Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://portal.tmhp.net/sites/COO/HMDO/LTC/Documents/Joy/CSR%20Phone%20Que%20Summary%202025.xlsx

Overview

General Information

Sample URL:http://portal.tmhp.net/sites/COO/HMDO/LTC/Documents/Joy/CSR%20Phone%20Que%20Summary%202025.xlsx
Analysis ID:1592375
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1948,i,14580394590889965810,6737270951148196035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://portal.tmhp.net/sites/COO/HMDO/LTC/Documents/Joy/CSR%20Phone%20Que%20Summary%202025.xlsx" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: portal.tmhp.net
Source: global trafficDNS traffic detected: DNS query: google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: classification engineClassification label: unknown0.win@21/0@21/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1948,i,14580394590889965810,6737270951148196035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://portal.tmhp.net/sites/COO/HMDO/LTC/Documents/Joy/CSR%20Phone%20Que%20Summary%202025.xlsx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1948,i,14580394590889965810,6737270951148196035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1592375 URL: http://portal.tmhp.net/site... Startdate: 16/01/2025 Architecture: WINDOWS Score: 0 14 portal.tmhp.net 2->14 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 16 192.168.2.4, 138, 443, 49290 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 www.google.com 142.250.185.132, 443, 49737 GOOGLEUS United States 11->20 22 portal.tmhp.net 11->22 24 google.com 11->24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://portal.tmhp.net/sites/COO/HMDO/LTC/Documents/Joy/CSR%20Phone%20Que%20Summary%202025.xlsx0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.186.78
truefalse
    		high
    www.google.com
    		142.250.185.132
    		truefalse
      		high
      portal.tmhp.net
      		unknown
      		unknownfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        142.250.185.132
        		www.google.comUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.4

        General Information

        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1592375
        Start date and time:2025-01-16 02:15:50 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 4s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:http://portal.tmhp.net/sites/COO/HMDO/LTC/Documents/Joy/CSR%20Phone%20Que%20Summary%202025.xlsx
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:7
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:UNKNOWN
        Classification:unknown0.win@21/0@21/3
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • URL browsing timeout or error

        Errors

        • URL not reachable

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.186.110, 64.233.184.84, 142.250.185.78, 142.250.185.206, 172.217.18.14, 199.232.210.172, 2.23.77.188, 142.250.186.78, 216.58.212.174, 184.28.90.27, 172.202.163.200
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: http://portal.tmhp.net/sites/COO/HMDO/LTC/Documents/Joy/CSR%20Phone%20Que%20Summary%202025.xlsx

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        No static file info

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 16, 2025 02:16:52.294677019 CET49675443192.168.2.4173.222.162.32
        Jan 16, 2025 02:16:55.131757975 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:16:55.131844997 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:16:55.131921053 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:16:55.132113934 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:16:55.132145882 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:16:55.787054062 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:16:55.787358999 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:16:55.787422895 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:16:55.788858891 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:16:55.788950920 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:16:55.790086985 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:16:55.790179968 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:16:55.843709946 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:16:55.843727112 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:16:55.890583992 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:17:05.708564997 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:17:05.708723068 CET44349737142.250.185.132192.168.2.4
        Jan 16, 2025 02:17:05.708811998 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:17:05.759879112 CET4972380192.168.2.4199.232.214.172
        Jan 16, 2025 02:17:05.765193939 CET8049723199.232.214.172192.168.2.4
        Jan 16, 2025 02:17:05.765364885 CET4972380192.168.2.4199.232.214.172
        Jan 16, 2025 02:17:07.453341961 CET49737443192.168.2.4142.250.185.132
        Jan 16, 2025 02:17:07.453380108 CET44349737142.250.185.132192.168.2.4

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 16, 2025 02:16:51.178783894 CET53597841.1.1.1192.168.2.4
        Jan 16, 2025 02:16:51.272010088 CET53492901.1.1.1192.168.2.4
        Jan 16, 2025 02:16:52.480694056 CET53526121.1.1.1192.168.2.4
        Jan 16, 2025 02:16:55.124372005 CET6512853192.168.2.41.1.1.1
        Jan 16, 2025 02:16:55.124440908 CET5524953192.168.2.41.1.1.1
        Jan 16, 2025 02:16:55.130893946 CET53552491.1.1.1192.168.2.4
        Jan 16, 2025 02:16:55.130913019 CET53651281.1.1.1192.168.2.4
        Jan 16, 2025 02:16:56.817503929 CET5957953192.168.2.41.1.1.1
        Jan 16, 2025 02:16:56.817826033 CET5691753192.168.2.41.1.1.1
        Jan 16, 2025 02:16:56.975255966 CET53595791.1.1.1192.168.2.4
        Jan 16, 2025 02:16:56.993050098 CET53569171.1.1.1192.168.2.4
        Jan 16, 2025 02:16:57.002867937 CET5335453192.168.2.41.1.1.1
        Jan 16, 2025 02:16:57.015434027 CET53533541.1.1.1192.168.2.4
        Jan 16, 2025 02:16:57.042160988 CET5148053192.168.2.48.8.8.8
        Jan 16, 2025 02:16:57.042444944 CET5946253192.168.2.41.1.1.1
        Jan 16, 2025 02:16:57.050497055 CET53594621.1.1.1192.168.2.4
        Jan 16, 2025 02:16:57.052167892 CET53514808.8.8.8192.168.2.4
        Jan 16, 2025 02:16:58.053790092 CET5759653192.168.2.41.1.1.1
        Jan 16, 2025 02:16:58.053920984 CET5673253192.168.2.41.1.1.1
        Jan 16, 2025 02:16:58.090948105 CET53575961.1.1.1192.168.2.4
        Jan 16, 2025 02:16:58.233494043 CET53567321.1.1.1192.168.2.4
        Jan 16, 2025 02:17:03.171786070 CET6081453192.168.2.41.1.1.1
        Jan 16, 2025 02:17:03.171921015 CET5144753192.168.2.41.1.1.1
        Jan 16, 2025 02:17:03.180032969 CET53608141.1.1.1192.168.2.4
        Jan 16, 2025 02:17:03.184114933 CET53514471.1.1.1192.168.2.4
        Jan 16, 2025 02:17:03.184912920 CET5622953192.168.2.41.1.1.1
        Jan 16, 2025 02:17:03.196417093 CET53562291.1.1.1192.168.2.4
        Jan 16, 2025 02:17:04.197283983 CET5692553192.168.2.41.1.1.1
        Jan 16, 2025 02:17:04.197417974 CET5148753192.168.2.41.1.1.1
        Jan 16, 2025 02:17:04.204705000 CET53569251.1.1.1192.168.2.4
        Jan 16, 2025 02:17:04.240807056 CET6214653192.168.2.41.1.1.1
        Jan 16, 2025 02:17:04.241091967 CET5064853192.168.2.48.8.8.8
        Jan 16, 2025 02:17:04.247421026 CET53621461.1.1.1192.168.2.4
        Jan 16, 2025 02:17:04.249674082 CET53506488.8.8.8192.168.2.4
        Jan 16, 2025 02:17:04.370377064 CET53514871.1.1.1192.168.2.4
        Jan 16, 2025 02:17:04.597115993 CET138138192.168.2.4192.168.2.255
        Jan 16, 2025 02:17:09.679864883 CET53620271.1.1.1192.168.2.4
        Jan 16, 2025 02:17:12.974721909 CET6186753192.168.2.41.1.1.1
        Jan 16, 2025 02:17:12.975111961 CET5304153192.168.2.41.1.1.1
        Jan 16, 2025 02:17:12.983081102 CET53618671.1.1.1192.168.2.4
        Jan 16, 2025 02:17:12.988679886 CET53530411.1.1.1192.168.2.4
        Jan 16, 2025 02:17:12.990993023 CET5957353192.168.2.41.1.1.1
        Jan 16, 2025 02:17:12.997910976 CET53595731.1.1.1192.168.2.4
        Jan 16, 2025 02:17:13.011945963 CET5638853192.168.2.41.1.1.1
        Jan 16, 2025 02:17:13.012295961 CET6466953192.168.2.48.8.8.8
        Jan 16, 2025 02:17:13.019016027 CET53563881.1.1.1192.168.2.4
        Jan 16, 2025 02:17:13.021958113 CET53646698.8.8.8192.168.2.4

        ICMP Packets

        TimestampSource IPDest IPChecksumCodeType
        Jan 16, 2025 02:16:58.233628035 CET192.168.2.41.1.1.1c229(Port unreachable)Destination Unreachable
        Jan 16, 2025 02:17:04.370471001 CET192.168.2.41.1.1.1c229(Port unreachable)Destination Unreachable

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 16, 2025 02:16:55.124372005 CET192.168.2.41.1.1.10x6761Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:55.124440908 CET192.168.2.41.1.1.10x3097Standard query (0)www.google.com65IN (0x0001)false
        Jan 16, 2025 02:16:56.817503929 CET192.168.2.41.1.1.10x6e86Standard query (0)portal.tmhp.netA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:56.817826033 CET192.168.2.41.1.1.10x882eStandard query (0)portal.tmhp.net65IN (0x0001)false
        Jan 16, 2025 02:16:57.002867937 CET192.168.2.41.1.1.10x7bb9Standard query (0)portal.tmhp.netA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:57.042160988 CET192.168.2.48.8.8.80x5596Standard query (0)google.comA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:57.042444944 CET192.168.2.41.1.1.10xfda5Standard query (0)google.comA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:58.053790092 CET192.168.2.41.1.1.10x6e12Standard query (0)portal.tmhp.netA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:58.053920984 CET192.168.2.41.1.1.10x7295Standard query (0)portal.tmhp.net65IN (0x0001)false
        Jan 16, 2025 02:17:03.171786070 CET192.168.2.41.1.1.10x6f0aStandard query (0)portal.tmhp.netA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:03.171921015 CET192.168.2.41.1.1.10x8f3fStandard query (0)portal.tmhp.net65IN (0x0001)false
        Jan 16, 2025 02:17:03.184912920 CET192.168.2.41.1.1.10xa1f7Standard query (0)portal.tmhp.netA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:04.197283983 CET192.168.2.41.1.1.10x7e12Standard query (0)portal.tmhp.netA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:04.197417974 CET192.168.2.41.1.1.10x325Standard query (0)portal.tmhp.net65IN (0x0001)false
        Jan 16, 2025 02:17:04.240807056 CET192.168.2.41.1.1.10xd8a2Standard query (0)google.comA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:04.241091967 CET192.168.2.48.8.8.80xd9f2Standard query (0)google.comA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:12.974721909 CET192.168.2.41.1.1.10x72cbStandard query (0)portal.tmhp.netA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:12.975111961 CET192.168.2.41.1.1.10xa168Standard query (0)portal.tmhp.net65IN (0x0001)false
        Jan 16, 2025 02:17:12.990993023 CET192.168.2.41.1.1.10x46f9Standard query (0)portal.tmhp.netA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:13.011945963 CET192.168.2.41.1.1.10x1bfdStandard query (0)google.comA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:13.012295961 CET192.168.2.48.8.8.80x8175Standard query (0)google.comA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 16, 2025 02:16:55.130893946 CET1.1.1.1192.168.2.40x3097No error (0)www.google.com65IN (0x0001)false
        Jan 16, 2025 02:16:55.130913019 CET1.1.1.1192.168.2.40x6761No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:56.975255966 CET1.1.1.1192.168.2.40x6e86Name error (3)portal.tmhp.netnonenoneA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:56.993050098 CET1.1.1.1192.168.2.40x882eName error (3)portal.tmhp.netnonenone65IN (0x0001)false
        Jan 16, 2025 02:16:57.015434027 CET1.1.1.1192.168.2.40x7bb9Name error (3)portal.tmhp.netnonenoneA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:57.050497055 CET1.1.1.1192.168.2.40xfda5No error (0)google.com142.250.186.78A (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:57.052167892 CET8.8.8.8192.168.2.40x5596No error (0)google.com142.251.141.46A (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:58.090948105 CET1.1.1.1192.168.2.40x6e12Name error (3)portal.tmhp.netnonenoneA (IP address)IN (0x0001)false
        Jan 16, 2025 02:16:58.233494043 CET1.1.1.1192.168.2.40x7295Name error (3)portal.tmhp.netnonenone65IN (0x0001)false
        Jan 16, 2025 02:17:03.180032969 CET1.1.1.1192.168.2.40x6f0aName error (3)portal.tmhp.netnonenoneA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:03.184114933 CET1.1.1.1192.168.2.40x8f3fName error (3)portal.tmhp.netnonenone65IN (0x0001)false
        Jan 16, 2025 02:17:03.196417093 CET1.1.1.1192.168.2.40xa1f7Name error (3)portal.tmhp.netnonenoneA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:04.204705000 CET1.1.1.1192.168.2.40x7e12Name error (3)portal.tmhp.netnonenoneA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:04.247421026 CET1.1.1.1192.168.2.40xd8a2No error (0)google.com142.250.185.78A (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:04.249674082 CET8.8.8.8192.168.2.40xd9f2No error (0)google.com142.251.141.46A (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:04.370377064 CET1.1.1.1192.168.2.40x325Name error (3)portal.tmhp.netnonenone65IN (0x0001)false
        Jan 16, 2025 02:17:12.983081102 CET1.1.1.1192.168.2.40x72cbName error (3)portal.tmhp.netnonenoneA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:12.988679886 CET1.1.1.1192.168.2.40xa168Name error (3)portal.tmhp.netnonenone65IN (0x0001)false
        Jan 16, 2025 02:17:12.997910976 CET1.1.1.1192.168.2.40x46f9Name error (3)portal.tmhp.netnonenoneA (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:13.019016027 CET1.1.1.1192.168.2.40x1bfdNo error (0)google.com172.217.16.206A (IP address)IN (0x0001)false
        Jan 16, 2025 02:17:13.021958113 CET8.8.8.8192.168.2.40x8175No error (0)google.com142.251.141.46A (IP address)IN (0x0001)false

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:20:16:46
        Start date:15/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:2
        Start time:20:16:49
        Start date:15/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1948,i,14580394590889965810,6737270951148196035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:3
        Start time:20:16:55
        Start date:15/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://portal.tmhp.net/sites/COO/HMDO/LTC/Documents/Joy/CSR%20Phone%20Que%20Summary%202025.xlsx"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Disassembly

        No disassembly