Windows
Analysis Report
http://6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Confidence: | 20% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5900 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 4100 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2328,i ,613406179 9270259057 ,109415473 4851428508 4,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2320 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF) msdt.exe (PID: 1208 cmdline:
-modal "6 6320" -ski p TRUE -pa th "C:\Win dows\diagn ostics\sys tem\networ king" -af "C:\Users\ user\AppDa ta\Local\T emp\NDF611 .tmp" -ep "NetworkDi agnosticsW eb" MD5: 3AE6BFDF0257B303EDD695DA183C8462)
chrome.exe (PID: 6848 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://6e07da 23603fbe5b 26755df5b8 fec19cadf1 f7001b1558 ea4f12e202 71263417" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | Binary string: |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 12 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Timestomp | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 192.178.49.206 | true | false | high | |
www.google.com | 192.178.49.164 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.178.49.164 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1670411 |
Start date and time: | 2025-04-21 17:51:17 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 24s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | UNKNOWN |
Classification: | unknown3.win@23/14@4/2 |
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis
(whitelisted): sdiagnhost.exe, sppsvc.exe, SIHClient.exe, Sg rmBroker.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 192.178.49.206, 19 2.178.49.195, 142.251.2.84, 19 2.178.49.174, 184.29.183.29, 4 .245.163.56 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, accou nts.google.com, redirector.gvt 1.com, slscr.update.microsoft. com, clientservices.googleapis .com, clients.l.google.com, fe 3cr.delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtProtectVirtualMemory calls found. - VT rate limit hit for: http:/
/6e07da23603fbe5b26755df5b8fec 19cadf1f7001b1558ea4f12e202712 63417
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167016 |
Entropy (8bit): | 4.413051981071322 |
Encrypted: | false |
SSDEEP: | 384:X+BeLgtgFgQg7rgZgp3vFD2smEtttbkcL5Of8hj1fVh1f8hWqEfVhnq2fVhMfxhd:XLgtgFgQg7rgZgplP/s |
MD5: | 0606098A37089BDC9D644DEE1CC1CD78 |
SHA1: | CADAE9623A27BD22771BAB9D26B97226E8F2318B |
SHA-256: | 284A7A8525B1777BDBC194FA38D28CD9EE91C2CBC7856F5968E79667C6B62A9D |
SHA-512: | 0711E2FEF9FDE17B87F3F6AF1442BD46B4C86BB61C8519548B89C7A61DFCF734196DDF2D90E586D486A3B33F672A99379E8205C240BD4BCB23625FFB22936443 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 489984 |
Entropy (8bit): | 7.291387835559217 |
Encrypted: | false |
SSDEEP: | 6144:LZC0lEOC2Us6eEyAc0jbJYOjlCLHUZQsxjuaJ7oSEvcdfSc0jbJYOjlCLHUZQ:LZFLUe6vJ/wLIvavyfEvJ/wLI |
MD5: | EF3F72E162CFA6C082007672655CAE8A |
SHA1: | F6BE37340CDED395EF7C3DAB103DE4E061B05806 |
SHA-256: | 5A04D9F78BEF844FEE2FEC65610E12DB59CEFAA63544F3045401597AAE753B3C |
SHA-512: | B63D884525CC747D4DEB1335BF31A27248DD612BE9D8A1F6CA7C5F5A795964AC3B8868994CDE1EC5CD0F4C537E00EC56FB45D5250F3BEC1BFA13EE4AA1F9C52C |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 951 |
Entropy (8bit): | 5.0857751193503695 |
Encrypted: | false |
SSDEEP: | 24:Qb3DQ7NOepjIAflbfjbgTRmW26S1pGCXGiVd/ZF2GRaesBFw:mDzepZtjBtRRbCUae2q |
MD5: | C25ED2111C6EE9299E6D9BF51012F2F5 |
SHA1: | 2DEFBB5A2758AF744E3DD8AF3A4AA153A28E4713 |
SHA-256: | 8E326EE0475208D4C943D885035058FAD7146BBA02B66305F7C9F31F6A57E81B |
SHA-512: | AAC97463868162FE042748A279C38F6FB569E971E0CC0339D1A8969A7F5633EF7377B6F7DCFAE94BDD2BF96BBFF454B607EE8D7573E1C3C9569269FE82671D9E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 770 |
Entropy (8bit): | 5.043368661106705 |
Encrypted: | false |
SSDEEP: | 24:Qb3DQ7NcIKGlbfjbgTRmW26S1pGK/KrGFxw:mDl4jBtPKH |
MD5: | 25B8543DBF571F040118423BC3C7A75E |
SHA1: | 49044724698E6964DC93ACF5BEE2A77B8EAD4133 |
SHA-256: | D78E6291D6F27AC6FEBDCF0A4D5A34521E7F033AF8875E026DF21BA7513AB64A |
SHA-512: | EC991FF552C1012209940CDCB081D64876B7989C56F07739B392DAAE9BCABA883B45AA90D50BEF31F276A9CD8492EE2B9DB700CD5E20E7B17BA43D98EC394DF5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9728 |
Entropy (8bit): | 5.0031830583187595 |
Encrypted: | false |
SSDEEP: | 192:dXcso4xinzRCxtd3wz5AstHq9Y2f0mWjeLNW:dXckCMPGz9ZYWC5W |
MD5: | 502A165A5058F93FA7F84A9FB52887CD |
SHA1: | 43C723564649244A9FB28EDFEC83F0330420CEB1 |
SHA-256: | 818DD25A449FEB9D30A108550940D3729FF1C83A8957049AA5E5EE56C89573DB |
SHA-512: | A3B2B5A5D75DBBA17348FBECE170FB94E1406789724CC35FBDE36CAC55C58310F08E580E3FE5E9D7F306DE4FD579B69704CBD5B43D048CDA0B24CEED37770163 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12213 |
Entropy (8bit): | 4.649249749706581 |
Encrypted: | false |
SSDEEP: | 192:eLXYPXsa+OjfI9HIufxAey+3OG78/ce+eT5WjifrM+BK:VPXaifqdfxAey+ecmAu7k |
MD5: | D213491A2D74B38A9535D616B9161217 |
SHA1: | BDE94742D1E769638E2DE84DFB099F797ADCC217 |
SHA-256: | 4662C3C94E0340A243C2A39CA8A88FD9F65C74FB197644A11D4FFCAE6B191211 |
SHA-512: | 5FD8B91B27935711495934E5D7CA14F9DD72BC40A38072595879EF334A47F99E0608087DDC62668C6F783938D9F22A3688C5CDEF3A9AD6C3575F3CFA5A3B0104 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25783 |
Entropy (8bit): | 4.500605198321576 |
Encrypted: | false |
SSDEEP: | 384:blSoNnCiXTShob5bdVTz6rZTvxlBNexTKmh+xdxBUNQGJ:xSoTh8Jq |
MD5: | 2857343E8845EADB9B60CA0727CBDCB7 |
SHA1: | 82A5533B3739504C72F9DCE7D353845B35037DEE |
SHA-256: | 06D927AE1DB217378EA77146FDCCA66D1F1F6D90780B734B8748D1052FBD8B86 |
SHA-512: | 56B09BFBFF32B43DDD8E4636A485AF111B6DBFA2B7181299A22A3D007CF87DF0B09433100DC693C81C4F746A40F42FC51C75436511BE26270B8D84F7AC8EAD7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11079 |
Entropy (8bit): | 4.751587059666952 |
Encrypted: | false |
SSDEEP: | 192:YORm9mJWriv3iriv3oyriv3vgriv3qB3b8FnHayrBJckzrSartt0qF+rSG/rSurT:YORm9mJDv33v3oHv3lv3qB3b8FnHrrBA |
MD5: | 9B222D8EC4B20860F10EBF303035B984 |
SHA1: | B30EEA35C2516AFCAB2C49EF6531AF94EFAF7E1A |
SHA-256: | A32E13DA40AC4B9E1DAC7DD28BC1D25E2F2136B61FF93BE943018B20796F15BC |
SHA-512: | 8331337CCB6E3137B01AEEC03E6921FD3B9E56C44FA1B17545AE5C7BFCDD39FCD8A90192884B3A82F56659009E24B63CE7F500E8766FD01E8D4E60A52DE0FE67 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 567 |
Entropy (8bit): | 4.837302167759307 |
Encrypted: | false |
SSDEEP: | 12:QcM3BFN+7bxAPe/LACrfgjvj5s8x8i9OoXdEgnc8x8i9OoXdQIx:Qb3DQ7FMejjbgTNhii9dXDxii9dXOe |
MD5: | A660422059D953C6D681B53A6977100E |
SHA1: | 0C95DD05514D062354C0EECC9AE8D437123305BB |
SHA-256: | D19677234127C38A52AEC23686775A8EB3F4E3A406F4A11804D97602D6C31813 |
SHA-512: | 26F8CF9AC95FF649ECC2ED349BC6C7C3A04B188594D5C3289AF8F2768AB59672BC95FFEFCC83ED3FFA44EDD0AFEB16A4C2490E633A89FCE7965843674D94B523 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54687 |
Entropy (8bit): | 4.91902609892868 |
Encrypted: | false |
SSDEEP: | 768:AaDgc60FE2UMeV6HQEqEVBWMBaRNdKdNh5BIW6Mk7svkxtFJuAQQW:j0a4bKcW6MkcSuj |
MD5: | C912FAA190464CE7DEC867464C35A8DC |
SHA1: | D1C6482DAD37720DB6BDC594C4757914D1B1DD70 |
SHA-256: | 3891846307AA9E83BCA66B13198455AF72AF45BF721A2FBD41840D47E2A91201 |
SHA-512: | 5C34352D36459FD8FCDA5B459A2E48601A033AF31D802A90ED82C443A5A346B9480880D30C64DB7AD0E4A8C35B98C98F69ECEEDAD72F2A70D9C6CCA74DCE826A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3011 |
Entropy (8bit): | 5.393839415081681 |
Encrypted: | false |
SSDEEP: | 48:mDqbURueqlXC2ay3g+rAgeNTFNe5L9tkYnNn2E8/UBUyuzoth1GlB:mD+UR6XC2az4MjY5L9VnNnIUBUyuzoti |
MD5: | 0C75AE5E75C3E181D13768909C8240BA |
SHA1: | 288403FC4BEDAACEBCCF4F74D3073F082EF70EB9 |
SHA-256: | DE5C231C645D3AE1E13694284997721509F5DE64EE5C96C966CDFDA9E294DB3F |
SHA-512: | 8FC944515F41A837C61A6C4E5181CA273607A89E48FBF86CF8EB8DB837AED095AA04FC3043029C3B5CB3710D59ABFD86F086AC198200F634BFB1A5DD0823406B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17408 |
Entropy (8bit): | 3.463167967348922 |
Encrypted: | false |
SSDEEP: | 96:40OJmd+VoozojEIjPe/dQTVOd5hvhHyHMVqz+4MEvTLGlyQzwv7KCbVeog3+yt41:40njnexdUMR4wgK+gWlTWy |
MD5: | 42924954580FC0B97147D18CBD9064A2 |
SHA1: | E02B93D36214FB4A98AA9B4711920541C78D5B26 |
SHA-256: | B03FC44FCB28F039F94AC63B44617E04071D1DC5A5CD15E187AA806A085EF31A |
SHA-512: | 0B2737EE5C21538B120FD975850E7899F7F1B8B7FEC49B5E9F807EBFAE62DA3EB333CDBDB65912BACA43B39D63AFBE1258C8C54CC7E8A313D108339778585B73 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5378 |
Entropy (8bit): | 3.527173963273437 |
Encrypted: | false |
SSDEEP: | 96:i30smw/9nwbgDwlwn0iYveuQzRYkwj0pD+EijvxFvXG5B9c1rO4L:i30sZYlGe3vGfw |
MD5: | B2780BE67C909635DAEC96B9C909EC54 |
SHA1: | F4A8562D46548CBF091EB5230D2A6A3C5859BA3E |
SHA-256: | 0E7173882297619CE2097133B9D5C69D69B29997C39A5CBC4A88247C580642C5 |
SHA-512: | 8576D3313963A814870995FDE92F739A786ED7F93578F190DE07308E1DD66A8F511D4E06733298A250AAF48B64404DE4F99B03079B97FC33CDC3C798EAD0AFD0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48956 |
Entropy (8bit): | 5.103589775370961 |
Encrypted: | false |
SSDEEP: | 768:hUeTHmb0+tk+Ci10ycNV6OW9a+KDoVxrVF+bBH0t9mYNJ7u2+d:hUcHXDY10tNV6OW9abDoVxrVF+bBH0tO |
MD5: | 310E1DA2344BA6CA96666FB639840EA9 |
SHA1: | E8694EDF9EE68782AA1DE05470B884CC1A0E1DED |
SHA-256: | 67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C |
SHA-512: | 62AB361FFEA1F0B6FF1CC76C74B8E20C2499D72F3EB0C010D47DBA7E6D723F9948DBA3397EA26241A1A995CFFCE2A68CD0AAA1BB8D917DD8F4C8F3729FA6D244 |
Malicious: | false |
Reputation: | low |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 21
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 21, 2025 17:52:08.414371014 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 21, 2025 17:52:10.242508888 CEST | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 21, 2025 17:52:15.621654987 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 21, 2025 17:52:15.961230993 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 21, 2025 17:52:16.665936947 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 21, 2025 17:52:17.905675888 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 21, 2025 17:52:18.023715973 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 21, 2025 17:52:19.846237898 CEST | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 21, 2025 17:52:20.424772978 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 21, 2025 17:52:21.185610056 CEST | 49731 | 443 | 192.168.2.4 | 192.178.49.164 |
Apr 21, 2025 17:52:21.185662031 CEST | 443 | 49731 | 192.178.49.164 | 192.168.2.4 |
Apr 21, 2025 17:52:21.185758114 CEST | 49731 | 443 | 192.168.2.4 | 192.178.49.164 |
Apr 21, 2025 17:52:21.186012983 CEST | 49731 | 443 | 192.168.2.4 | 192.178.49.164 |
Apr 21, 2025 17:52:21.186028004 CEST | 443 | 49731 | 192.178.49.164 | 192.168.2.4 |
Apr 21, 2025 17:52:21.508464098 CEST | 443 | 49731 | 192.178.49.164 | 192.168.2.4 |
Apr 21, 2025 17:52:21.508544922 CEST | 49731 | 443 | 192.168.2.4 | 192.178.49.164 |
Apr 21, 2025 17:52:21.509910107 CEST | 49731 | 443 | 192.168.2.4 | 192.178.49.164 |
Apr 21, 2025 17:52:21.509922028 CEST | 443 | 49731 | 192.178.49.164 | 192.168.2.4 |
Apr 21, 2025 17:52:21.510163069 CEST | 443 | 49731 | 192.178.49.164 | 192.168.2.4 |
Apr 21, 2025 17:52:21.554522991 CEST | 49731 | 443 | 192.168.2.4 | 192.178.49.164 |
Apr 21, 2025 17:52:24.290152073 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 21, 2025 17:52:24.601996899 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 21, 2025 17:52:25.211404085 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 21, 2025 17:52:25.227035046 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 21, 2025 17:52:26.413923979 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 21, 2025 17:52:28.820405960 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 21, 2025 17:52:31.488523006 CEST | 443 | 49731 | 192.178.49.164 | 192.168.2.4 |
Apr 21, 2025 17:52:31.488579988 CEST | 443 | 49731 | 192.178.49.164 | 192.168.2.4 |
Apr 21, 2025 17:52:31.488786936 CEST | 49731 | 443 | 192.168.2.4 | 192.178.49.164 |
Apr 21, 2025 17:52:32.073244095 CEST | 49731 | 443 | 192.168.2.4 | 192.178.49.164 |
Apr 21, 2025 17:52:32.073287964 CEST | 443 | 49731 | 192.178.49.164 | 192.168.2.4 |
Apr 21, 2025 17:52:33.633321047 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 21, 2025 17:52:34.836548090 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 21, 2025 17:52:17.104454041 CEST | 53 | 55093 | 1.1.1.1 | 192.168.2.4 |
Apr 21, 2025 17:52:17.171650887 CEST | 53 | 56866 | 1.1.1.1 | 192.168.2.4 |
Apr 21, 2025 17:52:18.316576958 CEST | 53 | 53778 | 1.1.1.1 | 192.168.2.4 |
Apr 21, 2025 17:52:21.040462971 CEST | 65415 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 21, 2025 17:52:21.040783882 CEST | 54540 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 21, 2025 17:52:21.183851004 CEST | 53 | 65415 | 1.1.1.1 | 192.168.2.4 |
Apr 21, 2025 17:52:21.183872938 CEST | 53 | 54540 | 1.1.1.1 | 192.168.2.4 |
Apr 21, 2025 17:52:22.330720901 CEST | 50575 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 21, 2025 17:52:22.330990076 CEST | 50874 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 21, 2025 17:52:22.472920895 CEST | 53 | 50874 | 1.1.1.1 | 192.168.2.4 |
Apr 21, 2025 17:52:22.488168001 CEST | 53 | 50575 | 8.8.8.8 | 192.168.2.4 |
Apr 21, 2025 17:52:35.385199070 CEST | 53 | 58175 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 21, 2025 17:52:21.040462971 CEST | 192.168.2.4 | 1.1.1.1 | 0x5dd7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 21, 2025 17:52:21.040783882 CEST | 192.168.2.4 | 1.1.1.1 | 0x146e | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 21, 2025 17:52:22.330720901 CEST | 192.168.2.4 | 8.8.8.8 | 0xf240 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 21, 2025 17:52:22.330990076 CEST | 192.168.2.4 | 1.1.1.1 | 0x6c29 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 21, 2025 17:52:21.183851004 CEST | 1.1.1.1 | 192.168.2.4 | 0x5dd7 | No error (0) | 192.178.49.164 | A (IP address) | IN (0x0001) | false | ||
Apr 21, 2025 17:52:21.183872938 CEST | 1.1.1.1 | 192.168.2.4 | 0x146e | No error (0) | 65 | IN (0x0001) | false | |||
Apr 21, 2025 17:52:22.472920895 CEST | 1.1.1.1 | 192.168.2.4 | 0x6c29 | No error (0) | 192.178.49.206 | A (IP address) | IN (0x0001) | false | ||
Apr 21, 2025 17:52:22.488168001 CEST | 8.8.8.8 | 192.168.2.4 | 0xf240 | No error (0) | 142.250.217.142 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 11:52:11 |
Start date: | 21/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 11:52:14 |
Start date: | 21/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 11:52:20 |
Start date: | 21/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 12 |
Start time: | 11:52:29 |
Start date: | 21/04/2025 |
Path: | C:\Windows\System32\msdt.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ca680000 |
File size: | 499'200 bytes |
MD5 hash: | 3AE6BFDF0257B303EDD695DA183C8462 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |