Edit tour

Windows Analysis Report
http://d.agkn.com

Overview

General Information

Sample URL:	http://d.agkn.com
Analysis ID:	1301133
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4892 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 6124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1924,i,6277767785072998790,2320665864670967467,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 6332 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://d.agkn.com MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Dvrtrktau_uydMvoGc1_xfN2ULJBRPHxz6q2oM2aufczSxk8Cchv3g2jlLVO-eHXlJ_BwPi1P-zYcjdR9AuTyG10jrJ2AzQ7yL8SBUliEafdzZn70Pmm-r8GrPXaz7LFgctn_yZRHpJXI09tbP_WroWCmYwT_a7Fwj8gHnQ5nbY; AEC=Ad49MVGGktvnyMQBXjxfVM4VyQMgBORLkDWV_5bpQs3oS50vEqIAFgkFMBQ; CONSENT=PENDING+008; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmRlIAEaBgiA0dCmBg; __Secure-ENID=14.SE=ASWfeSSVBcK3LyggZgGhgI5yIs3Z2wYpfR6yuK81LiYU6I0bFs937AKcakQoHnJkxVLloWnpVW_r8Ar2dupLdGHUm260SY6_u_8bKbtIVuC2UT3_Sjp3_6n5MjyjVSOfngggQke4VZle0rxsEtTK1UwAzXaROx3bb_2_jH9Xta1jpoaREw

Source: classification engine

Classification label: clean0.win@28/5@22/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\chrome_BITS_4892_593442001

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1924,i,6277767785072998790,2320665864670967467,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://d.agkn.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1924,i,6277767785072998790,2320665864670967467,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_4892_593442001	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\crl-set	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\manifest.fingerprint	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://d.agkn.com	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com	52.50.39.94	true	false	high
google.com	142.251.36.174	true	false	high
accounts.google.com	142.251.36.237	true	false	high
www.google.com	142.251.37.4	true	false	high
clients.l.google.com	172.217.16.174	true	false	high
clients2.google.com	unknown	unknown	false	high
www.404.html	unknown	unknown	false	unknown
d.agkn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://d.agkn.com/	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.37.4	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.36.237	accounts.google.com	United States	15169	GOOGLEUS	false
172.217.16.174	clients.l.google.com	United States	15169	GOOGLEUS	false
224.0.0.22	unknown	Reserved	unknown	unknown	false
52.50.39.94	tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1301133
Start date and time:	2023-08-31 16:39:52 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://d.agkn.com
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@28/5@22/7
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.37.3, 34.104.35.123, 172.217.16.163
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, edgedl.me.gvt1.com, eudb.ris.api.iris.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://d.agkn.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1511
Entropy (8bit):	5.977120249863645
Encrypted:	false
SSDEEP:	24:pZRj/flTU3YdZbPjoYAc7aoXrbE0Y8aS09pwfDn3zMoXPngvHMWATu0vNV:p/hUI7B7akPE38aJ9YDMkPMFATuij
MD5:	3D79AA3131F673619794E28868421331
SHA1:	87B4BD87DD25FB3F5400A42A327F67A6F72DC8DC
SHA-256:	79D9CD982CFE30DDFBFBB83BEEBA2B7E36BAB3A869ED521FACC53A0A2B856C6B
SHA-512:	6B89DFDB0E86CFDC6C591BE96BEA99B7C8D2984A97720F9FDDA04E19D684BED345257BB3B565BF40A25657C2F94D96291C7BFF9FD80D37F5D7540F94B8352CF9
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6ImNybC1zZXQiLCJyb290X2hhc2giOiJuanV3Tm1kSzhsQXFWSnhNcUVObjJGYlhWcDd5MEVCams5alJxX2VXR0ZBIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6Ikp6R1JQUDRLRDgtUTk2ay1Pa1hsMXB1eEhKd25fM0VaSHUtRXJ2N0NFblkifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJoZm5rcGltbGhoZ2llYWRkZ2ZlbWpob2ZtZmJsbW5pYiIsIml0ZW1fdmVyc2lvbiI6IjgyMTAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"Ihz4kTNCApOECNveeufuhJ-yaNl8TaTIpZWT8e7rVu5TMIO8PI9gNXpJ83r0DTiGHsGrAPo8kzfLKZA6Z1KN_FCty2oCMT9OH0JbwTpoINYfg1ZpeV2F3yAVz3yRofJGiS0wUGluakcOgnJpTFk_qWVrVzFxnqP3XdZdOdUG2RFMJXiVowQSQx2xVDknWkj5wU3MgK6ixfbtlTNFrAup2PJPWFlVKv95GrZkxItpAjlR7ZVcbF4nCZbkHZIqqOXBoCQ

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\crl-set

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	23639
Entropy (8bit):	7.834140528408938
Encrypted:	false
SSDEEP:	384:i26XPKN2vsBUiZetscfm8/ca3PgQXForZ4K0ehJ0tspr6FZ7iUv2wBRmNDO9iK6e:if1kvosE9ca3YQXFoV50MJ0WpWXFbRmM
MD5:	3C91A1F65C479FE73953428410B06991
SHA1:	3823342D6BAFA0AAE6FCB779CA0E1606037AA764
SHA-256:	6F16C9C38C482BEA7D399DB61D3A71E0101A32A185905A1776ED1A59FEF52567
SHA-512:	631139DCB8E479FD7A64070808BBAA3F552A4CD4487D3F64198A357C05D1BE68021669B240AED64042FAFBA0794C3D8FCF759116983AE70AFA37E80447053AC8
Malicious:	false
Reputation:	low
Preview:	..{"Version":0,"ContentType":"CRLSet","Sequence":8210,"DeltaFrom":0,"NumParents":215,"BlockedSPKIs":["Jdoa1Yu/z7In2HI7GFfUwY57qnQXtPnv+TZrXoafizk=","li5LVLuYp+5dX+uWM/mR08MwDpUU2t57DU+CjHlPjoc=","yP3cdcsb27WMB7TqhHKH9iZlndZrwQomrdm1dbOgo40=","BN3pqpp59hSYaCMl+ghwJ2cH+5ypU4QSC0aJMmhJT8k=","6of0Yt7v/713daoqS34Py5HCLu5t9p7ZAQDMxzsxFHY=","xj1oxkihi3dkHEJ6Zp1hyXaKVfT80DIurJbFdwApnPE=","ev5LBxovH0b4upRKJtWE1ZYLkvtIw7obfKuEkF8yqs0=","tbqN1/iVZMKInT1kU8hJmMd4JJGbZOoINapimGWRvlA=","wO0gU0a7veButWD1zuAqNjTiR0p+ds+PvvVjuxF90OM=","eBpM8ukkUvPuAdDDgaQhTzkEFlw5CtvWH80RJE4Jstw=","/NdsyiNH5c1bOTR/Uc9DZUtpor/JBzZwpr5H2HAebg4=","lo26afv/Fb83YgiUMa3lp+rUt+rxvnACaBC8V9HGT24=","fNKVt1VEgIq9lAlGbwg3xarcAuM7YVDGZE3goJZZ8jw=","9Sk9R+041MMbLULe47WzrOl8omyirANl42Iu6AITH7s=","nFmjzK6kaZhCsGjPxSz5RdtRmGlXyDLNsYynOEn7ue4=","OUz/WJ5okxLPwHHuC8Gf5MYGIWzlQ0Kd5tti5C27O8E=","NuqWEoyJg5+2IfitDh7gucIgb2Kre02ixnZYk8m3ztI=","pqyh7JgJzFtIIf+dKcXr5lGWC5Gx8ZzIm1Xvh4GKlQk=","MO/kE4JHbDOA8C9+I+ZrovhnsFnuHqaHlrRBuFtdElY=","r1kVG

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.6639481908488953
Encrypted:	false
SSDEEP:	3:ScInhDtSHXps+reyEG7BbOn:ScIhDtSHHSMbO
MD5:	83D36DC9ACA0DADB744F15E672F31BD6
SHA1:	E416FFA6A000AAA75EBF81C1DB656A36DDD39A51
SHA-256:	BD21A054D201C16B20572A2AE3E09181EF7E879F0B833182D6D2EC795820B667
SHA-512:	4669456C4185CF1477C606971D40FE650835558B2C1330674E130048DA0817C6AC8B6F80D1F2AF8548511E6B55818018C85B92C779256831221D635F18C09809
Malicious:	false
Reputation:	low
Preview:	1.9f1719bcfc7273deb22f7c3cab7e0014f4bbbc7a128a171f74e3ed7b4c4ffcae

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	94
Entropy (8bit):	4.715151389359277
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFJKQc0Rfs1EREBFgS18A:F6VlMCJ0Rk+9S1n
MD5:	5450DA680DF6A4038ABF59F00AF149CC
SHA1:	F2818C80742EEAE35936FAEA630544E23D3BDE9B
SHA-256:	2731913CFE0A0FCF90F7A93E3A45E5D69BB11C9C27FF71191EEF84AEFEC21276
SHA-512:	34043EB50F5C366183FEB93AC044E2EF8511110011EE26C9CDFB839A24848763376C8798ACEFF3978525E394322E4ED8F853333DAFE1EA608857796BB6974377
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "crl-set-3159063426866608463.data",. "version": "8210".}

Total Packets: 73
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2023 16:41:00.329466105 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.329493999 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.329572916 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.331525087 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.331553936 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.343271971 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.343347073 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.343440056 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.344053030 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.344086885 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.411858082 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.426888943 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.459748983 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.463979959 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.464025974 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.464294910 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.464354038 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.465527058 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.465631962 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.466928005 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.467080116 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.467278004 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.467385054 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.469245911 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.469465017 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.469620943 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.469670057 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.469975948 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.470222950 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.470361948 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.470387936 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.506318092 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.506686926 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.506747961 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.506778955 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.508358002 CEST	49736	443	192.168.2.5	172.217.16.174
Aug 31, 2023 16:41:00.508404016 CEST	443	49736	172.217.16.174	192.168.2.5
Aug 31, 2023 16:41:00.514143944 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.570070028 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.570236921 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.570422888 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.570851088 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:00.570959091 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.571729898 CEST	49735	443	192.168.2.5	142.251.36.237
Aug 31, 2023 16:41:00.571754932 CEST	443	49735	142.251.36.237	192.168.2.5
Aug 31, 2023 16:41:01.225159883 CEST	49738	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:01.225794077 CEST	49739	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:01.271575928 CEST	80	49738	52.50.39.94	192.168.2.5
Aug 31, 2023 16:41:01.271728039 CEST	49738	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:01.272824049 CEST	49738	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:01.274178982 CEST	80	49739	52.50.39.94	192.168.2.5
Aug 31, 2023 16:41:01.274317026 CEST	49739	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:01.319065094 CEST	80	49738	52.50.39.94	192.168.2.5
Aug 31, 2023 16:41:01.320038080 CEST	80	49738	52.50.39.94	192.168.2.5
Aug 31, 2023 16:41:01.379290104 CEST	49738	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:03.464797974 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:03.464893103 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:03.465095043 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:03.465467930 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:03.465514898 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:03.530432940 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:03.535279989 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:03.535348892 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:03.537132025 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:03.537235975 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:03.539104939 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:03.539480925 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:03.591094017 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:03.591144085 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:03.794259071 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:13.542968988 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:13.543075085 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:13.543184996 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:16.495867968 CEST	49740	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:41:16.495944977 CEST	443	49740	142.251.37.4	192.168.2.5
Aug 31, 2023 16:41:32.142551899 CEST	80	49738	52.50.39.94	192.168.2.5
Aug 31, 2023 16:41:32.142708063 CEST	49738	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:32.144978046 CEST	80	49739	52.50.39.94	192.168.2.5
Aug 31, 2023 16:41:32.145123005 CEST	49739	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:32.552256107 CEST	49739	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:32.552294970 CEST	49738	80	192.168.2.5	52.50.39.94
Aug 31, 2023 16:41:32.598475933 CEST	80	49738	52.50.39.94	192.168.2.5
Aug 31, 2023 16:41:32.600650072 CEST	80	49739	52.50.39.94	192.168.2.5
Aug 31, 2023 16:42:03.442639112 CEST	49761	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:42:03.442739964 CEST	443	49761	142.251.37.4	192.168.2.5
Aug 31, 2023 16:42:03.442914963 CEST	49761	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:42:03.443434000 CEST	49761	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:42:03.443489075 CEST	443	49761	142.251.37.4	192.168.2.5
Aug 31, 2023 16:42:03.494200945 CEST	443	49761	142.251.37.4	192.168.2.5
Aug 31, 2023 16:42:03.494923115 CEST	49761	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:42:03.495002031 CEST	443	49761	142.251.37.4	192.168.2.5
Aug 31, 2023 16:42:03.495628119 CEST	443	49761	142.251.37.4	192.168.2.5
Aug 31, 2023 16:42:03.496788979 CEST	49761	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:42:03.496957064 CEST	443	49761	142.251.37.4	192.168.2.5
Aug 31, 2023 16:42:03.548469067 CEST	49761	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:42:11.758956909 CEST	49761	443	192.168.2.5	142.251.37.4
Aug 31, 2023 16:42:11.759157896 CEST	443	49761	142.251.37.4	192.168.2.5
Aug 31, 2023 16:42:11.759263992 CEST	49761	443	192.168.2.5	142.251.37.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2023 16:41:00.299352884 CEST	62449	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:00.299724102 CEST	51019	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:00.300312996 CEST	53007	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:00.300791025 CEST	56634	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:00.319823980 CEST	53	62449	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:00.333602905 CEST	53	51019	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:00.333946943 CEST	53	53007	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:00.342000008 CEST	53	64997	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:00.342058897 CEST	53	56634	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:00.679003000 CEST	53	56046	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:01.185277939 CEST	60447	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:01.186534882 CEST	56852	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:01.213900089 CEST	53	56852	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:01.219959021 CEST	53	60447	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:01.348155975 CEST	54947	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:01.349070072 CEST	52465	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:01.368902922 CEST	53	54947	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:01.378065109 CEST	53	52465	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:01.395597935 CEST	50106	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:01.425189972 CEST	53	50106	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:01.837049007 CEST	53460	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:01.837944031 CEST	57156	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:01.857767105 CEST	53	53460	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:01.858108997 CEST	53	57156	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:02.851893902 CEST	63616	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:02.859544992 CEST	59138	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:02.871905088 CEST	53	63616	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:02.888118029 CEST	53	59138	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:02.937800884 CEST	50910	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:02.967101097 CEST	53	50910	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:03.375747919 CEST	63240	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:03.376665115 CEST	61182	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:03.400126934 CEST	53	61182	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:03.404386044 CEST	53	63240	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:07.996155977 CEST	50546	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:07.996539116 CEST	62943	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:08.016753912 CEST	53	50546	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:08.025429964 CEST	53	62943	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:08.027851105 CEST	49202	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:08.048501968 CEST	53	49202	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:38.070101976 CEST	56369	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:38.070849895 CEST	49216	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:38.091178894 CEST	53	56369	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:38.100033998 CEST	53	49216	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:38.133275032 CEST	53296	53	192.168.2.5	8.8.8.8
Aug 31, 2023 16:41:38.154413939 CEST	53	53296	8.8.8.8	192.168.2.5
Aug 31, 2023 16:41:58.668251038 CEST	53	64083	8.8.8.8	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 31, 2023 16:41:00.333775043 CEST	192.168.2.5	8.8.8.8	d02a	(Port unreachable)	Destination Unreachable
Aug 31, 2023 16:41:38.100192070 CEST	192.168.2.5	8.8.8.8	d03c	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 31, 2023 16:41:00.299352884 CEST	192.168.2.5	8.8.8.8	0x37ed	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:00.299724102 CEST	192.168.2.5	8.8.8.8	0xb5d	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Aug 31, 2023 16:41:00.300312996 CEST	192.168.2.5	8.8.8.8	0x391b	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:00.300791025 CEST	192.168.2.5	8.8.8.8	0x11dc	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Aug 31, 2023 16:41:01.185277939 CEST	192.168.2.5	8.8.8.8	0xaea8	Standard query (0)	d.agkn.com	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.186534882 CEST	192.168.2.5	8.8.8.8	0xc1f5	Standard query (0)	d.agkn.com	65	IN (0x0001)	false
Aug 31, 2023 16:41:01.348155975 CEST	192.168.2.5	8.8.8.8	0x4233	Standard query (0)	www.404.html	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.349070072 CEST	192.168.2.5	8.8.8.8	0xefda	Standard query (0)	www.404.html	65	IN (0x0001)	false
Aug 31, 2023 16:41:01.395597935 CEST	192.168.2.5	8.8.8.8	0xf78c	Standard query (0)	www.404.html	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.837049007 CEST	192.168.2.5	8.8.8.8	0x6791	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.837944031 CEST	192.168.2.5	8.8.8.8	0xc38e	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:02.851893902 CEST	192.168.2.5	8.8.8.8	0xbd9	Standard query (0)	www.404.html	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:02.859544992 CEST	192.168.2.5	8.8.8.8	0x4446	Standard query (0)	www.404.html	65	IN (0x0001)	false
Aug 31, 2023 16:41:02.937800884 CEST	192.168.2.5	8.8.8.8	0xa55d	Standard query (0)	www.404.html	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:03.375747919 CEST	192.168.2.5	8.8.8.8	0x8ed8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:03.376665115 CEST	192.168.2.5	8.8.8.8	0xd034	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 31, 2023 16:41:07.996155977 CEST	192.168.2.5	8.8.8.8	0x705b	Standard query (0)	www.404.html	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:07.996539116 CEST	192.168.2.5	8.8.8.8	0x4558	Standard query (0)	www.404.html	65	IN (0x0001)	false
Aug 31, 2023 16:41:08.027851105 CEST	192.168.2.5	8.8.8.8	0x97a5	Standard query (0)	www.404.html	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:38.070101976 CEST	192.168.2.5	8.8.8.8	0x46f9	Standard query (0)	www.404.html	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:38.070849895 CEST	192.168.2.5	8.8.8.8	0xcee8	Standard query (0)	www.404.html	65	IN (0x0001)	false
Aug 31, 2023 16:41:38.133275032 CEST	192.168.2.5	8.8.8.8	0xa83b	Standard query (0)	www.404.html	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 31, 2023 16:41:00.319823980 CEST	8.8.8.8	192.168.2.5	0x37ed	No error (0)	accounts.google.com		142.251.36.237	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:00.333946943 CEST	8.8.8.8	192.168.2.5	0x391b	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2023 16:41:00.333946943 CEST	8.8.8.8	192.168.2.5	0x391b	No error (0)	clients.l.google.com		172.217.16.174	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:00.342058897 CEST	8.8.8.8	192.168.2.5	0x11dc	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2023 16:41:01.213900089 CEST	8.8.8.8	192.168.2.5	0xc1f5	No error (0)	d.agkn.com	data.agkn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2023 16:41:01.213900089 CEST	8.8.8.8	192.168.2.5	0xc1f5	No error (0)	data.agkn.com	tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2023 16:41:01.219959021 CEST	8.8.8.8	192.168.2.5	0xaea8	No error (0)	d.agkn.com	data.agkn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2023 16:41:01.219959021 CEST	8.8.8.8	192.168.2.5	0xaea8	No error (0)	data.agkn.com	tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2023 16:41:01.219959021 CEST	8.8.8.8	192.168.2.5	0xaea8	No error (0)	tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com		52.50.39.94	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.219959021 CEST	8.8.8.8	192.168.2.5	0xaea8	No error (0)	tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com		54.77.209.133	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.368902922 CEST	8.8.8.8	192.168.2.5	0x4233	Name error (3)	www.404.html	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.378065109 CEST	8.8.8.8	192.168.2.5	0xefda	Name error (3)	www.404.html	none	none	65	IN (0x0001)	false
Aug 31, 2023 16:41:01.425189972 CEST	8.8.8.8	192.168.2.5	0xf78c	Name error (3)	www.404.html	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.857767105 CEST	8.8.8.8	192.168.2.5	0x6791	No error (0)	google.com		142.251.36.174	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:01.858108997 CEST	8.8.8.8	192.168.2.5	0xc38e	No error (0)	google.com		142.251.36.174	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:02.871905088 CEST	8.8.8.8	192.168.2.5	0xbd9	Name error (3)	www.404.html	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:02.888118029 CEST	8.8.8.8	192.168.2.5	0x4446	Name error (3)	www.404.html	none	none	65	IN (0x0001)	false
Aug 31, 2023 16:41:02.967101097 CEST	8.8.8.8	192.168.2.5	0xa55d	Name error (3)	www.404.html	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:03.400126934 CEST	8.8.8.8	192.168.2.5	0xd034	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 31, 2023 16:41:03.404386044 CEST	8.8.8.8	192.168.2.5	0x8ed8	No error (0)	www.google.com		142.251.37.4	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:08.016753912 CEST	8.8.8.8	192.168.2.5	0x705b	Name error (3)	www.404.html	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:08.025429964 CEST	8.8.8.8	192.168.2.5	0x4558	Name error (3)	www.404.html	none	none	65	IN (0x0001)	false
Aug 31, 2023 16:41:08.048501968 CEST	8.8.8.8	192.168.2.5	0x97a5	Name error (3)	www.404.html	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:38.091178894 CEST	8.8.8.8	192.168.2.5	0x46f9	Name error (3)	www.404.html	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2023 16:41:38.100033998 CEST	8.8.8.8	192.168.2.5	0xcee8	Name error (3)	www.404.html	none	none	65	IN (0x0001)	false
Aug 31, 2023 16:41:38.154413939 CEST	8.8.8.8	192.168.2.5	0xa83b	Name error (3)	www.404.html	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

d.agkn.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49735	142.251.36.237	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49736	172.217.16.174	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49738	52.50.39.94	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Aug 31, 2023 16:41:01.272824049 CEST	341	OUT	GET / HTTP/1.1 Host: d.agkn.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Aug 31, 2023 16:41:01.320038080 CEST	342	IN	HTTP/1.1 302 Content-Language: en-US Date: Thu, 31 Aug 2023 14:41:00 GMT Location: http://www.404.html/ Content-Length: 0 Connection: keep-alive

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49735	142.251.36.237	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-08-31 14:41:00 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Dvrtrktau_uydMvoGc1_xfN2ULJBRPHxz6q2oM2aufczSxk8Cchv3g2jlLVO-eHXlJ_BwPi1P-zYcjdR9AuTyG10jrJ2AzQ7yL8SBUliEafdzZn70Pmm-r8GrPXaz7LFgctn_yZRHpJXI09tbP_WroWCmYwT_a7Fwj8gHnQ5nbY; AEC=Ad49MVGGktvnyMQBXjxfVM4VyQMgBORLkDWV_5bpQs3oS50vEqIAFgkFMBQ; CONSENT=PENDING+008; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmRlIAEaBgiA0dCmBg; __Secure-ENID=14.SE=ASWfeSSVBcK3LyggZgGhgI5yIs3Z2wYpfR6yuK81LiYU6I0bFs937AKcakQoHnJkxVLloWnpVW_r8Ar2dupLdGHUm260SY6_u_8bKbtIVuC2UT3_Sjp3_6n5MjyjVSOfngggQke4VZle0rxsEtTK1UwAzXaROx3bb_2_jH9Xta1jpoaREw
2023-08-31 14:41:00 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-08-31 14:41:00 UTC	3	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Aug 2023 14:41:00 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'report-sample' 'nonce-2cExzXYXogZwH5nGNNkeIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-08-31 14:41:00 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-08-31 14:41:00 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49736	172.217.16.174	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-08-31 14:41:00 UTC	1	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-115.0.5790.171 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-31 14:41:00 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-yAE87CZAxDVm9l10VF-HOg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Aug 2023 14:41:00 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6086 X-Daystart: 27660 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-08-31 14:41:00 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 30 38 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 37 36 36 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6086" elapsed_seconds="27660"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-08-31 14:41:00 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-08-31 14:41:00 UTC	3	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	16:40:56
Start date:	31/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff71d210000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	16:40:57
Start date:	31/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1924,i,6277767785072998790,2320665864670967467,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff71d210000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:40:59
Start date:	31/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://d.agkn.com
Imagebase:	0x7ff71d210000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: d.agkn.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://d.agkn.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\LICENSE

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\_metadata\verified_contents.json

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\crl-set

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\manifest.fingerprint

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping4892_1351523507\manifest.json

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4892, Parent PID: 68

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Windows Analysis Report
http://d.agkn.com