Windows
Analysis Report
http://e9ccawf5esyyffhp.premilkyway.com
Overview
Detection
Score: | 56 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 7012 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 6204 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2020,i ,487512521 9528698518 ,671917117 6563428912 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version= 20250306-1 83004.4290 00 --mojo- platform-c hannel-han dle=1988 / prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 7188 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= printing.m ojom.Unsan dboxedPrin tBackendHo st --lang= en-US --se rvice-sand box-type=n one --no-p re-read-ma in-dll --f ield-trial -handle=20 20,i,48751 2521952869 8518,67191 7117656342 8912,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction -- variations -seed-vers ion=202503 06-183004. 429000 --m ojo-platfo rm-channel -handle=49 84 /prefet ch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 7396 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://e9ccaw f5esyyffhp .premilkyw ay.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.251.40.164 | true | false | high | |
e9ccawf5esyyffhp.premilkyway.com | 217.147.172.104 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | unknown | ||
false | high | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.251.40.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
217.147.172.104 | e9ccawf5esyyffhp.premilkyway.com | Ukraine | 20853 | ETOP-ASPL | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1658937 |
Start date and time: | 2025-04-08 08:06:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://e9ccawf5esyyffhp.premilkyway.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@24/6@6/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, S IHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 199.232.210.172, 1 42.251.35.163, 142.250.80.110, 172.253.115.84, 142.251.32.11 0, 142.250.65.206, 142.250.65. 174, 142.251.40.174, 142.250.6 5.238, 142.251.40.206, 142.251 .40.110, 142.250.65.227, 142.2 51.40.131, 184.31.69.3, 172.20 2.163.200 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, edged l.me.gvt1.com, accounts.google .com, redirector.gvt1.com, sls cr.update.microsoft.com, updat e.googleapis.com, ctldl.window supdate.com, clientservices.go ogleapis.com, clients.l.google .com, c.pki.goog, fe3cr.delive ry.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: http:/
/e9ccawf5esyyffhp.premilkyway. com
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 9 |
Entropy (8bit): | 2.94770277922009 |
Encrypted: | false |
SSDEEP: | 3:Obn:Obn |
MD5: | 9D1EAD73E678FA2F51A70A933B0BF017 |
SHA1: | D205CBD6783332A212C5AE92D73C77178C2D2F28 |
SHA-256: | 0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5 |
SHA-512: | 935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34 |
Malicious: | false |
Reputation: | low |
URL: | https://e9ccawf5esyyffhp.premilkyway.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 138 |
Entropy (8bit): | 4.298358974402016 |
Encrypted: | false |
SSDEEP: | 3:qVvzLUROngsoMHXbvxL4AqWsMgs0U9ClITULLP61IWKBc4NGb:qFzLIigsoCXLx0AqWDgs01lIgLP8IWK4 |
MD5: | 0B8D672CB96B50A89E2FB404804F91A6 |
SHA1: | 604FE9D10D1975090C63AEAE820A7ED076F72948 |
SHA-256: | BF21A7489A5BBB1E04E6AD11A83E47C958B4DA1610A5C272C0D2DDD5822F47D2 |
SHA-512: | D7EC9C9C7EB519A96D67D3184C8D20511350951EF103E8973879A91EB9EF33CA3FBA8BED0F017271C7B3F19C76C63D3B6E8692E0FDF5F60D233D84C1B07C53A3 |
Malicious: | false |
Reputation: | low |
URL: | https://e9ccawf5esyyffhp.premilkyway.com/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 897 |
Entropy (8bit): | 5.190126773531937 |
Encrypted: | false |
SSDEEP: | 24:hVEMMWLQQ9KUr6BHslgT1d1uawBATNuPld7FN2t2t2t2t2t2t2tomffffffo:zZQIGKlgJXwBABudJFNYYYYYYYomfffw |
MD5: | 9E0F927CC7051E71CF75A3EA65920822 |
SHA1: | EAAB583C89B48AD952C13F4D788A26F5ACB171F5 |
SHA-256: | E7B925588737ED26BF75F23B27B1F78C93578AC064D07CC7B94C86E43FCBE14D |
SHA-512: | 731223364EFCE8676E0CCBFD778DAB2D683CA930E81BCA68376105C6922B58316A6DB28974F6FE8AE2BCCCF1BDB9D18B9E568423C5A3A7A4BC90E11128C03EB5 |
Malicious: | false |
Reputation: | low |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 65
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2025 08:06:57.670425892 CEST | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
Apr 8, 2025 08:07:02.482920885 CEST | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
Apr 8, 2025 08:07:04.224247932 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Apr 8, 2025 08:07:04.529795885 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Apr 8, 2025 08:07:05.139170885 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Apr 8, 2025 08:07:05.777496099 CEST | 49691 | 80 | 192.168.2.5 | 142.250.80.67 |
Apr 8, 2025 08:07:05.871984959 CEST | 80 | 49691 | 142.250.80.67 | 192.168.2.5 |
Apr 8, 2025 08:07:05.872097015 CEST | 49691 | 80 | 192.168.2.5 | 142.250.80.67 |
Apr 8, 2025 08:07:05.897092104 CEST | 49691 | 80 | 192.168.2.5 | 142.250.80.67 |
Apr 8, 2025 08:07:05.992388010 CEST | 80 | 49691 | 142.250.80.67 | 192.168.2.5 |
Apr 8, 2025 08:07:05.993216038 CEST | 80 | 49691 | 142.250.80.67 | 192.168.2.5 |
Apr 8, 2025 08:07:05.993386030 CEST | 80 | 49691 | 142.250.80.67 | 192.168.2.5 |
Apr 8, 2025 08:07:05.993444920 CEST | 49691 | 80 | 192.168.2.5 | 142.250.80.67 |
Apr 8, 2025 08:07:06.342288971 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Apr 8, 2025 08:07:06.440937996 CEST | 49691 | 80 | 192.168.2.5 | 142.250.80.67 |
Apr 8, 2025 08:07:06.536197901 CEST | 80 | 49691 | 142.250.80.67 | 192.168.2.5 |
Apr 8, 2025 08:07:06.588670969 CEST | 49691 | 80 | 192.168.2.5 | 142.250.80.67 |
Apr 8, 2025 08:07:08.749234915 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Apr 8, 2025 08:07:10.849718094 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:10.849761009 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:10.850045919 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:10.850045919 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:10.850078106 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:11.052745104 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:11.052812099 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:11.054074049 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:11.054081917 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:11.054321051 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:11.108005047 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:11.798301935 CEST | 49701 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:11.798610926 CEST | 49702 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:11.816679955 CEST | 49703 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:11.816730022 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:11.816993952 CEST | 49703 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:11.817558050 CEST | 49703 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:11.817569017 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.012180090 CEST | 80 | 49702 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.012264013 CEST | 80 | 49701 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.094274998 CEST | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
Apr 8, 2025 08:07:12.455632925 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.455718040 CEST | 49703 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.456862926 CEST | 49703 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.456877947 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.457139015 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.457438946 CEST | 49703 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.500279903 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.517584085 CEST | 49702 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.517750025 CEST | 49701 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.729362011 CEST | 80 | 49702 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.729999065 CEST | 80 | 49701 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.865626097 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.865701914 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.865803957 CEST | 49703 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.867011070 CEST | 49703 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.867034912 CEST | 443 | 49703 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.971385002 CEST | 49704 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.971441031 CEST | 443 | 49704 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:12.971571922 CEST | 49704 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.971719980 CEST | 49704 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:12.971731901 CEST | 443 | 49704 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:13.235519886 CEST | 49701 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:13.235560894 CEST | 49702 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:13.452785969 CEST | 80 | 49701 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:13.452810049 CEST | 80 | 49702 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:13.551793098 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Apr 8, 2025 08:07:13.612981081 CEST | 443 | 49704 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:13.659027100 CEST | 49704 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:13.660681009 CEST | 49704 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:13.660692930 CEST | 443 | 49704 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:13.660859108 CEST | 49704 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:13.660866022 CEST | 443 | 49704 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:13.959491014 CEST | 49701 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:13.959614992 CEST | 49702 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:14.028337955 CEST | 443 | 49704 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:14.028419971 CEST | 443 | 49704 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:14.028489113 CEST | 49704 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:14.034617901 CEST | 49704 | 443 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:14.034641981 CEST | 443 | 49704 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:14.173669100 CEST | 80 | 49702 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:14.173691034 CEST | 80 | 49701 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:14.687828064 CEST | 49701 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:14.687956095 CEST | 49702 | 80 | 192.168.2.5 | 217.147.172.104 |
Apr 8, 2025 08:07:14.899003983 CEST | 80 | 49701 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:14.899038076 CEST | 80 | 49702 | 217.147.172.104 | 192.168.2.5 |
Apr 8, 2025 08:07:15.367465973 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:15.408269882 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:15.486821890 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:15.488703012 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:15.488774061 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:15.490161896 CEST | 49700 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:07:15.490180969 CEST | 443 | 49700 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:07:23.155384064 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Apr 8, 2025 08:08:06.639116049 CEST | 49691 | 80 | 192.168.2.5 | 142.250.80.67 |
Apr 8, 2025 08:08:06.733448982 CEST | 80 | 49691 | 142.250.80.67 | 192.168.2.5 |
Apr 8, 2025 08:08:06.733503103 CEST | 49691 | 80 | 192.168.2.5 | 142.250.80.67 |
Apr 8, 2025 08:08:10.813697100 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:08:10.813747883 CEST | 443 | 49714 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:08:10.813828945 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:08:10.813999891 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:08:10.814006090 CEST | 443 | 49714 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:08:11.011647940 CEST | 443 | 49714 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:08:11.011944056 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:08:11.012021065 CEST | 443 | 49714 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:08:21.054827929 CEST | 443 | 49714 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:08:21.054889917 CEST | 443 | 49714 | 142.251.40.164 | 192.168.2.5 |
Apr 8, 2025 08:08:21.054944992 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:08:22.689369917 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.164 |
Apr 8, 2025 08:08:22.689409018 CEST | 443 | 49714 | 142.251.40.164 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2025 08:07:06.313232899 CEST | 53 | 59915 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:06.477689981 CEST | 53 | 54402 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:07.169136047 CEST | 53 | 61174 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:10.749552011 CEST | 50721 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2025 08:07:10.749753952 CEST | 56545 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2025 08:07:10.848392010 CEST | 53 | 56545 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:10.848417044 CEST | 53 | 50721 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:11.694183111 CEST | 49713 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2025 08:07:11.694520950 CEST | 59221 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2025 08:07:11.711668015 CEST | 63790 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2025 08:07:11.711842060 CEST | 65353 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2025 08:07:11.794706106 CEST | 53 | 49713 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:11.796295881 CEST | 53 | 59221 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:11.814110041 CEST | 53 | 63790 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:11.814377069 CEST | 53 | 65353 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:24.263241053 CEST | 53 | 56477 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:07:42.988750935 CEST | 53 | 57193 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:08:04.785619974 CEST | 138 | 138 | 192.168.2.5 | 192.168.2.255 |
Apr 8, 2025 08:08:05.489176035 CEST | 53 | 59454 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:08:06.149708986 CEST | 53 | 58747 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2025 08:08:09.177805901 CEST | 53 | 49642 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 8, 2025 08:07:10.749552011 CEST | 192.168.2.5 | 1.1.1.1 | 0xbeaf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2025 08:07:10.749753952 CEST | 192.168.2.5 | 1.1.1.1 | 0x3d48 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 8, 2025 08:07:11.694183111 CEST | 192.168.2.5 | 1.1.1.1 | 0x23b5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2025 08:07:11.694520950 CEST | 192.168.2.5 | 1.1.1.1 | 0x782 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 8, 2025 08:07:11.711668015 CEST | 192.168.2.5 | 1.1.1.1 | 0x70f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2025 08:07:11.711842060 CEST | 192.168.2.5 | 1.1.1.1 | 0x8c6b | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 8, 2025 08:07:10.848392010 CEST | 1.1.1.1 | 192.168.2.5 | 0x3d48 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 8, 2025 08:07:10.848417044 CEST | 1.1.1.1 | 192.168.2.5 | 0xbeaf | No error (0) | 142.251.40.164 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2025 08:07:11.794706106 CEST | 1.1.1.1 | 192.168.2.5 | 0x23b5 | No error (0) | 217.147.172.104 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2025 08:07:11.814110041 CEST | 1.1.1.1 | 192.168.2.5 | 0x70f4 | No error (0) | 217.147.172.104 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.5 | 49691 | 142.250.80.67 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2025 08:07:05.897092104 CEST | 202 | OUT | |
Apr 8, 2025 08:07:05.993216038 CEST | 1254 | IN | |
Apr 8, 2025 08:07:05.993386030 CEST | 1199 | IN | |
Apr 8, 2025 08:07:06.440937996 CEST | 200 | OUT | |
Apr 8, 2025 08:07:06.536197901 CEST | 1243 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49703 | 217.147.172.104 | 443 | 6204 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-08 06:07:12 UTC | 682 | OUT | |
2025-04-08 06:07:12 UTC | 311 | IN | |
2025-04-08 06:07:12 UTC | 138 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49704 | 217.147.172.104 | 443 | 6204 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-08 06:07:13 UTC | 627 | OUT | |
2025-04-08 06:07:14 UTC | 176 | IN | |
2025-04-08 06:07:14 UTC | 9 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49700 | 142.251.40.164 | 443 | 6204 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-08 06:07:15 UTC | 575 | OUT | |
2025-04-08 06:07:15 UTC | 1303 | IN | |
2025-04-08 06:07:15 UTC | 904 | IN | |
2025-04-08 06:07:15 UTC | 5 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 02:07:01 |
Start date: | 08/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c24c0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 02:07:04 |
Start date: | 08/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c24c0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 7 |
Start time: | 02:07:07 |
Start date: | 08/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c24c0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 10 |
Start time: | 02:07:10 |
Start date: | 08/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c24c0000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |