Edit tour

Windows Analysis Report
https://meeting.sa.com/vQR5CD1ST6AB0AB0QR5OP4ST6vQR5CD1AB0MN3WX8CD1ST6fWX8EF2tyWX8CD1ST6OP4cWX8m

Overview

General Information

Sample URL:https://meeting.sa.com/vQR5CD1ST6AB0AB0QR5OP4ST6vQR5CD1AB0MN3WX8CD1ST6fWX8EF2tyWX8CD1ST6OP4cWX8m
Analysis ID:1670721
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Confidence:60%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2292,i,14736891581803396942,7317643809299738819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2348 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meeting.sa.com/vQR5CD1ST6AB0AB0QR5OP4ST6vQR5CD1AB0MN3WX8CD1ST6fWX8EF2tyWX8CD1ST6OP4cWX8m" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: meeting.sa.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: classification engineClassification label: unknown0.win@23/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2292,i,14736891581803396942,7317643809299738819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2348 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meeting.sa.com/vQR5CD1ST6AB0AB0QR5OP4ST6vQR5CD1AB0MN3WX8CD1ST6fWX8EF2tyWX8CD1ST6OP4cWX8m"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2292,i,14736891581803396942,7317643809299738819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2348 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1670721 URL: https://meeting.sa.com/vQR5... Startdate: 22/04/2025 Architecture: WINDOWS Score: 0 5 chrome.exe 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 443, 49687, 49708 unknown unknown 5->13 10 chrome.exe 5->10         started        process4 dnsIp5 15 www.google.com 142.250.69.4, 443, 49724 GOOGLEUS United States 10->15 17 meeting.sa.com 34.76.205.124, 443, 49726, 49727 GOOGLEUS United States 10->17

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://meeting.sa.com/vQR5CD1ST6AB0AB0QR5OP4ST6vQR5CD1AB0MN3WX8CD1ST6fWX8EF2tyWX8CD1ST6OP4cWX8m0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
meeting.sa.com
34.76.205.124
truefalse
    unknown
    www.google.com
    142.250.69.4
    truefalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      142.250.69.4
      www.google.comUnited States
      15169GOOGLEUSfalse
      34.76.205.124
      meeting.sa.comUnited States
      15169GOOGLEUSfalse
      IP
      192.168.2.4
      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1670721
      Start date and time:2025-04-22 06:04:15 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 2m 13s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://meeting.sa.com/vQR5CD1ST6AB0AB0QR5OP4ST6vQR5CD1AB0MN3WX8CD1ST6fWX8EF2tyWX8CD1ST6OP4cWX8m
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:18
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:UNKNOWN
      Classification:unknown0.win@23/0@4/3
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • URL browsing timeout or error
      • URL not reachable
      • Exclude process from analysis (whitelisted): audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 142.250.68.227, 142.250.69.14, 142.250.141.84, 199.232.214.172, 184.29.183.29, 4.175.87.197
      • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenFile calls found.
      • VT rate limit hit for: https://meeting.sa.com/vQR5CD1ST6AB0AB0QR5OP4ST6vQR5CD1AB0MN3WX8CD1ST6fWX8EF2tyWX8CD1ST6OP4cWX8m
      No simulations
      No context
      No context
      No context
      No context
      No context
      No created / dropped files found
      No static file info

      Download Network PCAP: filteredfull

      • Total Packets: 47
      • 443 (HTTPS)
      • 80 (HTTP)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Apr 22, 2025 06:05:03.754966021 CEST4968180192.168.2.42.17.190.73
      Apr 22, 2025 06:05:13.286659002 CEST49671443192.168.2.4204.79.197.203
      Apr 22, 2025 06:05:13.367667913 CEST4968180192.168.2.42.17.190.73
      Apr 22, 2025 06:05:13.598865032 CEST49671443192.168.2.4204.79.197.203
      Apr 22, 2025 06:05:13.944334984 CEST49724443192.168.2.4142.250.69.4
      Apr 22, 2025 06:05:13.944386959 CEST44349724142.250.69.4192.168.2.4
      Apr 22, 2025 06:05:13.944570065 CEST49724443192.168.2.4142.250.69.4
      Apr 22, 2025 06:05:13.944617987 CEST49724443192.168.2.4142.250.69.4
      Apr 22, 2025 06:05:13.944624901 CEST44349724142.250.69.4192.168.2.4
      Apr 22, 2025 06:05:14.208338022 CEST49671443192.168.2.4204.79.197.203
      Apr 22, 2025 06:05:14.262056112 CEST44349724142.250.69.4192.168.2.4
      Apr 22, 2025 06:05:14.262168884 CEST49724443192.168.2.4142.250.69.4
      Apr 22, 2025 06:05:14.263354063 CEST49724443192.168.2.4142.250.69.4
      Apr 22, 2025 06:05:14.263372898 CEST44349724142.250.69.4192.168.2.4
      Apr 22, 2025 06:05:14.263653994 CEST44349724142.250.69.4192.168.2.4
      Apr 22, 2025 06:05:14.317620039 CEST49724443192.168.2.4142.250.69.4
      Apr 22, 2025 06:05:15.411242008 CEST49671443192.168.2.4204.79.197.203
      Apr 22, 2025 06:05:16.110249043 CEST49726443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:16.110332966 CEST4434972634.76.205.124192.168.2.4
      Apr 22, 2025 06:05:16.110395908 CEST49726443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:16.110593081 CEST49727443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:16.110641956 CEST4434972734.76.205.124192.168.2.4
      Apr 22, 2025 06:05:16.110692978 CEST49727443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:16.110750914 CEST49726443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:16.110766888 CEST4434972634.76.205.124192.168.2.4
      Apr 22, 2025 06:05:16.110933065 CEST49727443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:16.110948086 CEST4434972734.76.205.124192.168.2.4
      Apr 22, 2025 06:05:17.818485975 CEST49671443192.168.2.4204.79.197.203
      Apr 22, 2025 06:05:22.055126905 CEST49678443192.168.2.420.189.173.27
      Apr 22, 2025 06:05:22.366698980 CEST49678443192.168.2.420.189.173.27
      Apr 22, 2025 06:05:22.633492947 CEST49671443192.168.2.4204.79.197.203
      Apr 22, 2025 06:05:22.982227087 CEST49678443192.168.2.420.189.173.27
      Apr 22, 2025 06:05:23.224095106 CEST49708443192.168.2.452.113.196.254
      Apr 22, 2025 06:05:23.364018917 CEST4434970852.113.196.254192.168.2.4
      Apr 22, 2025 06:05:23.393022060 CEST49734443192.168.2.4131.253.33.254
      Apr 22, 2025 06:05:23.393105030 CEST44349734131.253.33.254192.168.2.4
      Apr 22, 2025 06:05:23.393320084 CEST49734443192.168.2.4131.253.33.254
      Apr 22, 2025 06:05:23.393666983 CEST49734443192.168.2.4131.253.33.254
      Apr 22, 2025 06:05:23.393718958 CEST44349734131.253.33.254192.168.2.4
      Apr 22, 2025 06:05:23.879307985 CEST44349734131.253.33.254192.168.2.4
      Apr 22, 2025 06:05:23.879399061 CEST49734443192.168.2.4131.253.33.254
      Apr 22, 2025 06:05:24.195216894 CEST49678443192.168.2.420.189.173.27
      Apr 22, 2025 06:05:24.282491922 CEST44349724142.250.69.4192.168.2.4
      Apr 22, 2025 06:05:24.282547951 CEST44349724142.250.69.4192.168.2.4
      Apr 22, 2025 06:05:24.282617092 CEST49724443192.168.2.4142.250.69.4
      Apr 22, 2025 06:05:24.635288000 CEST49724443192.168.2.4142.250.69.4
      Apr 22, 2025 06:05:24.635318041 CEST44349724142.250.69.4192.168.2.4
      Apr 22, 2025 06:05:26.605143070 CEST49678443192.168.2.420.189.173.27
      Apr 22, 2025 06:05:31.413805962 CEST49678443192.168.2.420.189.173.27
      Apr 22, 2025 06:05:32.237708092 CEST49671443192.168.2.4204.79.197.203
      Apr 22, 2025 06:05:41.022798061 CEST49678443192.168.2.420.189.173.27
      Apr 22, 2025 06:05:46.119347095 CEST49726443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:46.119348049 CEST49727443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:46.164295912 CEST4434972734.76.205.124192.168.2.4
      Apr 22, 2025 06:05:46.164316893 CEST4434972634.76.205.124192.168.2.4
      Apr 22, 2025 06:05:47.166450977 CEST49738443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:47.166522980 CEST4434973834.76.205.124192.168.2.4
      Apr 22, 2025 06:05:47.166599989 CEST49739443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:47.166666031 CEST4434973934.76.205.124192.168.2.4
      Apr 22, 2025 06:05:47.166697979 CEST49738443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:47.166713953 CEST49739443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:47.171961069 CEST49739443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:47.171976089 CEST4434973934.76.205.124192.168.2.4
      Apr 22, 2025 06:05:47.172048092 CEST49738443192.168.2.434.76.205.124
      Apr 22, 2025 06:05:47.172068119 CEST4434973834.76.205.124192.168.2.4
      TimestampSource PortDest PortSource IPDest IP
      Apr 22, 2025 06:05:10.525041103 CEST53500621.1.1.1192.168.2.4
      Apr 22, 2025 06:05:10.762751102 CEST53612771.1.1.1192.168.2.4
      Apr 22, 2025 06:05:11.796498060 CEST53648991.1.1.1192.168.2.4
      Apr 22, 2025 06:05:12.148335934 CEST53614591.1.1.1192.168.2.4
      Apr 22, 2025 06:05:13.802824974 CEST5407053192.168.2.41.1.1.1
      Apr 22, 2025 06:05:13.803112030 CEST5189253192.168.2.41.1.1.1
      Apr 22, 2025 06:05:13.943135977 CEST53540701.1.1.1192.168.2.4
      Apr 22, 2025 06:05:13.943193913 CEST53518921.1.1.1192.168.2.4
      Apr 22, 2025 06:05:15.796029091 CEST6209253192.168.2.41.1.1.1
      Apr 22, 2025 06:05:15.799081087 CEST4968753192.168.2.41.1.1.1
      Apr 22, 2025 06:05:16.100025892 CEST53496871.1.1.1192.168.2.4
      Apr 22, 2025 06:05:16.109662056 CEST53620921.1.1.1192.168.2.4
      Apr 22, 2025 06:05:29.176999092 CEST53625211.1.1.1192.168.2.4
      Apr 22, 2025 06:05:45.896425009 CEST53591951.1.1.1192.168.2.4
      Apr 22, 2025 06:05:48.177341938 CEST53533551.1.1.1192.168.2.4
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Apr 22, 2025 06:05:13.802824974 CEST192.168.2.41.1.1.10x234cStandard query (0)www.google.comA (IP address)IN (0x0001)false
      Apr 22, 2025 06:05:13.803112030 CEST192.168.2.41.1.1.10x50d8Standard query (0)www.google.com65IN (0x0001)false
      Apr 22, 2025 06:05:15.796029091 CEST192.168.2.41.1.1.10xd4baStandard query (0)meeting.sa.comA (IP address)IN (0x0001)false
      Apr 22, 2025 06:05:15.799081087 CEST192.168.2.41.1.1.10xf2deStandard query (0)meeting.sa.com65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Apr 22, 2025 06:05:13.943135977 CEST1.1.1.1192.168.2.40x234cNo error (0)www.google.com142.250.69.4A (IP address)IN (0x0001)false
      Apr 22, 2025 06:05:13.943193913 CEST1.1.1.1192.168.2.40x50d8No error (0)www.google.com65IN (0x0001)false
      Apr 22, 2025 06:05:16.109662056 CEST1.1.1.1192.168.2.40xd4baNo error (0)meeting.sa.com34.76.205.124A (IP address)IN (0x0001)false
      010203040s020406080100

      Click to jump to process

      010203040s0.0050100MB

      Click to jump to process

      Target ID:1
      Start time:00:05:06
      Start date:22/04/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:2
      Start time:00:05:08
      Start date:22/04/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2292,i,14736891581803396942,7317643809299738819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2348 /prefetch:3
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:3
      Start time:00:05:15
      Start date:22/04/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meeting.sa.com/vQR5CD1ST6AB0AB0QR5OP4ST6vQR5CD1AB0MN3WX8CD1ST6fWX8EF2tyWX8CD1ST6OP4cWX8m"
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      No disassembly