Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://cp

Overview

General Information

Sample URL:http://cp
Analysis ID:1502060
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 5440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,90350938793623814,6958150517731593523,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 3640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cp" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 13.71.55.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.71.55.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.71.55.58
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 13.71.55.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.71.55.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.71.55.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.71.55.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.71.55.58
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownUDP traffic detected without corresponding DNS query: 20.101.57.9
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownHTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: classification engineClassification label: unknown0.win@19/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,90350938793623814,6958150517731593523,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cp"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,90350938793623814,6958150517731593523,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1502060 URL: http://cp Startdate: 31/08/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.7, 123, 137, 443 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 216.58.206.68, 443, 49708 GOOGLEUS United States 10->17 19 google.com 10->19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://cp0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    google.com
    		142.250.186.174
    		truefalse
      		unknown
      www.google.com
      		216.58.206.68
      		truefalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        216.58.206.68
        		www.google.comUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.7

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1502060
        Start date and time:2024-08-31 00:33:16 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 1s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:http://cp
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:15
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:UNKNOWN
        Classification:unknown0.win@19/0@4/3
        Cookbook Comments:
        • URL browsing timeout or error

        Errors

        • URL not reachable

        Warnings

        • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 216.58.206.67, 64.233.166.84, 142.250.184.206, 34.104.35.123, 199.232.210.172, 184.28.90.27, 40.126.31.67, 40.126.31.71, 20.190.159.4, 20.190.159.73, 20.190.159.0, 40.126.31.73, 20.190.159.23, 20.190.159.68, 20.114.59.183, 20.3.187.198
        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, time.windows.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, login.live.com, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, settings-win.data.microsoft.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtSetInformationFile calls found.
        • VT rate limit hit for: http://cp

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        No static file info

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Aug 31, 2024 00:34:05.869961023 CEST49671443192.168.2.7204.79.197.203
        Aug 31, 2024 00:34:07.526233912 CEST49672443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:07.604319096 CEST49674443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:07.604587078 CEST49675443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:08.276276112 CEST49671443192.168.2.7204.79.197.203
        Aug 31, 2024 00:34:12.292301893 CEST49677443192.168.2.720.50.201.200
        Aug 31, 2024 00:34:12.666817904 CEST49677443192.168.2.720.50.201.200
        Aug 31, 2024 00:34:13.088826895 CEST49671443192.168.2.7204.79.197.203
        Aug 31, 2024 00:34:13.432431936 CEST49677443192.168.2.720.50.201.200
        Aug 31, 2024 00:34:14.979321003 CEST49677443192.168.2.720.50.201.200
        Aug 31, 2024 00:34:17.182281017 CEST49672443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:17.369801998 CEST49674443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:17.369817972 CEST49675443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:17.978991985 CEST49677443192.168.2.720.50.201.200
        Aug 31, 2024 00:34:19.193650961 CEST49704443192.168.2.713.71.55.58
        Aug 31, 2024 00:34:19.193685055 CEST4434970413.71.55.58192.168.2.7
        Aug 31, 2024 00:34:19.193770885 CEST49704443192.168.2.713.71.55.58
        Aug 31, 2024 00:34:19.207633972 CEST49704443192.168.2.713.71.55.58
        Aug 31, 2024 00:34:19.207659960 CEST4434970413.71.55.58192.168.2.7
        Aug 31, 2024 00:34:19.557034969 CEST44349698104.98.116.138192.168.2.7
        Aug 31, 2024 00:34:19.557140112 CEST49698443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:20.561274052 CEST4434970413.71.55.58192.168.2.7
        Aug 31, 2024 00:34:20.561387062 CEST49704443192.168.2.713.71.55.58
        Aug 31, 2024 00:34:20.565048933 CEST49704443192.168.2.713.71.55.58
        Aug 31, 2024 00:34:20.565064907 CEST4434970413.71.55.58192.168.2.7
        Aug 31, 2024 00:34:20.567028046 CEST4434970413.71.55.58192.168.2.7
        Aug 31, 2024 00:34:20.680219889 CEST49704443192.168.2.713.71.55.58
        Aug 31, 2024 00:34:21.057914972 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:21.057956934 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:21.058042049 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:21.074609995 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:21.074630976 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:21.127649069 CEST49704443192.168.2.713.71.55.58
        Aug 31, 2024 00:34:21.127737045 CEST4434970413.71.55.58192.168.2.7
        Aug 31, 2024 00:34:21.127841949 CEST49704443192.168.2.713.71.55.58
        Aug 31, 2024 00:34:21.706378937 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:21.741163969 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:21.741189957 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:21.742273092 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:21.742358923 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:21.771863937 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:21.772048950 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:21.869606972 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:21.869632959 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:22.079654932 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:22.690169096 CEST49671443192.168.2.7204.79.197.203
        Aug 31, 2024 00:34:23.981765985 CEST49677443192.168.2.720.50.201.200
        Aug 31, 2024 00:34:28.064551115 CEST49698443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:28.065676928 CEST49716443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:28.065716028 CEST44349716104.98.116.138192.168.2.7
        Aug 31, 2024 00:34:28.067056894 CEST49716443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:28.068262100 CEST49716443192.168.2.7104.98.116.138
        Aug 31, 2024 00:34:28.068272114 CEST44349716104.98.116.138192.168.2.7
        Aug 31, 2024 00:34:28.070780993 CEST44349698104.98.116.138192.168.2.7
        Aug 31, 2024 00:34:31.628329039 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:31.628388882 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:31.628431082 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:33.375724077 CEST49708443192.168.2.7216.58.206.68
        Aug 31, 2024 00:34:33.375797987 CEST44349708216.58.206.68192.168.2.7
        Aug 31, 2024 00:34:35.885096073 CEST49677443192.168.2.720.50.201.200

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Aug 31, 2024 00:34:16.663916111 CEST53624151.1.1.1192.168.2.7
        Aug 31, 2024 00:34:16.691819906 CEST53547421.1.1.1192.168.2.7
        Aug 31, 2024 00:34:17.759063005 CEST53635311.1.1.1192.168.2.7
        Aug 31, 2024 00:34:18.369812012 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:18.578921080 CEST123123192.168.2.720.101.57.9
        Aug 31, 2024 00:34:18.757443905 CEST12312320.101.57.9192.168.2.7
        Aug 31, 2024 00:34:19.129712105 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:19.888283968 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:20.920808077 CEST5899353192.168.2.71.1.1.1
        Aug 31, 2024 00:34:20.921289921 CEST5572953192.168.2.71.1.1.1
        Aug 31, 2024 00:34:20.927783966 CEST53589931.1.1.1192.168.2.7
        Aug 31, 2024 00:34:20.928272009 CEST53557291.1.1.1192.168.2.7
        Aug 31, 2024 00:34:20.947113037 CEST5755853192.168.2.71.1.1.1
        Aug 31, 2024 00:34:20.947982073 CEST6132953192.168.2.78.8.8.8
        Aug 31, 2024 00:34:20.954925060 CEST53575581.1.1.1192.168.2.7
        Aug 31, 2024 00:34:20.956417084 CEST53613298.8.8.8192.168.2.7
        Aug 31, 2024 00:34:21.961072922 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:22.721501112 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:23.483216047 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:29.690386057 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:30.448642015 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:31.199003935 CEST137137192.168.2.7192.168.2.255
        Aug 31, 2024 00:34:34.802905083 CEST53546021.1.1.1192.168.2.7

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Aug 31, 2024 00:34:20.920808077 CEST192.168.2.71.1.1.10x8d20Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Aug 31, 2024 00:34:20.921289921 CEST192.168.2.71.1.1.10x8e44Standard query (0)www.google.com65IN (0x0001)false
        Aug 31, 2024 00:34:20.947113037 CEST192.168.2.71.1.1.10xfd41Standard query (0)google.comA (IP address)IN (0x0001)false
        Aug 31, 2024 00:34:20.947982073 CEST192.168.2.78.8.8.80x6768Standard query (0)google.comA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Aug 31, 2024 00:34:20.619880915 CEST1.1.1.1192.168.2.70xd941No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
        Aug 31, 2024 00:34:20.619880915 CEST1.1.1.1192.168.2.70xd941No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
        Aug 31, 2024 00:34:20.927783966 CEST1.1.1.1192.168.2.70x8d20No error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
        Aug 31, 2024 00:34:20.928272009 CEST1.1.1.1192.168.2.70x8e44No error (0)www.google.com65IN (0x0001)false
        Aug 31, 2024 00:34:20.954925060 CEST1.1.1.1192.168.2.70xfd41No error (0)google.com142.250.186.174A (IP address)IN (0x0001)false
        Aug 31, 2024 00:34:20.956417084 CEST8.8.8.8192.168.2.70x6768No error (0)google.com142.251.36.238A (IP address)IN (0x0001)false

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:18:34:08
        Start date:30/08/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff6c4390000
        File size:3'242'272 bytes
        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:4
        Start time:18:34:14
        Start date:30/08/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,90350938793623814,6958150517731593523,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff6c4390000
        File size:3'242'272 bytes
        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:12
        Start time:18:34:16
        Start date:30/08/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cp"
        Imagebase:0x7ff6c4390000
        File size:3'242'272 bytes
        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Disassembly

        No disassembly