Windows
Analysis Report
http://40terrastaffinggroup.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGJkNzFkZWJlLTQwODUtNGNlMi1hYTNjLTdkN2YzNWU0YmVjMABGAAAAAABYpOmuJi7tQ6q5WuWub8ZLBwAtSgssfhXVSpJpksK16V0%2FAAAAAaZAAAD9bQqaleUESLifjGau%2Fsr4AALg9NVMAAABEgAQAJuQeKWKJU1KjyY7L4gSFMo%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiI
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 4176 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2896 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2532 --fi eld-trial- handle=250 8,i,103595 6196478602 1580,17757 5630426891 77643,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6384 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://40terr astaffingg roup.com/s ervice.svc /s/GetAtta chmentThum bnail?id=A AMkAGJkNzF kZWJlLTQwO DUtNGNlMi1 hYTNjLTdkN 2YzNWU0YmV jMABGAAAAA ABYpOmuJi7 tQ6q5WuWub 8ZLBwAtSgs sfhXVSpJpk sK16V0%2FA AAAAaZAAAD 9bQqaleUES LifjGau%2F sr4AALg9NV MAAABEgAQA JuQeKWKJU1 KjyY7L4gSF Mo%3D&thum bnailType= 2&token=ey JhbGciOiJS UzI1NiIsIm tpZCI6IkU1 RDJGMEY4RE E5M0I2NzA5 QzQzQTlFOE E2MTQzQzAz RDYyRjlBOD AiLCJ0eXAi OiJKV1QiLC J4NXQiOiI1 ZEx3LU5xVH RuQ2NRNm5v cGhROEE5WX Ztb0EifQ.e yJvcmlnaW4 iOiJodHRwc zovL291dGx vb2sub2Zma WNlLmNvbSI sInVjIjoiN jc1YTc1M2Q 1MzRjNDEzZ WEwNWE0NzN iMjBmMTNiZ GIiLCJzaWd uaW5fc3Rhd GUiOiJrbXN pIiwidmVyI joiRXhjaGF uZ2UuQ2Fsb GJhY2suVjE iLCJhcHBjd HhzZW5kZXI iOiJPd2FEb 3dubG9hZEA 2OWEwNzAzY y05YTMxLTQ xODMtYjkxY i04ZTRjYjA 4NGZiZjAiL CJpc3NyaW5 nIjoiV1ciL CJhcHBjdHg iOiJ7XCJtc 2V4Y2hwcm9 0XCI6XCJvd 2FcIixcInB 1aWRcIjpcI jExNTM4MDE xMTk3Njc5M zA0NzJcIix cInNjb3BlX CI6XCJPd2F Eb3dubG9hZ FwiLFwib2l kXCI6XCIxO TBlMzE0NS0 yZWQyLTRmM jItOTQ1OS0 1ZDhlMWZjO GI1MWVcIix cInByaW1hc nlzaWRcIjp cIlMtMS01L TIxLTM3NzM yMDA0NjctM TY0ODM0NzE zOC0zMzMzM zM0NDYyLTM 1MTMxNDU2X CJ9IiwibmJ mIjoxNzI3N zM4OTI3LCJ leHAiOjE3M jc3MzkyMjc sImlzcyI6I jAwMDAwMDA yLTAwMDAtM GZmMS1jZTA wLTAwMDAwM DAwMDAwMEA 2OWEwNzAzY y05YTMxLTQ xODMtYjkxY i04ZTRjYjA 4NGZiZjAiL CJhdWQiOiI wMDAwMDAwM i0wMDAwLTB mZjEtY2UwM C0wMDAwMDA wMDAwMDAvY XR0YWNobWV udHMub2Zma WNlLm5ldEA 2OWEwNzAzY y05YTMxLTQ xODMtYjkxY i04ZTRjYjA 4NGZiZjAiL CJoYXBwIjo ib3dhIn0.D DCiPDY1j1u NmVpBJdSsA okX770OONz h8rv5z3s3g S-I-LsZMYC ozhUrKhO2n Qu85lawIrk oCL0RO8eT_ rPCoQ3V2_5 tTd-ECtyx_ m8GRUsYCdW K0T-Az3fT7 NIZIgikR3Q FZXLLU0TVX K_M7DYsIEC pjB4cA2rzU xYWUq20Y-D uKKf2BUUha Ejjqr8eB76 _2oGXY1Xml i7920rKxpn H3vI8dTEDO qiSzre4gpt AP6UcYoEXV HYMSRG7sdJ XbXzw95rp1 YaDecWGC5e RukjrW0UJC _PIguBm8pV d8uCcTUweR TH6CJ1725v 0e5iFYzPPn TtLozIN7b7 d1ZFnZQJ6w w&X-OWA-CA NARY=bdvoV 2GyMV8AAAA AAAAAAPDZi 7in4dwYPpU 5wYHasUhFa p6Og7aDZ8V kPg5v52xCx WVdx1uX1GI .&owa=outl ook.office .com&scrip tVer=20240 920004.10& clientId=0 3F5E497FBF D4312A9E57 7D9C247289 D&animatio n=true" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Memory has grown: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Extra Window Memory Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 216.58.206.78 | true | false | unknown | |
www.google.com | 142.250.186.36 | true | false | unknown | |
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.57.41 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
40terrastaffinggroup.com | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.36 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1525193 |
Start date and time: | 2024-10-03 20:49:20 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://40terrastaffinggroup.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGJkNzFkZWJlLTQwODUtNGNlMi1hYTNjLTdkN2YzNWU0YmVjMABGAAAAAABYpOmuJi7tQ6q5WuWub8ZLBwAtSgssfhXVSpJpksK16V0%2FAAAAAaZAAAD9bQqaleUESLifjGau%2Fsr4AALg9NVMAAABEgAQAJuQeKWKJU1KjyY7L4gSFMo%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiNjc1YTc1M2Q1MzRjNDEzZWEwNWE0NzNiMjBmMTNiZGIiLCJzaWduaW5fc3RhdGUiOiJrbXNpIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM4MDExMTk3Njc5MzA0NzJcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCIxOTBlMzE0NS0yZWQyLTRmMjItOTQ1OS01ZDhlMWZjOGI1MWVcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTM3NzMyMDA0NjctMTY0ODM0NzEzOC0zMzMzMzM0NDYyLTM1MTMxNDU2XCJ9IiwibmJmIjoxNzI3NzM4OTI3LCJleHAiOjE3Mjc3MzkyMjcsImlzcyI6IjAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJhdWQiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvYXR0YWNobWVudHMub2ZmaWNlLm5ldEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJoYXBwIjoib3dhIn0.DDCiPDY1j1uNmVpBJdSsAokX770OONzh8rv5z3s3gS-I-LsZMYCozhUrKhO2nQu85lawIrkoCL0RO8eT_rPCoQ3V2_5tTd-ECtyx_m8GRUsYCdWK0T-Az3fT7NIZIgikR3QFZXLLU0TVXK_M7DYsIECpjB4cA2rzUxYWUq20Y-DuKKf2BUUhaEjjqr8eB76_2oGXY1Xmli7920rKxpnH3vI8dTEDOqiSzre4gptAP6UcYoEXVHYMSRG7sdJXbXzw95rp1YaDecWGC5eRukjrW0UJC_PIguBm8pVd8uCcTUweRTH6CJ1725v0e5iFYzPPnTtLozIN7b7d1ZFnZQJ6ww&X-OWA-CANARY=bdvoV2GyMV8AAAAAAAAAAPDZi7in4dwYPpU5wYHasUhFap6Og7aDZ8VkPg5v52xCxWVdx1uX1GI.&owa=outlook.office.com&scriΡtVer=20240920004.10&clientId=03F5E497FBFD4312A9E577D9C247289D&animation=true |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | UNKNOWN |
Classification: | unknown0.win@19/0@14/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.16.206, 108.177.15.84, 142.250.176.195, 34.104.35.123, 23.211.8.90, 172.202.163.200, 217.20.57.41, 13.85.23.206, 192.229.221.95
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://40terrastaffinggroup.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGJkNzFkZWJlLTQwODUtNGNlMi1hYTNjLTdkN2YzNWU0YmVjMABGAAAAAABYpOmuJi7tQ6q5WuWub8ZLBwAtSgssfhXVSpJpksK16V0%2FAAAAAaZAAAD9bQqaleUESLifjGau%2Fsr4AALg9NVMAAABEgAQAJuQeKWKJU1KjyY7L4gSFMo%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiNjc1YTc1M2Q1MzRjNDEzZWEwNWE0NzNiMjBmMTNiZGIiLCJzaWduaW5fc3RhdGUiOiJrbXNpIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM4MDExMTk3Njc5MzA0NzJcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCIxOTBlMzE0NS0yZWQyLTRmMjItOTQ1OS01ZDhlMWZjOGI1MWVcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTM3NzMyMDA0NjctMTY0ODM0NzEzOC0zMzMzMzM0NDYyLTM1MTMxNDU2XCJ9Iiwi
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 3, 2024 20:50:15.800489902 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Oct 3, 2024 20:50:16.577188015 CEST | 49730 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:16.583671093 CEST | 53 | 49730 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:16.583734035 CEST | 49730 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:16.584453106 CEST | 49730 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:16.584682941 CEST | 49730 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:16.593420982 CEST | 53 | 49730 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:16.593430042 CEST | 53 | 49730 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:17.092555046 CEST | 53 | 49730 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:17.093131065 CEST | 49730 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:17.098462105 CEST | 53 | 49730 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:17.098537922 CEST | 49730 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:20.657345057 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:20.657382011 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:20.657479048 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:20.659421921 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:20.659436941 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:21.307008028 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:21.361905098 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:21.389273882 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:21.389296055 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:21.393171072 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:21.393188953 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:21.393273115 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:21.445065975 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:21.445298910 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:21.486859083 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:21.486885071 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:21.533730030 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:31.221283913 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:31.221442938 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:31.221492052 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:32.770651102 CEST | 49739 | 443 | 192.168.2.4 | 142.250.186.36 |
Oct 3, 2024 20:50:32.770682096 CEST | 443 | 49739 | 142.250.186.36 | 192.168.2.4 |
Oct 3, 2024 20:50:32.815644979 CEST | 49723 | 80 | 192.168.2.4 | 93.184.221.240 |
Oct 3, 2024 20:50:32.822113037 CEST | 80 | 49723 | 93.184.221.240 | 192.168.2.4 |
Oct 3, 2024 20:50:32.822154045 CEST | 49723 | 80 | 192.168.2.4 | 93.184.221.240 |
Oct 3, 2024 20:50:38.666867971 CEST | 60210 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:38.671700954 CEST | 53 | 60210 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:38.671777010 CEST | 60210 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:38.671801090 CEST | 60210 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:38.676635981 CEST | 53 | 60210 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:39.155633926 CEST | 53 | 60210 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:39.155893087 CEST | 60210 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:39.161154032 CEST | 53 | 60210 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:39.161211967 CEST | 60210 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 3, 2024 20:50:16.574359894 CEST | 53 | 64496 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:16.575038910 CEST | 53 | 50239 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:16.590612888 CEST | 53 | 57123 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:17.599515915 CEST | 53 | 57568 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:18.209435940 CEST | 56101 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:18.209634066 CEST | 61279 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:18.223742008 CEST | 53 | 56101 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:18.242767096 CEST | 53 | 61279 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:18.243423939 CEST | 61607 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:18.256548882 CEST | 53 | 61607 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:18.310652018 CEST | 60406 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 3, 2024 20:50:18.310883999 CEST | 53118 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:18.318845034 CEST | 53 | 53118 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:18.320902109 CEST | 53 | 60406 | 8.8.8.8 | 192.168.2.4 |
Oct 3, 2024 20:50:19.309653044 CEST | 52757 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:19.310687065 CEST | 53238 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:19.319963932 CEST | 53 | 52757 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:19.323616028 CEST | 53 | 53238 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:19.391851902 CEST | 62804 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:19.392712116 CEST | 63510 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:19.402749062 CEST | 53 | 62804 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:19.425445080 CEST | 53 | 63510 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:20.645454884 CEST | 61381 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:20.645596981 CEST | 53391 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:20.655869961 CEST | 53 | 61381 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:20.655909061 CEST | 53 | 53391 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:24.453748941 CEST | 61118 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:24.454786062 CEST | 57558 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:24.521050930 CEST | 53 | 57558 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:24.542454958 CEST | 53 | 61118 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:24.616250992 CEST | 49949 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 3, 2024 20:50:24.623718023 CEST | 53 | 49949 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:33.387693882 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Oct 3, 2024 20:50:34.622638941 CEST | 53 | 55999 | 1.1.1.1 | 192.168.2.4 |
Oct 3, 2024 20:50:38.666445017 CEST | 53 | 60452 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Oct 3, 2024 20:50:19.425522089 CEST | 192.168.2.4 | 1.1.1.1 | c237 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 3, 2024 20:50:18.209435940 CEST | 192.168.2.4 | 1.1.1.1 | 0xede | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:18.209634066 CEST | 192.168.2.4 | 1.1.1.1 | 0x6ee4 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:18.243423939 CEST | 192.168.2.4 | 1.1.1.1 | 0x48fb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:18.310652018 CEST | 192.168.2.4 | 8.8.8.8 | 0x5b0f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:18.310883999 CEST | 192.168.2.4 | 1.1.1.1 | 0xb1a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:19.309653044 CEST | 192.168.2.4 | 1.1.1.1 | 0xad0f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:19.310687065 CEST | 192.168.2.4 | 1.1.1.1 | 0x4a4 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:19.391851902 CEST | 192.168.2.4 | 1.1.1.1 | 0x1d3e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:19.392712116 CEST | 192.168.2.4 | 1.1.1.1 | 0x8057 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:20.645454884 CEST | 192.168.2.4 | 1.1.1.1 | 0x9717 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:20.645596981 CEST | 192.168.2.4 | 1.1.1.1 | 0x5cb4 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:24.453748941 CEST | 192.168.2.4 | 1.1.1.1 | 0xa898 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:24.454786062 CEST | 192.168.2.4 | 1.1.1.1 | 0xb9ea | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:24.616250992 CEST | 192.168.2.4 | 1.1.1.1 | 0x1813 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 3, 2024 20:50:18.223742008 CEST | 1.1.1.1 | 192.168.2.4 | 0xede | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:18.242767096 CEST | 1.1.1.1 | 192.168.2.4 | 0x6ee4 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:18.256548882 CEST | 1.1.1.1 | 192.168.2.4 | 0x48fb | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:18.318845034 CEST | 1.1.1.1 | 192.168.2.4 | 0xb1a | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:18.320902109 CEST | 8.8.8.8 | 192.168.2.4 | 0x5b0f | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:19.319963932 CEST | 1.1.1.1 | 192.168.2.4 | 0xad0f | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:19.323616028 CEST | 1.1.1.1 | 192.168.2.4 | 0x4a4 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:19.402749062 CEST | 1.1.1.1 | 192.168.2.4 | 0x1d3e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:19.425445080 CEST | 1.1.1.1 | 192.168.2.4 | 0x8057 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:20.655869961 CEST | 1.1.1.1 | 192.168.2.4 | 0x9717 | No error (0) | 142.250.186.36 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:20.655909061 CEST | 1.1.1.1 | 192.168.2.4 | 0x5cb4 | No error (0) | 65 | IN (0x0001) | false | |||
Oct 3, 2024 20:50:24.521050930 CEST | 1.1.1.1 | 192.168.2.4 | 0xb9ea | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Oct 3, 2024 20:50:24.542454958 CEST | 1.1.1.1 | 192.168.2.4 | 0xa898 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:24.623718023 CEST | 1.1.1.1 | 192.168.2.4 | 0x1813 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 3, 2024 20:50:29.859889030 CEST | 1.1.1.1 | 192.168.2.4 | 0xf85b | No error (0) | default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:29.859889030 CEST | 1.1.1.1 | 192.168.2.4 | 0xf85b | No error (0) | 217.20.57.41 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:29.859889030 CEST | 1.1.1.1 | 192.168.2.4 | 0xf85b | No error (0) | 217.20.57.39 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:29.859889030 CEST | 1.1.1.1 | 192.168.2.4 | 0xf85b | No error (0) | 84.201.210.34 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:29.859889030 CEST | 1.1.1.1 | 192.168.2.4 | 0xf85b | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:29.859889030 CEST | 1.1.1.1 | 192.168.2.4 | 0xf85b | No error (0) | 217.20.57.36 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:29.859889030 CEST | 1.1.1.1 | 192.168.2.4 | 0xf85b | No error (0) | 217.20.57.42 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:29.859889030 CEST | 1.1.1.1 | 192.168.2.4 | 0xf85b | No error (0) | 217.20.57.37 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:31.780878067 CEST | 1.1.1.1 | 192.168.2.4 | 0xa129 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 3, 2024 20:50:31.780878067 CEST | 1.1.1.1 | 192.168.2.4 | 0xa129 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 14:50:10 |
Start date: | 03/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 14:50:14 |
Start date: | 03/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 14:50:16 |
Start date: | 03/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |