Windows
Analysis Report
http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 2148 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --st art-maximi zed "about :blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408) chrome.exe (PID: 4332 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1812 --fi eld-trial- handle=178 4,i,162207 8655068144 3331,58128 2674347389 6917,13107 2 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationTarge tPredictio n /prefetc h:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
chrome.exe (PID: 3996 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http ://72.21.9 1.29/MFEwT zBNMEswSTA JBgUrDgMCG gUABBSAUQY BMq2awn1Rh 6Doh%2FsBY gFV7gQUA95 QNVbRTLtm8 KPiGxvDl7I 90VUCEAJ0L qoXyo4hxxe 7H%2Fz9DKA %3D MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- cleanup
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Directory created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Directory created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 3 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 172.217.168.45 | true | false | high | |
www.google.com | 142.250.203.100 | true | false | high | |
clients.l.google.com | 142.250.203.110 | true | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.168.45 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.203.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.203.110 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
72.21.91.29 | unknown | United States | 15133 | EDGECASTUS | false |
IP |
---|
192.168.2.1 |
127.0.0.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 811126 |
Start date and time: | 2023-02-17 23:11:43 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@25/3@4/7 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, H xTsr.exe, RuntimeBroker.exe, b ackgroundTaskHost.exe, conhost .exe - Excluded IPs from analysis (wh
itelisted): 142.250.203.99, 34 .104.35.123 - Excluded domains from analysis
(whitelisted): www.bing.com, client.wns.windows.com, edgedl .me.gvt1.com, login.live.com, tile-service.weather.microsoft .com, update.googleapis.com, c tldl.windowsupdate.com, client services.googleapis.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtWriteVirtualMemory c alls found.
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 471 |
Entropy (8bit): | 7.126763376258901 |
Encrypted: | false |
SSDEEP: | 6:J0Mm742+b5o7WcSek72+YH1uellS1EnCTEpUeIT2Qke5+kWF5GRJgbYB1ylt4xM4:JD2+b5J72+YVPSVPbl+kuGR71ylt4K4 |
MD5: | F2E4C6832E7FB069578E31C5D7AE6B92 |
SHA1: | 01467F0E75C00EBDCB3B5375378F0D3561408FF3 |
SHA-256: | 6458300C2508AB5E2F7F5AE47B0634CFBC523669063A1E8221F6D25522241269 |
SHA-512: | 617833FC0D14A8E8B78F92DD28C9C7484B9175A9629E4816739A5FF066501FE55FD94BF8883AB849EF1826F6FAB9D2A1BA868E00AF06119B1B80EF745FE3AAA4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 471 |
Entropy (8bit): | 7.126763376258901 |
Encrypted: | false |
SSDEEP: | 6:J0Mm742+b5o7WcSek72+YH1uellS1EnCTEpUeIT2Qke5+kWF5GRJgbYB1ylt4xM4:JD2+b5J72+YVPSVPbl+kuGR71ylt4K4 |
MD5: | F2E4C6832E7FB069578E31C5D7AE6B92 |
SHA1: | 01467F0E75C00EBDCB3B5375378F0D3561408FF3 |
SHA-256: | 6458300C2508AB5E2F7F5AE47B0634CFBC523669063A1E8221F6D25522241269 |
SHA-512: | 617833FC0D14A8E8B78F92DD28C9C7484B9175A9629E4816739A5FF066501FE55FD94BF8883AB849EF1826F6FAB9D2A1BA868E00AF06119B1B80EF745FE3AAA4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 471 |
Entropy (8bit): | 7.126763376258901 |
Encrypted: | false |
SSDEEP: | 6:J0Mm742+b5o7WcSek72+YH1uellS1EnCTEpUeIT2Qke5+kWF5GRJgbYB1ylt4xM4:JD2+b5J72+YVPSVPbl+kuGR71ylt4K4 |
MD5: | F2E4C6832E7FB069578E31C5D7AE6B92 |
SHA1: | 01467F0E75C00EBDCB3B5375378F0D3561408FF3 |
SHA-256: | 6458300C2508AB5E2F7F5AE47B0634CFBC523669063A1E8221F6D25522241269 |
SHA-512: | 617833FC0D14A8E8B78F92DD28C9C7484B9175A9629E4816739A5FF066501FE55FD94BF8883AB849EF1826F6FAB9D2A1BA868E00AF06119B1B80EF745FE3AAA4 |
Malicious: | false |
Reputation: | low |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 81
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 17, 2023 23:12:39.039211988 CET | 49706 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:12:39.039505959 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.039570093 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.039675951 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.039877892 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.039897919 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.039957047 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.041738033 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.041760921 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.041829109 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.042736053 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.042805910 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.042884111 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.043780088 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.043819904 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.044121027 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.044142962 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.137263060 CET | 80 | 49706 | 72.21.91.29 | 192.168.2.5 |
Feb 17, 2023 23:12:39.137434006 CET | 49706 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:12:39.207000971 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.207185030 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.325227976 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.325309038 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.325598001 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.325655937 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.326472044 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.326524019 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.328172922 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.328227043 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.328542948 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.328574896 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.328628063 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.332122087 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.332235098 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.332257986 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.332387924 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.332451105 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.332478046 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.343321085 CET | 49712 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:12:39.422687054 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.423388958 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.441159010 CET | 80 | 49712 | 72.21.91.29 | 192.168.2.5 |
Feb 17, 2023 23:12:39.441310883 CET | 49712 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:12:39.455816031 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.455816984 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.558737993 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.558752060 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.606987953 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.607073069 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.607153893 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.607213974 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.608660936 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.608730078 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.608882904 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.610816956 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.610920906 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:39.610923052 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.611061096 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.611130953 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:39.611165047 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:39.658674955 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:39.658683062 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.276591063 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:40.276669979 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.277143955 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.282356024 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:40.282411098 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.282814980 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.283011913 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:40.283062935 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.283330917 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.283387899 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.283509016 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.283576012 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.283907890 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.283977032 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.284075975 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.284085989 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.284261942 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.321217060 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.321487904 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.321523905 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.321636915 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.322226048 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.353669882 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:40.358625889 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.358674049 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:40.358707905 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.358732939 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.358772993 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.359148979 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.359255075 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:40.385979891 CET | 49708 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.386029959 CET | 443 | 49708 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:12:40.386606932 CET | 49707 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:40.386658907 CET | 443 | 49707 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:12:40.404911041 CET | 49706 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:12:40.458643913 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:12:40.460130930 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:12:40.502927065 CET | 80 | 49706 | 72.21.91.29 | 192.168.2.5 |
Feb 17, 2023 23:12:40.503284931 CET | 80 | 49706 | 72.21.91.29 | 192.168.2.5 |
Feb 17, 2023 23:12:40.652863979 CET | 49706 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:12:41.559603930 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:41.559696913 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:41.559806108 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:41.560164928 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:41.560209990 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:41.629201889 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:41.629686117 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:41.629757881 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:41.631086111 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:41.631355047 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:41.633661032 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:41.633692026 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:41.633841991 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:41.753987074 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:41.754040956 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:41.952954054 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:51.605705023 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:51.605856895 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:12:51.605986118 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:53.370577097 CET | 49714 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:12:53.370629072 CET | 443 | 49714 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:24.450719118 CET | 49712 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:13:24.548789024 CET | 80 | 49712 | 72.21.91.29 | 192.168.2.5 |
Feb 17, 2023 23:13:25.372662067 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:13:25.372694969 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:13:25.372772932 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:13:25.372812033 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:13:25.547525883 CET | 49706 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:13:25.645957947 CET | 80 | 49706 | 72.21.91.29 | 192.168.2.5 |
Feb 17, 2023 23:13:40.402401924 CET | 80 | 49712 | 72.21.91.29 | 192.168.2.5 |
Feb 17, 2023 23:13:40.402520895 CET | 49712 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:13:41.628598928 CET | 49712 | 80 | 192.168.2.5 | 72.21.91.29 |
Feb 17, 2023 23:13:41.628691912 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:13:41.628698111 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:13:41.628921032 CET | 443 | 49710 | 172.217.168.45 | 192.168.2.5 |
Feb 17, 2023 23:13:41.628922939 CET | 443 | 49711 | 142.250.203.110 | 192.168.2.5 |
Feb 17, 2023 23:13:41.629023075 CET | 49710 | 443 | 192.168.2.5 | 172.217.168.45 |
Feb 17, 2023 23:13:41.629038095 CET | 49711 | 443 | 192.168.2.5 | 142.250.203.110 |
Feb 17, 2023 23:13:41.629118919 CET | 49740 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:13:41.629179001 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:41.629265070 CET | 49740 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:13:41.629843950 CET | 49740 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:13:41.629878044 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:41.691174030 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:41.691570997 CET | 49740 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:13:41.691611052 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:41.692367077 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:41.693351030 CET | 49740 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:13:41.693382978 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:41.693533897 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:41.726494074 CET | 80 | 49712 | 72.21.91.29 | 192.168.2.5 |
Feb 17, 2023 23:13:41.737585068 CET | 49740 | 443 | 192.168.2.5 | 142.250.203.100 |
Feb 17, 2023 23:13:51.682086945 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:51.682219982 CET | 443 | 49740 | 142.250.203.100 | 192.168.2.5 |
Feb 17, 2023 23:13:51.682327986 CET | 49740 | 443 | 192.168.2.5 | 142.250.203.100 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 17, 2023 23:12:38.134955883 CET | 49177 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 17, 2023 23:12:38.135322094 CET | 49724 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 17, 2023 23:12:38.160876989 CET | 53 | 49724 | 8.8.8.8 | 192.168.2.5 |
Feb 17, 2023 23:12:38.162873983 CET | 53 | 49177 | 8.8.8.8 | 192.168.2.5 |
Feb 17, 2023 23:12:41.540005922 CET | 56751 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 17, 2023 23:12:41.557802916 CET | 53 | 56751 | 8.8.8.8 | 192.168.2.5 |
Feb 17, 2023 23:13:41.607481956 CET | 60177 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 17, 2023 23:13:41.627077103 CET | 53 | 60177 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 17, 2023 23:12:38.134955883 CET | 192.168.2.5 | 8.8.8.8 | 0x3944 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 17, 2023 23:12:38.135322094 CET | 192.168.2.5 | 8.8.8.8 | 0x9397 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 17, 2023 23:12:41.540005922 CET | 192.168.2.5 | 8.8.8.8 | 0xbb29 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 17, 2023 23:13:41.607481956 CET | 192.168.2.5 | 8.8.8.8 | 0xe262 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 17, 2023 23:12:38.160876989 CET | 8.8.8.8 | 192.168.2.5 | 0x9397 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 17, 2023 23:12:38.160876989 CET | 8.8.8.8 | 192.168.2.5 | 0x9397 | No error (0) | 142.250.203.110 | A (IP address) | IN (0x0001) | false | ||
Feb 17, 2023 23:12:38.162873983 CET | 8.8.8.8 | 192.168.2.5 | 0x3944 | No error (0) | 172.217.168.45 | A (IP address) | IN (0x0001) | false | ||
Feb 17, 2023 23:12:41.557802916 CET | 8.8.8.8 | 192.168.2.5 | 0xbb29 | No error (0) | 142.250.203.100 | A (IP address) | IN (0x0001) | false | ||
Feb 17, 2023 23:13:41.627077103 CET | 8.8.8.8 | 192.168.2.5 | 0xe262 | No error (0) | 142.250.203.100 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49707 | 172.217.168.45 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49708 | 142.250.203.110 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49706 | 72.21.91.29 | 80 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 17, 2023 23:12:40.404911041 CET | 303 | OUT | |
Feb 17, 2023 23:12:40.503284931 CET | 304 | IN | |
Feb 17, 2023 23:13:25.547525883 CET | 722 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.5 | 49712 | 72.21.91.29 | 80 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 17, 2023 23:13:24.450719118 CET | 722 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49707 | 172.217.168.45 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-02-17 22:12:40 UTC | 0 | OUT | |
2023-02-17 22:12:40 UTC | 0 | OUT | |
2023-02-17 22:12:40 UTC | 2 | IN | |
2023-02-17 22:12:40 UTC | 4 | IN | |
2023-02-17 22:12:40 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49708 | 142.250.203.110 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-02-17 22:12:40 UTC | 0 | OUT | |
2023-02-17 22:12:40 UTC | 1 | IN | |
2023-02-17 22:12:40 UTC | 1 | IN | |
2023-02-17 22:12:40 UTC | 2 | IN | |
2023-02-17 22:12:40 UTC | 2 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 23:12:35 |
Start date: | 17/02/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d31b0000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 1 |
Start time: | 23:12:36 |
Start date: | 17/02/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d31b0000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 2 |
Start time: | 23:12:37 |
Start date: | 17/02/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d31b0000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |