Windows
Analysis Report
https://kcs-sushi.top
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 6652 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 6984 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2032,i ,833715737 8305848207 ,298937205 1130994845 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version= 20250306-1 83004.4290 00 --mojo- platform-c hannel-han dle=2064 / prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 7588 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= printing.m ojom.Unsan dboxedPrin tBackendHo st --lang= en-US --se rvice-sand box-type=n one --no-p re-read-ma in-dll --f ield-trial -handle=20 32,i,83371 5737830584 8207,29893 7205113099 4845,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction -- variations -seed-vers ion=202503 06-183004. 429000 --m ojo-platfo rm-channel -handle=49 88 /prefet ch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 7784 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://kcs-s ushi.top" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
kcs-sushi.top | 107.172.5.158 | true | false | unknown | |
www.google.com | 142.250.186.164 | true | false | high | |
198.187.3.20.in-addr.arpa | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
107.172.5.158 | kcs-sushi.top | United States | 36352 | AS-COLOCROSSINGUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1642967 |
Start date and time: | 2025-03-19 12:56:38 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://kcs-sushi.top |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@25/2@6/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis
(whitelisted): audiodg.exe, Ba ckgroundTransferHost.exe, SIHC lient.exe, backgroundTaskHost. exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 23.199.214.10, 142 .250.185.195, 142.250.186.46, 142.250.185.142, 66.102.1.84, 216.58.206.46, 142.250.186.110 , 142.250.185.110, 172.217.133 .233, 142.250.186.163, 20.109. 210.53, 20.199.58.43, 150.171. 28.10, 20.3.187.198, 4.175.87. 197 - Excluded domains from analysis
(whitelisted): r4---sn-4g5edn dr.gvt1.com, fs.microsoft.com, accounts.google.com, slscr.up date.microsoft.com, clientserv ices.googleapis.com, g.bing.co m, fs-wildcard.microsoft.com.e dgekey.net, fs-wildcard.micros oft.com.edgekey.net.globalredi r.akadns.net, e16604.dscf.akam aiedge.net, arc.msn.com, fe3cr .delivery.mp.microsoft.com, cl ients2.google.com, redirector. gvt1.com, r4.sn-4g5edndr.gvt1. com, clients.l.google.com, www .gstatic.com, prod.fs.microsof t.com.akadns.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: https:
//kcs-sushi.top
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 9403 |
Entropy (8bit): | 5.752532981253593 |
Encrypted: | false |
SSDEEP: | 192:lG2LN6666VvmQr2gq/hG3tN6666Vy0URZJZN6666mh3GVrB3g+mCHWuE9R:lG2x6666lr2gqYH6666lU7R6666GNpu0 |
MD5: | AB12D3217CB82F672023B535DB2D3077 |
SHA1: | F9A8F9D1A83511A7C2D41E56EE19FED0A9633983 |
SHA-256: | BF77014288D96963C228F5747F13C97D01CA8535665C1B73991D5914152A742C |
SHA-512: | 8AB419A0E134BFA63C182F01287C8BDB3150D352357A75FE336A3F8664D716CEF406386B1D2047730D98F8EAB368135839C52843857921B7CA629B81385DCEB7 |
Malicious: | false |
Reputation: | low |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 75
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 19, 2025 12:57:27.485217094 CET | 49679 | 80 | 192.168.2.5 | 2.23.77.188 |
Mar 19, 2025 12:57:28.720057964 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 19, 2025 12:57:29.032104015 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 19, 2025 12:57:29.641452074 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 19, 2025 12:57:29.688330889 CET | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
Mar 19, 2025 12:57:30.844583988 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 19, 2025 12:57:32.297765970 CET | 49679 | 80 | 192.168.2.5 | 2.23.77.188 |
Mar 19, 2025 12:57:33.251107931 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 19, 2025 12:57:38.188153982 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 19, 2025 12:57:39.297774076 CET | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
Mar 19, 2025 12:57:41.041927099 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:41.041976929 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:41.042092085 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:41.042234898 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:41.042248011 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:41.078036070 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:41.078111887 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:41.079392910 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:41.079646111 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:41.126012087 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:41.907267094 CET | 49679 | 80 | 192.168.2.5 | 2.23.77.188 |
Mar 19, 2025 12:57:42.695513010 CET | 49725 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:42.695559978 CET | 443 | 49725 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:42.695838928 CET | 49726 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:42.695867062 CET | 443 | 49726 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:42.695877075 CET | 49725 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:42.695930004 CET | 49726 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:42.696131945 CET | 49725 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:42.696145058 CET | 443 | 49725 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:42.696315050 CET | 49726 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:42.696324110 CET | 443 | 49726 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:44.066221952 CET | 60218 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:44.071187019 CET | 53 | 60218 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:44.071290016 CET | 60218 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:44.071341991 CET | 60218 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:44.076606989 CET | 53 | 60218 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:44.089463949 CET | 53 | 60218 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:44.133791924 CET | 60218 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:44.255923033 CET | 60218 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:44.263060093 CET | 53 | 60218 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:44.263143063 CET | 60218 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:45.811691999 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:45.852356911 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854021072 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854075909 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854105949 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854134083 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:45.854136944 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854156017 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854178905 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:45.854193926 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854224920 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854235888 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:45.854243040 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.854300976 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:45.854305029 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.856829882 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:45.856889963 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:45.857599020 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.164 |
Mar 19, 2025 12:57:45.857623100 CET | 443 | 49724 | 142.250.186.164 | 192.168.2.5 |
Mar 19, 2025 12:57:47.789028883 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 19, 2025 12:57:58.799494982 CET | 443 | 49726 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:58.799523115 CET | 443 | 49725 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:58.799590111 CET | 49726 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.799614906 CET | 49725 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.799782038 CET | 49726 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.799803972 CET | 443 | 49726 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:58.800401926 CET | 60226 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.800450087 CET | 443 | 60226 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:58.800559998 CET | 60226 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.800678015 CET | 49725 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.800698996 CET | 443 | 49725 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:58.800899982 CET | 60227 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.800944090 CET | 443 | 60227 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:58.801106930 CET | 60226 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.801119089 CET | 443 | 60226 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:57:58.801568031 CET | 60227 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.801568031 CET | 60227 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:57:58.801601887 CET | 443 | 60227 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:04.026983976 CET | 57329 | 53 | 192.168.2.5 | 162.159.36.2 |
Mar 19, 2025 12:58:04.032098055 CET | 53 | 57329 | 162.159.36.2 | 192.168.2.5 |
Mar 19, 2025 12:58:04.032716990 CET | 57329 | 53 | 192.168.2.5 | 162.159.36.2 |
Mar 19, 2025 12:58:04.037652016 CET | 53 | 57329 | 162.159.36.2 | 192.168.2.5 |
Mar 19, 2025 12:58:04.049081087 CET | 57329 | 53 | 192.168.2.5 | 162.159.36.2 |
Mar 19, 2025 12:58:04.054574013 CET | 53 | 57329 | 162.159.36.2 | 192.168.2.5 |
Mar 19, 2025 12:58:04.054719925 CET | 57329 | 53 | 192.168.2.5 | 162.159.36.2 |
Mar 19, 2025 12:58:14.848213911 CET | 443 | 60227 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:14.848432064 CET | 60227 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:14.848778009 CET | 60227 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:14.848799944 CET | 443 | 60227 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:14.858038902 CET | 443 | 60226 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:14.858180046 CET | 60226 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:14.882395029 CET | 60226 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:14.882426977 CET | 443 | 60226 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:16.083921909 CET | 57337 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:16.083973885 CET | 443 | 57337 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:16.084033012 CET | 57337 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:16.084495068 CET | 57338 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:16.084522009 CET | 443 | 57338 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:16.084570885 CET | 57338 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:16.084737062 CET | 57337 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:16.084767103 CET | 443 | 57337 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:16.084856033 CET | 57338 | 443 | 192.168.2.5 | 107.172.5.158 |
Mar 19, 2025 12:58:16.084872007 CET | 443 | 57338 | 107.172.5.158 | 192.168.2.5 |
Mar 19, 2025 12:58:18.862689018 CET | 49691 | 80 | 192.168.2.5 | 142.250.185.99 |
Mar 19, 2025 12:58:18.862886906 CET | 49690 | 80 | 192.168.2.5 | 199.232.214.172 |
Mar 19, 2025 12:58:18.864464045 CET | 49692 | 80 | 192.168.2.5 | 199.232.214.172 |
Mar 19, 2025 12:58:18.870147943 CET | 80 | 49691 | 142.250.185.99 | 192.168.2.5 |
Mar 19, 2025 12:58:18.870166063 CET | 80 | 49690 | 199.232.214.172 | 192.168.2.5 |
Mar 19, 2025 12:58:18.870230913 CET | 49691 | 80 | 192.168.2.5 | 142.250.185.99 |
Mar 19, 2025 12:58:18.870235920 CET | 49690 | 80 | 192.168.2.5 | 199.232.214.172 |
Mar 19, 2025 12:58:18.870413065 CET | 80 | 49692 | 199.232.214.172 | 192.168.2.5 |
Mar 19, 2025 12:58:18.873126030 CET | 49692 | 80 | 192.168.2.5 | 199.232.214.172 |
Mar 19, 2025 12:58:19.947590113 CET | 49699 | 443 | 192.168.2.5 | 2.19.96.83 |
Mar 19, 2025 12:58:19.947768927 CET | 49700 | 80 | 192.168.2.5 | 2.23.77.188 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 19, 2025 12:57:36.760631084 CET | 53 | 64426 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:36.855021000 CET | 53 | 57473 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:36.950193882 CET | 53 | 61120 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:41.033448935 CET | 58996 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:41.033633947 CET | 52634 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:41.040740967 CET | 53 | 52634 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:41.040764093 CET | 53 | 58996 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:42.661685944 CET | 57947 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:42.665462971 CET | 57522 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:57:42.675658941 CET | 53 | 57947 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:42.817914963 CET | 53 | 57522 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:57:44.020482063 CET | 53 | 54436 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:58:04.026424885 CET | 53 | 60587 | 162.159.36.2 | 192.168.2.5 |
Mar 19, 2025 12:58:04.097851992 CET | 59484 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:58:04.108083963 CET | 53 | 59484 | 1.1.1.1 | 192.168.2.5 |
Mar 19, 2025 12:58:15.893728018 CET | 62559 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 19, 2025 12:58:16.082468033 CET | 53 | 62559 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 19, 2025 12:57:42.818025112 CET | 192.168.2.5 | 1.1.1.1 | c224 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 19, 2025 12:57:41.033448935 CET | 192.168.2.5 | 1.1.1.1 | 0xdaba | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 12:57:41.033633947 CET | 192.168.2.5 | 1.1.1.1 | 0xff6f | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 19, 2025 12:57:42.661685944 CET | 192.168.2.5 | 1.1.1.1 | 0x3022 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 12:57:42.665462971 CET | 192.168.2.5 | 1.1.1.1 | 0xd2b0 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 19, 2025 12:58:04.097851992 CET | 192.168.2.5 | 1.1.1.1 | 0xe576 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
Mar 19, 2025 12:58:15.893728018 CET | 192.168.2.5 | 1.1.1.1 | 0x49cd | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 19, 2025 12:57:41.040740967 CET | 1.1.1.1 | 192.168.2.5 | 0xff6f | No error (0) | 65 | IN (0x0001) | false | |||
Mar 19, 2025 12:57:41.040764093 CET | 1.1.1.1 | 192.168.2.5 | 0xdaba | No error (0) | 142.250.186.164 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 12:57:42.675658941 CET | 1.1.1.1 | 192.168.2.5 | 0x3022 | No error (0) | 107.172.5.158 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 12:58:04.108083963 CET | 1.1.1.1 | 192.168.2.5 | 0xe576 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Mar 19, 2025 12:58:16.082468033 CET | 1.1.1.1 | 192.168.2.5 | 0x49cd | No error (0) | 107.172.5.158 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49724 | 142.250.186.164 | 443 | 6984 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-19 11:57:45 UTC | 575 | OUT | |
2025-03-19 11:57:45 UTC | 1303 | IN | |
2025-03-19 11:57:45 UTC | 75 | IN | |
2025-03-19 11:57:45 UTC | 1378 | IN | |
2025-03-19 11:57:45 UTC | 1378 | IN | |
2025-03-19 11:57:45 UTC | 1378 | IN | |
2025-03-19 11:57:45 UTC | 1378 | IN | |
2025-03-19 11:57:45 UTC | 1378 | IN | |
2025-03-19 11:57:45 UTC | 1048 | IN | |
2025-03-19 11:57:45 UTC | 89 | IN | |
2025-03-19 11:57:45 UTC | 1322 | IN | |
2025-03-19 11:57:45 UTC | 5 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 07:57:30 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff742300000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 07:57:35 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff742300000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 07:57:37 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff742300000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 5 |
Start time: | 07:57:41 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff742300000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |