Windows
Analysis Report
https://primakovreadings.info
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 1340 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 5660 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2300,i ,933174564 3516107620 ,181162873 5768224932 1,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2328 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 6792 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://prima kovreading s.info" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.251.40.132 | true | false | high | |
primakovreadings.info | 188.40.151.88 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.40.151.88 | primakovreadings.info | Germany | 24940 | HETZNER-ASDE | false | |
142.251.40.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1649969 |
Start date and time: | 2025-03-27 10:33:43 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://primakovreadings.info |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@22/0@4/3 |
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis
(whitelisted): sppsvc.exe, SIH Client.exe, SgrmBroker.exe, sv chost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.80.99, 142 .250.81.238, 172.253.63.84, 14 2.250.65.238, 199.232.38.172, 23.204.23.20, 172.202.163.200 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, accou nts.google.com, redirector.gvt 1.com, slscr.update.microsoft. com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.g oog, fe3cr.delivery.mp.microso ft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: https:
//primakovreadings.info
Download Network PCAP: filtered – full
- Total Packets: 75
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 27, 2025 10:34:34.388576031 CET | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 27, 2025 10:34:41.429830074 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 27, 2025 10:34:41.787795067 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 27, 2025 10:34:42.529752970 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 27, 2025 10:34:43.732058048 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 27, 2025 10:34:43.997642994 CET | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Mar 27, 2025 10:34:45.417330980 CET | 49723 | 443 | 192.168.2.4 | 142.251.40.132 |
Mar 27, 2025 10:34:45.417361021 CET | 443 | 49723 | 142.251.40.132 | 192.168.2.4 |
Mar 27, 2025 10:34:45.417486906 CET | 49723 | 443 | 192.168.2.4 | 142.251.40.132 |
Mar 27, 2025 10:34:45.417629957 CET | 49723 | 443 | 192.168.2.4 | 142.251.40.132 |
Mar 27, 2025 10:34:45.417639017 CET | 443 | 49723 | 142.251.40.132 | 192.168.2.4 |
Mar 27, 2025 10:34:45.609563112 CET | 443 | 49723 | 142.251.40.132 | 192.168.2.4 |
Mar 27, 2025 10:34:45.609642982 CET | 49723 | 443 | 192.168.2.4 | 142.251.40.132 |
Mar 27, 2025 10:34:45.610965967 CET | 49723 | 443 | 192.168.2.4 | 142.251.40.132 |
Mar 27, 2025 10:34:45.610972881 CET | 443 | 49723 | 142.251.40.132 | 192.168.2.4 |
Mar 27, 2025 10:34:45.611211061 CET | 443 | 49723 | 142.251.40.132 | 192.168.2.4 |
Mar 27, 2025 10:34:45.653745890 CET | 49723 | 443 | 192.168.2.4 | 142.251.40.132 |
Mar 27, 2025 10:34:46.138353109 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 27, 2025 10:34:48.488434076 CET | 49725 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.488456011 CET | 443 | 49725 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.488565922 CET | 49725 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.488733053 CET | 49725 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.488744020 CET | 443 | 49725 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.489195108 CET | 49726 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.489233971 CET | 443 | 49726 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.489459991 CET | 49726 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.489459991 CET | 49726 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.489497900 CET | 443 | 49726 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.664530039 CET | 443 | 49725 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.664927006 CET | 443 | 49726 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.665267944 CET | 49727 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.665299892 CET | 443 | 49727 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.665365934 CET | 49727 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.665783882 CET | 49728 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.665823936 CET | 443 | 49728 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.665889978 CET | 49728 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.666007996 CET | 49727 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.666024923 CET | 443 | 49727 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.666126013 CET | 49728 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:48.666136026 CET | 443 | 49728 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.841506958 CET | 443 | 49727 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:48.842483997 CET | 443 | 49728 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:49.920806885 CET | 49732 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:49.920842886 CET | 443 | 49732 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:49.920900106 CET | 49732 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:49.921026945 CET | 49733 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:49.921060085 CET | 443 | 49733 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:49.921107054 CET | 49733 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:49.921370983 CET | 49732 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:49.921385050 CET | 443 | 49732 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:49.921529055 CET | 49733 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:49.921541929 CET | 443 | 49733 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.097800970 CET | 443 | 49733 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.098252058 CET | 443 | 49732 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.098362923 CET | 49734 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:50.098436117 CET | 443 | 49734 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.098510027 CET | 49734 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:50.098814011 CET | 49735 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:50.098882914 CET | 443 | 49735 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.098922968 CET | 49734 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:50.098949909 CET | 443 | 49734 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.098958015 CET | 49735 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:50.099550962 CET | 49735 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:50.099575043 CET | 443 | 49735 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.170990944 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 27, 2025 10:34:50.275475025 CET | 443 | 49734 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.276024103 CET | 443 | 49735 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:50.482180119 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 27, 2025 10:34:50.940004110 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Mar 27, 2025 10:34:51.096293926 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 27, 2025 10:34:52.309861898 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 27, 2025 10:34:54.715737104 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 27, 2025 10:34:55.308084965 CET | 49737 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.308120012 CET | 443 | 49737 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.308151960 CET | 49736 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.308183908 CET | 443 | 49736 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.308352947 CET | 49737 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.308388948 CET | 49736 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.312472105 CET | 49736 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.312490940 CET | 443 | 49736 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.312521935 CET | 49737 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.312561989 CET | 443 | 49737 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.488718987 CET | 443 | 49736 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.488987923 CET | 443 | 49737 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.489413977 CET | 49739 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.489439964 CET | 443 | 49739 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.489860058 CET | 49740 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.489867926 CET | 443 | 49740 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.489943027 CET | 49739 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.489943027 CET | 49740 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.490180016 CET | 49739 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.490180016 CET | 49740 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:55.490190983 CET | 443 | 49739 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.490206957 CET | 443 | 49740 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.618884087 CET | 443 | 49723 | 142.251.40.132 | 192.168.2.4 |
Mar 27, 2025 10:34:55.618959904 CET | 443 | 49723 | 142.251.40.132 | 192.168.2.4 |
Mar 27, 2025 10:34:55.619869947 CET | 49723 | 443 | 192.168.2.4 | 142.251.40.132 |
Mar 27, 2025 10:34:55.665712118 CET | 443 | 49739 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.665712118 CET | 443 | 49740 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:55.708440065 CET | 49723 | 443 | 192.168.2.4 | 142.251.40.132 |
Mar 27, 2025 10:34:55.708467960 CET | 443 | 49723 | 142.251.40.132 | 192.168.2.4 |
Mar 27, 2025 10:34:58.824807882 CET | 49747 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:58.824847937 CET | 443 | 49747 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:58.824964046 CET | 49747 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:58.825201988 CET | 49748 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:58.825210094 CET | 443 | 49748 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:58.825344086 CET | 49748 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:58.825787067 CET | 49747 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:58.825787067 CET | 49748 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:58.825803995 CET | 443 | 49747 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:58.825819016 CET | 443 | 49748 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.000721931 CET | 443 | 49747 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.001177073 CET | 49749 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:59.001211882 CET | 443 | 49749 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.001276016 CET | 49749 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:59.001415968 CET | 443 | 49748 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.001420021 CET | 49749 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:59.001435995 CET | 443 | 49749 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.001751900 CET | 49750 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:59.001784086 CET | 443 | 49750 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.002080917 CET | 49750 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:59.002171040 CET | 49750 | 443 | 192.168.2.4 | 188.40.151.88 |
Mar 27, 2025 10:34:59.002188921 CET | 443 | 49750 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.178942919 CET | 443 | 49749 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.179482937 CET | 443 | 49750 | 188.40.151.88 | 192.168.2.4 |
Mar 27, 2025 10:34:59.524857044 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Mar 27, 2025 10:35:00.544797897 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 27, 2025 10:34:42.281147003 CET | 53 | 64999 | 1.1.1.1 | 192.168.2.4 |
Mar 27, 2025 10:34:42.375674963 CET | 53 | 59188 | 1.1.1.1 | 192.168.2.4 |
Mar 27, 2025 10:34:42.985152960 CET | 53 | 54982 | 1.1.1.1 | 192.168.2.4 |
Mar 27, 2025 10:34:43.148921013 CET | 53 | 60267 | 1.1.1.1 | 192.168.2.4 |
Mar 27, 2025 10:34:45.330945015 CET | 59922 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 27, 2025 10:34:45.331130981 CET | 52781 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 27, 2025 10:34:45.415736914 CET | 53 | 59922 | 1.1.1.1 | 192.168.2.4 |
Mar 27, 2025 10:34:45.415754080 CET | 53 | 52781 | 1.1.1.1 | 192.168.2.4 |
Mar 27, 2025 10:34:48.171156883 CET | 56272 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 27, 2025 10:34:48.171370983 CET | 58211 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 27, 2025 10:34:48.344043970 CET | 53 | 58211 | 1.1.1.1 | 192.168.2.4 |
Mar 27, 2025 10:34:48.487427950 CET | 53 | 56272 | 1.1.1.1 | 192.168.2.4 |
Mar 27, 2025 10:35:00.162206888 CET | 53 | 57567 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 27, 2025 10:34:45.330945015 CET | 192.168.2.4 | 1.1.1.1 | 0xc54b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 10:34:45.331130981 CET | 192.168.2.4 | 1.1.1.1 | 0xd567 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 27, 2025 10:34:48.171156883 CET | 192.168.2.4 | 1.1.1.1 | 0x60a5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 27, 2025 10:34:48.171370983 CET | 192.168.2.4 | 1.1.1.1 | 0x2439 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 27, 2025 10:34:45.415736914 CET | 1.1.1.1 | 192.168.2.4 | 0xc54b | No error (0) | 142.251.40.132 | A (IP address) | IN (0x0001) | false | ||
Mar 27, 2025 10:34:45.415754080 CET | 1.1.1.1 | 192.168.2.4 | 0xd567 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 27, 2025 10:34:48.487427950 CET | 1.1.1.1 | 192.168.2.4 | 0x60a5 | No error (0) | 188.40.151.88 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 05:34:38 |
Start date: | 27/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 05:34:40 |
Start date: | 27/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 05:34:47 |
Start date: | 27/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |