Windows Analysis Report
http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip

Overview

General Information

Sample URL: http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip
Analysis ID: 1447450
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

No high impact signatures.

Classification

There are no high impact signatures.

Source: http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip HTTP Parser: No favicon
Source: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip HTTP/1.1Host: 219.76.13.168Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 219.76.13.168Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zipAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip HTTP/1.1Host: wppkg.baidupcs.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: wppkg.baidupcs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zipAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: wppkg.baidupcs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: wppkg.baidupcs.com
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Cdn Cache Server V2.0Date: Fri, 24 May 2024 23:17:07 GMTContent-Type: text/htmlContent-Length: 1204Expires: Fri, 24 May 2024 23:17:07 GMTVia: 1.1 hkpccw13.168:8103Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 20 0a 3c 54 49 54 4c 45 3e b4 ed ce f3 a3 ba c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 54 49 54 4c 45 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 42 4f 44 59 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 65 72 64 61 6e 61 2c 73 61 6e 73 2d 73 65 72 69 66 7d 50 52 45 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 7d 2d 2d 3e 3c 2f 53 54 59 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e b4 ed ce f3 3c 2f 48 31 3e 0a 3c 48 32 3e c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 3e 0a b5 b1 b3 a2 ca d4 b6 c1 c8 a1 d2 d4 cf c2 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ca b1 a3 ba 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 70 70 6b 67 2e 62 61 69 64 75 70 63 73 2e 63 6f 6d 2f 69 73 73 75 65 2f 6e 65 74 64 69 73 6b 2f 67 72 61 79 2f 2f 32 30 32 34 30 35 31 30 30 32 35 32 2f 69 6f 73 5f 76 69 64 65 6f 5f 63 6c 61 72 69 74 79 5f 63 6c 75 74 5f 32 30 32 34 30 35 31 30 2e 7a 69 70 22 3e 68 74 74 70 3a 2f 2f 77 70 70 6b 67 2e 62 61 69 64 75 70 63 73 2e 63 6f 6d 2f 69 73 73 75 65 2f 6e 65 74 64 69 73 6b 2f 67 72 61 79 2f 2f 32 30 32 34 30 35 31 30 30 32 35 32 2f 69 6f 73 5f 76 69 64 65 6f 5f 63 6c 61 72 69 74 79 5f 63 6c 75 74 5f 32 30 32 34 30 35 31 30 2e 7a 69 70 3c 2f 41 3e 0a 3c 50 3e 0a b7 a2 c9 fa c1 cb cf c2 c1 d0 b5 c4 b4 ed ce f3 a3 ba 0a 3c 55 4c 3e 0a 3c 4c 49 3e 0a 3c 53 54 52 4f 4e 47 3e 0a 41 63 63 65 73 73 20 44 65 6e 69 65 64 2e 0a 3c 42 52 3e be dc be f8 b7 c3 ce ca 0a 3c 2f 53 54 52 4f 4e 47 3e 0a 3c 50 3e 0a 41 63 63 65 73 73 20 63 6f 6e 74 72 6f 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 72 65 76 65 6e 74 73 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 66 72 6f 6d 0a 62 65 69 6e 67 20 61 6c 6c 6f 77 65 64 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 69 66 0a 79 6f 75 20 66 65 65 6c 20 74 68 69 73 20 69 73 20 69 6e 6
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Cdn Cache Server V2.0Date: Fri, 24 May 2024 23:17:07 GMTContent-Type: text/htmlContent-Length: 1080Expires: Fri, 24 May 2024 23:17:07 GMTVia: 1.1 hkpccw13.168:8104Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 20 0a 3c 54 49 54 4c 45 3e b4 ed ce f3 a3 ba c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 54 49 54 4c 45 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 42 4f 44 59 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 65 72 64 61 6e 61 2c 73 61 6e 73 2d 73 65 72 69 66 7d 50 52 45 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 7d 2d 2d 3e 3c 2f 53 54 59 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e b4 ed ce f3 3c 2f 48 31 3e 0a 3c 48 32 3e c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 3e 0a b5 b1 b3 a2 ca d4 b6 c1 c8 a1 d2 d4 cf c2 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ca b1 a3 ba 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 32 31 39 2e 37 36 2e 31 33 2e 31 36 38 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 68 74 74 70 3a 2f 2f 32 31 39 2e 37 36 2e 31 33 2e 31 36 38 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 41 3e 0a 3c 50 3e 0a b7 a2 c9 fa c1 cb cf c2 c1 d0 b5 c4 b4 ed ce f3 a3 ba 0a 3c 55 4c 3e 0a 3c 4c 49 3e 0a 3c 53 54 52 4f 4e 47 3e 0a 41 63 63 65 73 73 20 44 65 6e 69 65 64 2e 0a 3c 42 52 3e be dc be f8 b7 c3 ce ca 0a 3c 2f 53 54 52 4f 4e 47 3e 0a 3c 50 3e 0a 41 63 63 65 73 73 20 63 6f 6e 74 72 6f 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 72 65 76 65 6e 74 73 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 66 72 6f 6d 0a 62 65 69 6e 67 20 61 6c 6c 6f 77 65 64 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 69 66 0a 79 6f 75 20 66 65 65 6c 20 74 68 69 73 20 69 73 20 69 6e 63 6f 72 72 65 63 74 2e 0a 3c 42 52 3e 0a b5 b1 c7 b0 b5 c4 b4 e6 c8 a1 bf d8 d6 c6 c9 e8 b6 a8 bd fb d6 b9 c4 fa b5 c4 c7 eb c7 f3 b1 bb bd d3 ca dc a3 ac 0a c8 e7 b9 fb c4 fa be f5 b5 c3 d5 e2 ca c7 b4 ed ce f3 b5 c4 a3 ac c7 eb d3 eb c4 fa cd f8 c2 b7 b7 fe ce f1 b5 c4 cc e1 b9 a9 d5 df c1 aa cf b5 a1 a3 0a 3c 2f 55 4c 3e 0a 3c 2f 50 3e 0a 3c 50 3e 0a 0a 0a 3c 42 52 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: JSP3/2.0.14Date: Fri, 24 May 2024 23:17:22 GMTContent-Type: text/plain; charset=utf-8Content-Length: 74Connection: keep-aliveSet-Cookie: -x-bs-client-ip: OC40Ni4xMjMuMTc1x-bs-request-id: MTAuMTQ2LjM1LjIxOjIwMjI6MzM3MDAwMzY3MzM2NDk3ODU2MDoyMDI0LTA1LTI1IDA3OjE3OjIxRemote-Ip: flowserver.pcs.bae.baidu.comStatus: 404Ohc-Cache-HIT: als3un70 [1], wzix103 [1]Ohc-File-Size: 74X-Error-Info: OriginX-Cache-Status: MISSAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-LengthAccess-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEADData Raw: 7b 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 33 33 37 30 30 30 33 36 37 33 33 36 34 39 37 38 35 36 30 2c 22 65 72 72 6d 73 67 22 3a 22 62 61 64 20 72 65 71 75 65 73 74 22 7d Data Ascii: {"error_code":404,"request_id":3370003673364978560,"errmsg":"bad request"}
Source: chromecache_46.2.dr String found in binary or memory: http://219.76.13.168/favicon.ico
Source: chromecache_44.2.dr String found in binary or memory: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: classification engine Classification label: clean0.win@17/9@7/5
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2284,i,3381681460673931225,7676759459634345178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2284,i,3381681460673931225,7676759459634345178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1447450 URL: http://219.76.13.168/wppkg.... Startdate: 25/05/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49723 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 219.76.13.168, 49735, 49736, 80 HKTIMS-APHKTLimitedHK Hong Kong 10->17 19 www.google.com 142.250.186.100, 443, 49739, 49753 GOOGLEUS United States 10->19 21 4 other IPs or domains 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
116.114.98.35
 opencdnv6.f24i25ec.hzyidc.com China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
142.250.186.100
 www.google.com United States
15169 GOOGLEUS false
219.76.13.168
 unknown Hong Kong
4760 HKTIMS-APHKTLimitedHK false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
opencdnv6.f24i25ec.hzyidc.com 116.114.98.35 true
www.google.com 142.250.186.100 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
wppkg.baidupcs.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://219.76.13.168/favicon.ico false
  • Avira URL Cloud: safe
 unknown
http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip false
    		unknown
    http://wppkg.baidupcs.com/favicon.ico false
    • Avira URL Cloud: safe
    		 unknown
    http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip false
      		unknown