27:58.543808937 CET | 49744 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.552977085 CET | 49744 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.552992105 CET | 443 | 49744 | 23.199.214.10 | 192.168.2.4 |
Mar 14, 2025 01:27:58.553596973 CET | 443 | 49744 | 23.199.214.10 | 192.168.2.4 |
Mar 14, 2025 01:27:58.557790995 CET | 49745 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.557842016 CET | 443 | 49745 | 23.199.214.10 | 192.168.2.4 |
Mar 14, 2025 01:27:58.557909012 CET | 49745 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.558330059 CET | 49745 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.558345079 CET | 443 | 49745 | 23.199.214.10 | 192.168.2.4 |
Mar 14, 2025 01:27:58.559753895 CET | 443 | 49745 | 23.199.214.10 | 192.168.2.4 |
Mar 14, 2025 01:27:58.560415983 CET | 49746 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.560467958 CET | 443 | 49746 | 23.199.214.10 | 192.168.2.4 |
Mar 14, 2025 01:27:58.560640097 CET | 49746 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.565593958 CET | 49746 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.565639019 CET | 443 | 49746 | 23.199.214.10 | 192.168.2.4 |
Mar 14, 2025 01:27:58.565694094 CET | 49746 | 443 | 192.168.2.4 | 23.199.214.10 |
Mar 14, 2025 01:27:58.641284943 CET | 443 | 49741 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:58.645875931 CET | 443 | 49742 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.684726000 CET | 49749 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.684782982 CET | 443 | 49749 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.684923887 CET | 49749 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.685246944 CET | 49750 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.685288906 CET | 443 | 49750 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.685336113 CET | 49750 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.687107086 CET | 49750 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.687124014 CET | 443 | 49750 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.688014984 CET | 49749 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.688028097 CET | 443 | 49749 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.885123968 CET | 443 | 49750 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.885498047 CET | 443 | 49749 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.885649920 CET | 49751 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.885699987 CET | 443 | 49751 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.885783911 CET | 49751 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.886059999 CET | 49752 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.886107922 CET | 443 | 49752 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.886168003 CET | 49752 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.886461020 CET | 49751 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.886475086 CET | 443 | 49751 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.886751890 CET | 49752 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:27:59.886765957 CET | 443 | 49752 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:27:59.918755054 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:28:00.085196018 CET | 443 | 49751 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:00.085915089 CET | 443 | 49752 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:00.225027084 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:28:00.690810919 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:28:00.836364031 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:28:02.046603918 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:28:02.693380117 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:28:03.002245903 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:28:03.329665899 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:28:03.330404043 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:28:03.330719948 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:28:03.334419012 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:28:03.347769976 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:28:03.348047972 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:28:03.426412106 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:28:03.428693056 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:28:03.436148882 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:28:03.436248064 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:28:03.523233891 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
Mar 14, 2025 01:28:03.523319960 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
Mar 14, 2025 01:28:03.609381914 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:28:04.453088999 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:28:04.722496986 CET | 49756 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.722543955 CET | 443 | 49756 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.722613096 CET | 49756 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.723670006 CET | 49756 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.723685980 CET | 443 | 49756 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.724345922 CET | 443 | 49756 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.747154951 CET | 49757 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.747193098 CET | 443 | 49757 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.747271061 CET | 49757 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.747612000 CET | 49757 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.747627974 CET | 443 | 49757 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.748061895 CET | 443 | 49757 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.779305935 CET | 49758 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.779406071 CET | 443 | 49758 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.779485941 CET | 49758 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.779894114 CET | 49758 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.779931068 CET | 443 | 49758 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.780378103 CET | 443 | 49758 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.797552109 CET | 49759 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.797588110 CET | 443 | 49759 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.797677994 CET | 49759 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.798209906 CET | 49759 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.798221111 CET | 443 | 49759 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.798623085 CET | 443 | 49759 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.812469959 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:28:04.838531017 CET | 49760 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.838562965 CET | 443 | 49760 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.838634968 CET | 49760 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.839006901 CET | 49760 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.839020014 CET | 443 | 49760 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.839503050 CET | 443 | 49760 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.853219986 CET | 49761 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.853264093 CET | 443 | 49761 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.853385925 CET | 49761 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.853795052 CET | 49761 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.853811979 CET | 443 | 49761 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.854202986 CET | 443 | 49761 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.887440920 CET | 49762 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.887489080 CET | 443 | 49762 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.887700081 CET | 49762 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.888042927 CET | 49762 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.888057947 CET | 443 | 49762 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.888473988 CET | 443 | 49762 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.903414965 CET | 49763 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.903513908 CET | 443 | 49763 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.903599024 CET | 49763 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.903899908 CET | 49763 | 443 | 192.168.2.4 | 4.245.163.56 |
Mar 14, 2025 01:28:04.903943062 CET | 443 | 49763 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:04.904377937 CET | 443 | 49763 | 4.245.163.56 | 192.168.2.4 |
Mar 14, 2025 01:28:05.113780022 CET | 49764 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.113883018 CET | 443 | 49764 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.113933086 CET | 49765 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.113970995 CET | 49764 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.113990068 CET | 443 | 49765 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.114052057 CET | 49765 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.114895105 CET | 49765 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.114914894 CET | 443 | 49765 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.115494013 CET | 49764 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.115534067 CET | 443 | 49764 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.313271999 CET | 443 | 49765 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.313780069 CET | 443 | 49764 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.313852072 CET | 49766 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.313971996 CET | 443 | 49766 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.314066887 CET | 49766 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.314218998 CET | 49767 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.314275980 CET | 443 | 49767 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.314332008 CET | 49767 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.314716101 CET | 49766 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.314757109 CET | 443 | 49766 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.315145016 CET | 49767 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:05.315174103 CET | 443 | 49767 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.513005018 CET | 443 | 49766 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:05.513436079 CET | 443 | 49767 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.219474077 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Mar 14, 2025 01:28:07.720478058 CET | 49770 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.720524073 CET | 443 | 49770 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.720616102 CET | 49770 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.720675945 CET | 49771 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.720730066 CET | 443 | 49771 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.720793962 CET | 49771 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.721307993 CET | 49770 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.721322060 CET | 443 | 49770 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.721724987 CET | 49771 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.721749067 CET | 443 | 49771 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.921480894 CET | 443 | 49770 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.921917915 CET | 443 | 49771 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.922298908 CET | 49772 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.922344923 CET | 443 | 49772 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.922430038 CET | 49772 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.922938108 CET | 49773 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.922982931 CET | 443 | 49773 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.923121929 CET | 49773 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.923294067 CET | 49772 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.923310041 CET | 443 | 49772 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:07.923511028 CET | 49773 | 443 | 192.168.2.4 | 45.138.71.205 |
Mar 14, 2025 01:28:07.923525095 CET | 443 | 49773 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:08.121102095 CET | 443 | 49773 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:08.121486902 CET | 443 | 49772 | 45.138.71.205 | 192.168.2.4 |
Mar 14, 2025 01:28:09.265578032 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 14, 2025 01:28:10.296715021 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 14, 2025 01:28:12.031207085 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 01:27:51.953118086 CET | 53 | 55904 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:27:51.965507030 CET | 53 | 55109 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:27:56.188720942 CET | 57335 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:27:56.188891888 CET | 62194 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:27:56.195424080 CET | 53 | 62194 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:27:56.195585966 CET | 53 | 57335 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:27:57.274158955 CET | 61559 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:27:57.274339914 CET | 53886 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:27:57.291121960 CET | 53 | 53886 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:27:57.292232990 CET | 54799 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 14, 2025 01:27:57.308542013 CET | 53 | 54799 | 1.1.1.1 | 192.168.2.4 |
Mar 14, 2025 01:27:58.200006962 CET | 53 | 61559 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 14, 2025 01:27:56.188720942 CET | 192.168.2.4 | 1.1.1.1 | 0x244b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:27:56.188891888 CET | 192.168.2.4 | 1.1.1.1 | 0x4a8a | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:27:57.274158955 CET | 192.168.2.4 | 1.1.1.1 | 0x464e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 01:27:57.274339914 CET | 192.168.2.4 | 1.1.1.1 | 0xc569 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:27:57.292232990 CET | 192.168.2.4 | 1.1.1.1 | 0x7d30 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 14, 2025 01:27:56.195424080 CET | 1.1.1.1 | 192.168.2.4 | 0x4a8a | No error (0) | 65 | IN (0x0001) | false | |||
Mar 14, 2025 01:27:56.195585966 CET | 1.1.1.1 | 192.168.2.4 | 0x244b | No error (0) | 142.250.186.100 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 01:27:57.291121960 CET | 1.1.1.1 | 192.168.2.4 | 0xc569 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:27:57.308542013 CET | 1.1.1.1 | 192.168.2.4 | 0x7d30 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 01:27:58.200006962 CET | 1.1.1.1 | 192.168.2.4 | 0x464e | No error (0) | xin.cname66.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 01:27:58.200006962 CET | 1.1.1.1 | 192.168.2.4 | 0x464e | No error (0) | xin.jump4mnydu.xyz | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 01:27:58.200006962 CET | 1.1.1.1 | 192.168.2.4 | 0x464e | No error (0) | 45.138.71.205 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 20:27:47 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 20:27:49 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 20:27:55 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |