Windows
Analysis Report
https://66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app/
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 6528 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 4536 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2068 --fi eld-trial- handle=192 0,i,503674 2605858129 08,1468694 5758166603 473,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- chrome.exe (PID: 5328 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://66e41 162be8b44f a4ef98165- -lively-me ringue-d6f cef.netlif y.app/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | SlashNext: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | SlashNext | Fraudulent Website type: Phishing & Social Engineering |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.185.132 | true | false | unknown | |
66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app | 3.72.140.173 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
3.72.140.173 | 66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app | United States | 16509 | AMAZON-02US | false | |
142.250.185.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.18 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528313 |
Start date and time: | 2024-10-07 19:11:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.win@16/10@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.184.238, 172.253.115.84, 34.104.35.123, 93.184.221.240
- Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: https://66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app/
Input | Output |
---|---|
URL: https://66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app/ Model: jbxai | "{ \"brand\": [\"Netlify\"], \"contains_trigger_text\": false, \"trigger_text\": \"\", \"prominent_button_name\": \"Back to our site\", \"text_input_field_labels\": \"unknown\", \"pdf_icon_visible\": false, \"has_visible_captcha\": false, \"has_urgent_text\": false, \"text\": \"Site Not Found Looks like you've followed a broken link or entered a URL that doesn't exist on Netlify. If this is your site, and you weren't expecting a 404 for this path, please visit Netlify's \"page not found\" support guide for troubleshooting tips. Netlify Internal ID: 01J9KZEGBDQ4QMSG7YXM667CWM\" } " |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.968893787690705 |
Encrypted: | false |
SSDEEP: | 48:8DJd6T5m1NHEUidAKZdA1rehwiZUklqeh3y+3:8DuVm1H8y |
MD5: | AF2260B1C3707F9764F7FEDCCAB913F1 |
SHA1: | BB73ECC3F1D23398C9A1B963B4D2A1E3DF0A6C92 |
SHA-256: | B81D4093411A5219219C9E9C4C636A84A7031C1A2FED4206442631FC0463A222 |
SHA-512: | 546361E2A888469EE8894AA7985162BADD510A198619003842C79771BAE0F8C8CB54FE0806C9D3F55DE0368107D97712D87E1C0322FEF0E24B4810276CAC869D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9849556673227147 |
Encrypted: | false |
SSDEEP: | 48:83Jd6T5m1NHEUidAKZdA1ceh/iZUkAQkqehsy+2:83uVm1T9Qly |
MD5: | 527AF394C696EC757BC514C0370B3723 |
SHA1: | D36C12D976F87776B5A3413B8E7C9D5D52DD6E93 |
SHA-256: | 4155F4C756FEFADCF4AD0BEDADB429C35F522811407462E5151EA722937DFCAD |
SHA-512: | 578AA6BF65AFFBE3D00FFDC13EC30B41E5A6224217237467650C1EDACE02E8536D76661DCF3C9BCB284D8392A607CBD9C989749D2E1A2385FCB9930C91BCA73A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2691 |
Entropy (8bit): | 3.9952332611629164 |
Encrypted: | false |
SSDEEP: | 48:8XRJd6T5m1SHEUidAKZdA14Aeh7sFiZUkmgqeh7syy+BX:8huVm1kngy |
MD5: | BC03AA055A0A8AF12269DEE36EF844F5 |
SHA1: | EEE6534BBC5480E4712AD4A53C82009FC8456366 |
SHA-256: | 532682821208C880E57BB977F0184FD8A51085691E30E873E6F2C16CB994A00E |
SHA-512: | 89365216040246F545F5BB24AFB7D0077A4673153CE6623C1D2066751B75A96B68FC6B235DBC528689D7DA2DE55A14A010103B9EE5E667FDBD1BC3C3D84F30C6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9829798581880684 |
Encrypted: | false |
SSDEEP: | 48:8tJd6T5m1NHEUidAKZdA1JehDiZUkwqeh4y+R:8tuVm1eKy |
MD5: | CA678593E2405BD518F21CB88AECAD08 |
SHA1: | F03DF6D314A01CF0F91A4059A18A820C259D32C4 |
SHA-256: | CD5767A662034D7B784541A74F2F883D8C86FE35E36799B864B548E12569CD10 |
SHA-512: | 690603AC37F8ADDF509C2D39B46651366B813E1BC71B3E581FED00D53A43DB379DC25D467D2F7B254310466CB7A05E7281E8CCEB23C94B89A5A3A94A25DAA47D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.972627780301279 |
Encrypted: | false |
SSDEEP: | 48:8VJd6T5m1NHEUidAKZdA1XehBiZUk1W1qehmy+C:8VuVm1+9Gy |
MD5: | 4FCF343B15B36D03E8361E7F89DB3C43 |
SHA1: | EA8A2D7A774EF575865640379052575195A80191 |
SHA-256: | 66B7F01983753B3B7A57C9E1EA2C0CDBBB6AE9E4D93FF173852D6C183D2BC2BF |
SHA-512: | 90F7F434D9049EB72FE96AF53809848DE94EB390466EB65CAAB7C1F9DCC59B8E7CB0D2D4AA29AB4158C7E985FAC062D7655B835A3C24919A4DF18AD91B377270 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.983088671660835 |
Encrypted: | false |
SSDEEP: | 48:8BJd6T5m1NHEUidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbgy+yT+:8BuVm1yT/TbxWOvTbgy7T |
MD5: | 4E5839A5FDBED3C9C5D26C417D1BF4CF |
SHA1: | 29E7FB202C52307F122BF75C66C2FF90A87D40AB |
SHA-256: | DCCEA8EE98414367FD1048A7F58C540EED0FEEA95D179D989FE1817B5772CD1C |
SHA-512: | D0171C0557CFC1BF0AE971845170F8AAE4612CBE2B16ABD69DCB6072738DB55A473C8BAE7B4E6AB760B36AFB25582C3AD8FEC71AE669A1DA39C9EE8F854DD8DF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2768 |
Entropy (8bit): | 5.519909620656247 |
Encrypted: | false |
SSDEEP: | 48:0rCTeIlUJ+0WfAd1QpED3qBTRnejUnyzpFJlQoPZUHotkhXPQWi/m:IIlEQpEUUXx/KoStPQO |
MD5: | 5DA607B0A5A5647AEF39AA15D0103847 |
SHA1: | EBE347E44F9F5D96D1367581D132F75657EFA220 |
SHA-256: | 01F0619B95D9757E09FAB71E234AADD12F91578083FFD91C723252AB3686A8A8 |
SHA-512: | DF3E483A6800024116F0949F755B657695537D99F2924CAF5A54B70324D1566E3C37FF096A2DFB940384F7997DDAAF73E44336498AF332742B5E5EC06ACE69AA |
Malicious: | false |
Reputation: | low |
URL: | https://66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 50 |
Entropy (8bit): | 4.861467880199448 |
Encrypted: | false |
SSDEEP: | 3:ObynQA2cueyRj:ObPHcuLj |
MD5: | FD3DE1BA21F98EA0AFE4E405B159748B |
SHA1: | CAE308D9BA3FB74D6AB18BB15090CEDC9D079B59 |
SHA-256: | DA8C1E25EFD930AF71FA18F99970BCAEB9786873C12ACC7E2A891457DD1D287F |
SHA-512: | F236FCC133A57F9A1624500ABAACC9B4BC1945DA04CB22D44CD9C72D0FAE0101C58C9237FEA02F9B3B43F6608F7421857F795E757D0AEBE3A999F9208082775F |
Malicious: | false |
Reputation: | low |
URL: | https://66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 19:11:48.786067963 CEST | 49694 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:48.791115999 CEST | 53 | 49694 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:48.791290998 CEST | 49694 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:48.791290998 CEST | 49694 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:48.791321039 CEST | 49694 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:48.796190023 CEST | 53 | 49694 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:48.796204090 CEST | 53 | 49694 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:49.390707016 CEST | 53 | 49694 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:49.391211987 CEST | 49694 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:49.396641016 CEST | 53 | 49694 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:49.396740913 CEST | 49694 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:49.473511934 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:49.473541975 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:49.473601103 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:49.473849058 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:49.473902941 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:49.473949909 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:49.474041939 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:49.474056959 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:49.474337101 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:49.474354029 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.162782907 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.163410902 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.163422108 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.164407015 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.165450096 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.165450096 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.165515900 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.165622950 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.165630102 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.169408083 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.169774055 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.169785023 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.171009064 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.171075106 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.172008991 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.172075987 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.215137959 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.221987009 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.222023964 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.262510061 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.464472055 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.464528084 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.464606047 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.464728117 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.464728117 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.466847897 CEST | 49696 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.466869116 CEST | 443 | 49696 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.540643930 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.587405920 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.714600086 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.714782953 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:50.715013027 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.715450048 CEST | 49697 | 443 | 192.168.2.18 | 3.72.140.173 |
Oct 7, 2024 19:11:50.715473890 CEST | 443 | 49697 | 3.72.140.173 | 192.168.2.18 |
Oct 7, 2024 19:11:52.892541885 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:52.892570019 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:52.892643929 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:52.894220114 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:52.894232035 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.514008999 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:11:53.514049053 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:11:53.514111996 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:11:53.514395952 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:11:53.514406919 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:11:53.673990965 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.674181938 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.679157972 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.679172039 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.679442883 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.723409891 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.771400928 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.942959070 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.943039894 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.943101883 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.943176031 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.943190098 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.943201065 CEST | 49701 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.943207026 CEST | 443 | 49701 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.972290993 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.972345114 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:53.972455025 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.972784996 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:53.972799063 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:54.337332964 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:11:54.338177919 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:11:54.338190079 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:11:54.339237928 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:11:54.339309931 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:11:54.345212936 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:11:54.345304012 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:11:54.398468971 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:11:54.398487091 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:11:54.446465969 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:11:54.739123106 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:54.739208937 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:54.740551949 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:54.740564108 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:54.740806103 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:54.741941929 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:54.783412933 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:55.003700018 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:55.003915071 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:55.003998041 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:55.004858971 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:55.004878998 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:55.004890919 CEST | 49703 | 443 | 192.168.2.18 | 184.28.90.27 |
Oct 7, 2024 19:11:55.004898071 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.18 |
Oct 7, 2024 19:11:59.438940048 CEST | 49673 | 443 | 192.168.2.18 | 204.79.197.203 |
Oct 7, 2024 19:11:59.718348026 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:11:59.718405008 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:11:59.718554020 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:11:59.719810009 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:11:59.719827890 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:11:59.741605043 CEST | 49673 | 443 | 192.168.2.18 | 204.79.197.203 |
Oct 7, 2024 19:12:00.345504045 CEST | 49673 | 443 | 192.168.2.18 | 204.79.197.203 |
Oct 7, 2024 19:12:00.441103935 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.441184044 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.444065094 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.444073915 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.444461107 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.489526987 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.504995108 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.547391891 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748198032 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748222113 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748229980 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748239994 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748270035 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748347044 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.748372078 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748389006 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.748395920 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748403072 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748426914 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.748434067 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.748485088 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.760147095 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.760165930 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:00.760174990 CEST | 49704 | 443 | 192.168.2.18 | 20.109.210.53 |
Oct 7, 2024 19:12:00.760179996 CEST | 443 | 49704 | 20.109.210.53 | 192.168.2.18 |
Oct 7, 2024 19:12:01.554502010 CEST | 49673 | 443 | 192.168.2.18 | 204.79.197.203 |
Oct 7, 2024 19:12:03.964529037 CEST | 49673 | 443 | 192.168.2.18 | 204.79.197.203 |
Oct 7, 2024 19:12:04.157393932 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:12:04.157457113 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:12:04.157521963 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:12:04.924541950 CEST | 49702 | 443 | 192.168.2.18 | 142.250.185.132 |
Oct 7, 2024 19:12:04.924577951 CEST | 443 | 49702 | 142.250.185.132 | 192.168.2.18 |
Oct 7, 2024 19:12:06.567126036 CEST | 49679 | 443 | 192.168.2.18 | 52.182.141.63 |
Oct 7, 2024 19:12:06.870692015 CEST | 49679 | 443 | 192.168.2.18 | 52.182.141.63 |
Oct 7, 2024 19:12:07.481436968 CEST | 49679 | 443 | 192.168.2.18 | 52.182.141.63 |
Oct 7, 2024 19:12:08.693650961 CEST | 49679 | 443 | 192.168.2.18 | 52.182.141.63 |
Oct 7, 2024 19:12:08.773546934 CEST | 49673 | 443 | 192.168.2.18 | 204.79.197.203 |
Oct 7, 2024 19:12:11.104521990 CEST | 49679 | 443 | 192.168.2.18 | 52.182.141.63 |
Oct 7, 2024 19:12:15.912564993 CEST | 49679 | 443 | 192.168.2.18 | 52.182.141.63 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 19:11:48.747963905 CEST | 53 | 60006 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:48.752677917 CEST | 53 | 64627 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:48.752923965 CEST | 53 | 55502 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:49.462965012 CEST | 56713 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:49.463129997 CEST | 60293 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:49.472945929 CEST | 53 | 60293 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:49.472999096 CEST | 53 | 56713 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:49.959037066 CEST | 53 | 62096 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:53.505588055 CEST | 64131 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:53.505589008 CEST | 50306 | 53 | 192.168.2.18 | 1.1.1.1 |
Oct 7, 2024 19:11:53.512904882 CEST | 53 | 50306 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:11:53.513178110 CEST | 53 | 64131 | 1.1.1.1 | 192.168.2.18 |
Oct 7, 2024 19:12:06.974980116 CEST | 53 | 64768 | 1.1.1.1 | 192.168.2.18 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 7, 2024 19:11:49.462965012 CEST | 192.168.2.18 | 1.1.1.1 | 0x1e4f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 19:11:49.463129997 CEST | 192.168.2.18 | 1.1.1.1 | 0x5f5 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 7, 2024 19:11:53.505588055 CEST | 192.168.2.18 | 1.1.1.1 | 0x3030 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 19:11:53.505589008 CEST | 192.168.2.18 | 1.1.1.1 | 0xf7f | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 19:11:49.472999096 CEST | 1.1.1.1 | 192.168.2.18 | 0x1e4f | No error (0) | 3.72.140.173 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 19:11:49.472999096 CEST | 1.1.1.1 | 192.168.2.18 | 0x1e4f | No error (0) | 3.70.101.28 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 19:11:53.512904882 CEST | 1.1.1.1 | 192.168.2.18 | 0xf7f | No error (0) | 65 | IN (0x0001) | false | |||
Oct 7, 2024 19:11:53.513178110 CEST | 1.1.1.1 | 192.168.2.18 | 0x3030 | No error (0) | 142.250.185.132 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.18 | 49696 | 3.72.140.173 | 443 | 4536 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 17:11:50 UTC | 703 | OUT | |
2024-10-07 17:11:50 UTC | 270 | IN | |
2024-10-07 17:11:50 UTC | 916 | IN | |
2024-10-07 17:11:50 UTC | 1871 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.18 | 49697 | 3.72.140.173 | 443 | 4536 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 17:11:50 UTC | 676 | OUT | |
2024-10-07 17:11:50 UTC | 313 | IN | |
2024-10-07 17:11:50 UTC | 50 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.18 | 49701 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 17:11:53 UTC | 161 | OUT | |
2024-10-07 17:11:53 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.18 | 49703 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 17:11:54 UTC | 239 | OUT | |
2024-10-07 17:11:54 UTC | 515 | IN | |
2024-10-07 17:11:54 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.18 | 49704 | 20.109.210.53 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 17:12:00 UTC | 306 | OUT | |
2024-10-07 17:12:00 UTC | 560 | IN | |
2024-10-07 17:12:00 UTC | 15824 | IN | |
2024-10-07 17:12:00 UTC | 8666 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 13:11:46 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728d30000 |
File size: | 3'242'272 bytes |
MD5 hash: | 83395EAB5B03DEA9720F8D7AC0D15CAA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 13:11:47 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728d30000 |
File size: | 3'242'272 bytes |
MD5 hash: | 83395EAB5B03DEA9720F8D7AC0D15CAA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 13:11:48 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728d30000 |
File size: | 3'242'272 bytes |
MD5 hash: | 83395EAB5B03DEA9720F8D7AC0D15CAA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |