Windows
Analysis Report
https://testflight.apple.com/v1/invite/0b18620dbe1845a6880e14b0388dfff50172158f2e114782ba97042551fd0300190968914?ct=FY463T33U7&advp=10000&platform=ios
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 520 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 4788 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2412 --fi eld-trial- handle=238 0,i,194790 5092517884 519,343929 9998469434 712,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 2032 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://testf light.appl e.com/v1/i nvite/0b18 620dbe1845 a6880e14b0 388dfff501 72158f2e11 4782ba9704 2551fd0300 190968914? ct=FY463T3 3U7&advp=1 0000&platf orm=ios" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
www.google.com | 172.217.16.132 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.16.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.7 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524239 |
Start date and time: | 2024-10-02 16:29:45 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://testflight.apple.com/v1/invite/0b18620dbe1845a6880e14b0388dfff50172158f2e114782ba97042551fd0300190968914?ct=FY463T33U7&advp=10000&platform=ios |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@16/10@2/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.181.238, 173.194.76.84, 34.104.35.123, 23.215.16.35, 4.245.163.56, 93.184.221.240, 13.85.23.206, 20.3.187.198, 13.95.31.18, 2.16.100.168, 88.221.110.91, 142.250.184.227
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://testflight.apple.com/v1/invite/0b18620dbe1845a6880e14b0388dfff50172158f2e114782ba97042551fd0300190968914?ct=FY463T33U7&advp=10000&platform=ios
Input | Output |
---|---|
URL: https://testflight.apple.com/v1/invite/0b18620dbe1845a6880e14b0388dfff50172158f2e114782ba97042551fd0300190968914?ct=FY463T33U7&advp=10000&platform=ios Model: jbxai | |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 22382 |
Entropy (8bit): | 1.8139780344520928 |
Encrypted: | false |
SSDEEP: | 24:nvgQF2ky2bvnlPVdGFGFjn8za2XXcO9++f42AapCaku0Lunpi3kMFPWzlJa4B4LT:3dSmkZ6NJvrulIsW5ty4pDKoz+aR |
MD5: | 310FD67D702063937E39C17B2060067F |
SHA1: | 503B0C1CD35674B8E58B6B35431F381F1417A1A5 |
SHA-256: | 2EE7CA9B189DF54D7CCDD064D75D0143A8229BAE9BDB69F37105E59F433C0A8B |
SHA-512: | D523F0CAA326B7842CB2A0D13D95E2D4CF432FC7A6B12FA503B7175AA188A848C9AFF631685BFA2D2D3609B7FCC6AB398FD9CC95ECAE436FFA9EA2D55550E616 |
Malicious: | false |
Reputation: | low |
URL: | https://testflight.apple.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 22382 |
Entropy (8bit): | 1.8139780344520928 |
Encrypted: | false |
SSDEEP: | 24:nvgQF2ky2bvnlPVdGFGFjn8za2XXcO9++f42AapCaku0Lunpi3kMFPWzlJa4B4LT:3dSmkZ6NJvrulIsW5ty4pDKoz+aR |
MD5: | 310FD67D702063937E39C17B2060067F |
SHA1: | 503B0C1CD35674B8E58B6B35431F381F1417A1A5 |
SHA-256: | 2EE7CA9B189DF54D7CCDD064D75D0143A8229BAE9BDB69F37105E59F433C0A8B |
SHA-512: | D523F0CAA326B7842CB2A0D13D95E2D4CF432FC7A6B12FA503B7175AA188A848C9AFF631685BFA2D2D3609B7FCC6AB398FD9CC95ECAE436FFA9EA2D55550E616 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2247 |
Entropy (8bit): | 4.993361035006213 |
Encrypted: | false |
SSDEEP: | 48:HvM9pmF8+tEhYSD+tmPFwG+tz9PPPnCqXyHi1VJT7dLt:kl+G5D+ED+DXfDySVdhLt |
MD5: | EF9D1F005AAD606F4B020A935D0C12D9 |
SHA1: | CAB21599E840D6228346B4FEA259CC72688BC202 |
SHA-256: | E1F04DF9C6C6B6766C5C5384DE7CCD70DEDF80857F26AA1D5BE7C941A22ED538 |
SHA-512: | 61421A36C633ADE57F6952F843EDBE1BD9E57CBAACC25AC6056DF65DCAAEA64AB529B50BB1BC69BF8E5DA9ED0E58D11320C53957CC629B7903A80D35F77267BC |
Malicious: | false |
Reputation: | low |
URL: | https://testflight.apple.com/v1/invite/0b18620dbe1845a6880e14b0388dfff50172158f2e114782ba97042551fd0300190968914?ct=FY463T33U7&advp=10000&platform=ios |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 130877 |
Entropy (8bit): | 7.996174495971566 |
Encrypted: | true |
SSDEEP: | 3072:rvUYQ9en3RHMK9luY6v/YgRRqhGkhqaCypDx0zEy:jJZ3RSxggRc5yypt0zd |
MD5: | 7A7B5911000EB880E1AB8AEA5A8522CA |
SHA1: | 515D2D9FAAD7ECAFB2AA591C403CFAFA260406AE |
SHA-256: | 808A9C74A96AED69AE773764B0BD9C9FE9583F796C1BCE5EE4F29A828F0A4F1C |
SHA-512: | 23C9046CE8415EA58C85DE1CA123D93290CFDC73061DB429E1A3CFA1B46ADA13EAE2B000C35F4B9C8A57769C99E38948725D985CAA7824B0CFCAD95F316EE7CB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3934 |
Entropy (8bit): | 5.078793077809424 |
Encrypted: | false |
SSDEEP: | 96:IUGLeVzi6wmaPyhxt2oeYXeaM+Uah1LDep8T/5iMc:IUTli6wVKJXOaNUah1LDep45ih |
MD5: | 7EDF63E13C54B063774BC97405CCD99C |
SHA1: | 91DD6D7DBBB000A291F91790D678069203CFD8C1 |
SHA-256: | F500A916ED42D8807FF795EA10E37227B80FA072CE2C23B8537B66DB7F772899 |
SHA-512: | 841714F461B437F56FD28025437C5C4A0385BC804B76F44044BC329A7333AA92814A85EBC2C6B989BD7310657CF9BEDDE2730E11BB315D26BB6645AD3485E917 |
Malicious: | false |
Reputation: | low |
URL: | https://testflight.apple.com/styles/main.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 130877 |
Entropy (8bit): | 7.996174495971566 |
Encrypted: | true |
SSDEEP: | 3072:rvUYQ9en3RHMK9luY6v/YgRRqhGkhqaCypDx0zEy:jJZ3RSxggRc5yypt0zd |
MD5: | 7A7B5911000EB880E1AB8AEA5A8522CA |
SHA1: | 515D2D9FAAD7ECAFB2AA591C403CFAFA260406AE |
SHA-256: | 808A9C74A96AED69AE773764B0BD9C9FE9583F796C1BCE5EE4F29A828F0A4F1C |
SHA-512: | 23C9046CE8415EA58C85DE1CA123D93290CFDC73061DB429E1A3CFA1B46ADA13EAE2B000C35F4B9C8A57769C99E38948725D985CAA7824B0CFCAD95F316EE7CB |
Malicious: | false |
Reputation: | low |
URL: | https://testflight.apple.com/images/testflight-400x400-masked_27.png |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 16:30:36.720796108 CEST | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Oct 2, 2024 16:30:39.126971960 CEST | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Oct 2, 2024 16:30:40.412327051 CEST | 49674 | 443 | 192.168.2.7 | 104.98.116.138 |
Oct 2, 2024 16:30:40.413448095 CEST | 49675 | 443 | 192.168.2.7 | 104.98.116.138 |
Oct 2, 2024 16:30:40.580140114 CEST | 49672 | 443 | 192.168.2.7 | 104.98.116.138 |
Oct 2, 2024 16:30:43.493232012 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
Oct 2, 2024 16:30:43.970792055 CEST | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Oct 2, 2024 16:30:44.067399979 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
Oct 2, 2024 16:30:44.955401897 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
Oct 2, 2024 16:30:46.455399036 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
Oct 2, 2024 16:30:49.565037966 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
Oct 2, 2024 16:30:50.067640066 CEST | 49674 | 443 | 192.168.2.7 | 104.98.116.138 |
Oct 2, 2024 16:30:50.067668915 CEST | 49675 | 443 | 192.168.2.7 | 104.98.116.138 |
Oct 2, 2024 16:30:50.269365072 CEST | 49672 | 443 | 192.168.2.7 | 104.98.116.138 |
Oct 2, 2024 16:30:50.451771021 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:30:50.451802969 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:30:50.451853991 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:30:50.452060938 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:30:50.452069998 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:30:51.100900888 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:30:51.101347923 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:30:51.101377964 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:30:51.102503061 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:30:51.102643967 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:30:51.103835106 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:30:51.103912115 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:30:51.271022081 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:30:51.271033049 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:30:51.377340078 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:30:52.640221119 CEST | 443 | 49698 | 104.98.116.138 | 192.168.2.7 |
Oct 2, 2024 16:30:52.640309095 CEST | 49698 | 443 | 192.168.2.7 | 104.98.116.138 |
Oct 2, 2024 16:30:53.689138889 CEST | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
Oct 2, 2024 16:30:55.364451885 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:55.364518881 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:55.364586115 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:55.368935108 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:55.368948936 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:55.518110991 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
Oct 2, 2024 16:30:56.018132925 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.018215895 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.022628069 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.022650957 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.023055077 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.064408064 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.240947008 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.283433914 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.426434040 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.426527023 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.426678896 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.427983046 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.428006887 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.428030014 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.428042889 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.500196934 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.500258923 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:56.500622988 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.501096964 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:56.501110077 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:57.166228056 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:57.166309118 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:57.167977095 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:57.167987108 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:57.168395996 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:57.169513941 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:57.211406946 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:57.650065899 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:57.650152922 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:57.650209904 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:57.651304960 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:57.651350975 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:30:57.651382923 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
Oct 2, 2024 16:30:57.651413918 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
Oct 2, 2024 16:31:01.006903887 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:01.007014036 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:01.007070065 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:31:01.610269070 CEST | 49704 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:31:01.610289097 CEST | 443 | 49704 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:07.423450947 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
Oct 2, 2024 16:31:50.504482985 CEST | 49721 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:31:50.504575968 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:50.504653931 CEST | 49721 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:31:50.504918098 CEST | 49721 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:31:50.504946947 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:51.151648045 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:51.153103113 CEST | 49721 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:31:51.153129101 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:51.153467894 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:51.153834105 CEST | 49721 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:31:51.153892994 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:31:51.201181889 CEST | 49721 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:32:01.057001114 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:32:01.057064056 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Oct 2, 2024 16:32:01.057212114 CEST | 49721 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:32:02.077058077 CEST | 49721 | 443 | 192.168.2.7 | 172.217.16.132 |
Oct 2, 2024 16:32:02.077091932 CEST | 443 | 49721 | 172.217.16.132 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 16:30:49.393312931 CEST | 53 | 64852 | 1.1.1.1 | 192.168.2.7 |
Oct 2, 2024 16:30:49.400675058 CEST | 53 | 64178 | 1.1.1.1 | 192.168.2.7 |
Oct 2, 2024 16:30:50.441263914 CEST | 60745 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 2, 2024 16:30:50.441620111 CEST | 62110 | 53 | 192.168.2.7 | 1.1.1.1 |
Oct 2, 2024 16:30:50.448349953 CEST | 53 | 60745 | 1.1.1.1 | 192.168.2.7 |
Oct 2, 2024 16:30:50.448477030 CEST | 53 | 62110 | 1.1.1.1 | 192.168.2.7 |
Oct 2, 2024 16:30:50.530188084 CEST | 53 | 62757 | 1.1.1.1 | 192.168.2.7 |
Oct 2, 2024 16:30:50.976808071 CEST | 123 | 123 | 192.168.2.7 | 13.95.65.251 |
Oct 2, 2024 16:30:51.162233114 CEST | 123 | 123 | 13.95.65.251 | 192.168.2.7 |
Oct 2, 2024 16:31:07.449304104 CEST | 53 | 49386 | 1.1.1.1 | 192.168.2.7 |
Oct 2, 2024 16:31:26.449857950 CEST | 53 | 50116 | 1.1.1.1 | 192.168.2.7 |
Oct 2, 2024 16:31:43.641580105 CEST | 138 | 138 | 192.168.2.7 | 192.168.2.255 |
Oct 2, 2024 16:31:46.670447111 CEST | 53 | 60822 | 1.1.1.1 | 192.168.2.7 |
Oct 2, 2024 16:31:48.819583893 CEST | 53 | 52571 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 16:30:50.441263914 CEST | 192.168.2.7 | 1.1.1.1 | 0x623f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 16:30:50.441620111 CEST | 192.168.2.7 | 1.1.1.1 | 0x1b4c | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 16:30:50.448349953 CEST | 1.1.1.1 | 192.168.2.7 | 0x623f | No error (0) | 172.217.16.132 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 16:30:50.448477030 CEST | 1.1.1.1 | 192.168.2.7 | 0x1b4c | No error (0) | 65 | IN (0x0001) | false | |||
Oct 2, 2024 16:31:13.761061907 CEST | 1.1.1.1 | 192.168.2.7 | 0xd39f | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 16:31:13.761061907 CEST | 1.1.1.1 | 192.168.2.7 | 0xd39f | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 16:31:59.948276997 CEST | 1.1.1.1 | 192.168.2.7 | 0x91ce | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 16:31:59.948276997 CEST | 1.1.1.1 | 192.168.2.7 | 0x91ce | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49712 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 14:30:56 UTC | 161 | OUT | |
2024-10-02 14:30:56 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49714 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 14:30:57 UTC | 239 | OUT | |
2024-10-02 14:30:57 UTC | 514 | IN | |
2024-10-02 14:30:57 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 10:30:40 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c4390000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 10:30:44 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c4390000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 9 |
Start time: | 10:30:49 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c4390000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |