Edit tour

Windows Analysis Report
http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip

Overview

General Information

Sample URL:	http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip
Analysis ID:	1447450
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2284,i,3381681460673931225,7676759459634345178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip	HTTP Parser: No favicon
Source: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 219.76.13.168
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip HTTP/1.1Host: 219.76.13.168Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 219.76.13.168Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zipAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip HTTP/1.1Host: wppkg.baidupcs.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: wppkg.baidupcs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zipAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: wppkg.baidupcs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: wppkg.baidupcs.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Cdn Cache Server V2.0Date: Fri, 24 May 2024 23:17:07 GMTContent-Type: text/htmlContent-Length: 1204Expires: Fri, 24 May 2024 23:17:07 GMTVia: 1.1 hkpccw13.168:8103Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 20 0a 3c 54 49 54 4c 45 3e b4 ed ce f3 a3 ba c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 54 49 54 4c 45 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 42 4f 44 59 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 65 72 64 61 6e 61 2c 73 61 6e 73 2d 73 65 72 69 66 7d 50 52 45 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 7d 2d 2d 3e 3c 2f 53 54 59 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e b4 ed ce f3 3c 2f 48 31 3e 0a 3c 48 32 3e c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 3e 0a b5 b1 b3 a2 ca d4 b6 c1 c8 a1 d2 d4 cf c2 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ca b1 a3 ba 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 70 70 6b 67 2e 62 61 69 64 75 70 63 73 2e 63 6f 6d 2f 69 73 73 75 65 2f 6e 65 74 64 69 73 6b 2f 67 72 61 79 2f 2f 32 30 32 34 30 35 31 30 30 32 35 32 2f 69 6f 73 5f 76 69 64 65 6f 5f 63 6c 61 72 69 74 79 5f 63 6c 75 74 5f 32 30 32 34 30 35 31 30 2e 7a 69 70 22 3e 68 74 74 70 3a 2f 2f 77 70 70 6b 67 2e 62 61 69 64 75 70 63 73 2e 63 6f 6d 2f 69 73 73 75 65 2f 6e 65 74 64 69 73 6b 2f 67 72 61 79 2f 2f 32 30 32 34 30 35 31 30 30 32 35 32 2f 69 6f 73 5f 76 69 64 65 6f 5f 63 6c 61 72 69 74 79 5f 63 6c 75 74 5f 32 30 32 34 30 35 31 30 2e 7a 69 70 3c 2f 41 3e 0a 3c 50 3e 0a b7 a2 c9 fa c1 cb cf c2 c1 d0 b5 c4 b4 ed ce f3 a3 ba 0a 3c 55 4c 3e 0a 3c 4c 49 3e 0a 3c 53 54 52 4f 4e 47 3e 0a 41 63 63 65 73 73 20 44 65 6e 69 65 64 2e 0a 3c 42 52 3e be dc be f8 b7 c3 ce ca 0a 3c 2f 53 54 52 4f 4e 47 3e 0a 3c 50 3e 0a 41 63 63 65 73 73 20 63 6f 6e 74 72 6f 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 72 65 76 65 6e 74 73 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 66 72 6f 6d 0a 62 65 69 6e 67 20 61 6c 6c 6f 77 65 64 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 69 66 0a 79 6f 75 20 66 65 65 6c 20 74 68 69 73 20 69 73 20 69 6e 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Cdn Cache Server V2.0Date: Fri, 24 May 2024 23:17:07 GMTContent-Type: text/htmlContent-Length: 1080Expires: Fri, 24 May 2024 23:17:07 GMTVia: 1.1 hkpccw13.168:8104Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 20 0a 3c 54 49 54 4c 45 3e b4 ed ce f3 a3 ba c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 54 49 54 4c 45 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 42 4f 44 59 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 65 72 64 61 6e 61 2c 73 61 6e 73 2d 73 65 72 69 66 7d 50 52 45 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 7d 2d 2d 3e 3c 2f 53 54 59 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e b4 ed ce f3 3c 2f 48 31 3e 0a 3c 48 32 3e c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 3e 0a b5 b1 b3 a2 ca d4 b6 c1 c8 a1 d2 d4 cf c2 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ca b1 a3 ba 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 32 31 39 2e 37 36 2e 31 33 2e 31 36 38 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 68 74 74 70 3a 2f 2f 32 31 39 2e 37 36 2e 31 33 2e 31 36 38 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 41 3e 0a 3c 50 3e 0a b7 a2 c9 fa c1 cb cf c2 c1 d0 b5 c4 b4 ed ce f3 a3 ba 0a 3c 55 4c 3e 0a 3c 4c 49 3e 0a 3c 53 54 52 4f 4e 47 3e 0a 41 63 63 65 73 73 20 44 65 6e 69 65 64 2e 0a 3c 42 52 3e be dc be f8 b7 c3 ce ca 0a 3c 2f 53 54 52 4f 4e 47 3e 0a 3c 50 3e 0a 41 63 63 65 73 73 20 63 6f 6e 74 72 6f 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 70 72 65 76 65 6e 74 73 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 66 72 6f 6d 0a 62 65 69 6e 67 20 61 6c 6c 6f 77 65 64 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 69 66 0a 79 6f 75 20 66 65 65 6c 20 74 68 69 73 20 69 73 20 69 6e 63 6f 72 72 65 63 74 2e 0a 3c 42 52 3e 0a b5 b1 c7 b0 b5 c4 b4 e6 c8 a1 bf d8 d6 c6 c9 e8 b6 a8 bd fb d6 b9 c4 fa b5 c4 c7 eb c7 f3 b1 bb bd d3 ca dc a3 ac 0a c8 e7 b9 fb c4 fa be f5 b5 c3 d5 e2 ca c7 b4 ed ce f3 b5 c4 a3 ac c7 eb d3 eb c4 fa cd f8 c2 b7 b7 fe ce f1 b5 c4 cc e1 b9 a9 d5 df c1 aa cf b5 a1 a3 0a 3c 2f 55 4c 3e 0a 3c 2f 50 3e 0a 3c 50 3e 0a 0a 0a 3c 42 52 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: JSP3/2.0.14Date: Fri, 24 May 2024 23:17:22 GMTContent-Type: text/plain; charset=utf-8Content-Length: 74Connection: keep-aliveSet-Cookie: -x-bs-client-ip: OC40Ni4xMjMuMTc1x-bs-request-id: MTAuMTQ2LjM1LjIxOjIwMjI6MzM3MDAwMzY3MzM2NDk3ODU2MDoyMDI0LTA1LTI1IDA3OjE3OjIxRemote-Ip: flowserver.pcs.bae.baidu.comStatus: 404Ohc-Cache-HIT: als3un70 [1], wzix103 [1]Ohc-File-Size: 74X-Error-Info: OriginX-Cache-Status: MISSAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-LengthAccess-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEADData Raw: 7b 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 33 33 37 30 30 30 33 36 37 33 33 36 34 39 37 38 35 36 30 2c 22 65 72 72 6d 73 67 22 3a 22 62 61 64 20 72 65 71 75 65 73 74 22 7d Data Ascii: {"error_code":404,"request_id":3370003673364978560,"errmsg":"bad request"}

Source: chromecache_46.2.dr	String found in binary or memory: http://219.76.13.168/favicon.ico
Source: chromecache_44.2.dr	String found in binary or memory: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/9@7/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2284,i,3381681460673931225,7676759459634345178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2284,i,3381681460673931225,7676759459634345178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://219.76.13.168/favicon.ico	0%	Avira URL Cloud	safe
http://wppkg.baidupcs.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
opencdnv6.f24i25ec.hzyidc.com	116.114.98.35	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
wppkg.baidupcs.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://219.76.13.168/favicon.ico	false	Avira URL Cloud: safe	unknown
http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip	false		unknown
http://wppkg.baidupcs.com/favicon.ico	false	Avira URL Cloud: safe	unknown
http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
116.114.98.35	opencdnv6.f24i25ec.hzyidc.com	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
219.76.13.168	unknown	Hong Kong	4760	HKTIMS-APHKTLimitedHK	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447450
Start date and time:	2024-05-25 01:16:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/9@7/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.184.238, 74.125.206.84, 34.104.35.123, 40.68.123.157, 93.184.221.240, 192.229.221.95, 20.3.187.198, 216.58.206.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip Model: Perplexity: mixtral-8x7b-instruct	{ "loginform": false, "reasons": [ "The text does not contain any form fields that would typically be found in a login form, such as 'username', 'password', or 'login' buttons.", "The text indicates that access to the page is denied, which suggests that a login attempt has already been made and failed.", "There is no HTML or form markup in the text, which would be necessary for a login form." ] }
(URL) (URL) dj: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios video clarity clut 20240510.ziQ Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Generated Fri, 24 May 2024 23: 17:07 GMT by www.hkpccwapp.com (Cdn Cache Server V2.0)
URL: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip Model: Perplexity: mixtral-8x7b-instruct	{ "loginform": false, "reasons": [ "The text provided does not contain any form fields typically found in a login form, such as 'username', 'password', or 'login' buttons.", "There are no indications of input types or labels that would suggest a login form.", "The text contains an error message, which is not a characteristic of a normal login form." ] }
{"error_code" :404, "request_id" : 337eO3673364978560, "errmsg" : "bad request"}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	4286
Entropy (8bit):	3.0356590534571017
Encrypted:	false
SSDEEP:	24:sumTTRRVDqxLH8LsHUKTaYO82OkrY/TZiPB8isK0pWNLu123iXoUNkuqUTiW0NN/:oDST8LQ7+1O62Il0pWbytN492c2Ni
MD5:	60E4C9D6D6E6D4FACCEFE3902DA8EFE0
SHA1:	ECA48AAA3FDFA8E5832122EA41DDC6484BAA467C
SHA-256:	22FDAB89FC8446164EC402A6645C287EF0FCBCAD2C260C94023DE4C222EC163B
SHA-512:	A8A99F6A306B43D07C861C71CD8AA24A142561376ABED920488A5256ECBA846FFFA425CFBEC3B6E57B820CB2ABB611E869F3F011605D26B9B2A0291C698DD250
Malicious:	false
Reputation:	low
Preview:	...... .... .........(... ...@..... ............................................{...............................................................................................0.......................N...........................................................................................................\|...............L.......................................................................................................................................................................................................................................................E...\|..........................................................................................................................................................~..[..Y...v.................................................................s..c..................................U......................B........................................................e...`...P..........................)..p...x...w...s...s...v

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	3.0356590534571017
Encrypted:	false
SSDEEP:	24:sumTTRRVDqxLH8LsHUKTaYO82OkrY/TZiPB8isK0pWNLu123iXoUNkuqUTiW0NN/:oDST8LQ7+1O62Il0pWbytN492c2Ni
MD5:	60E4C9D6D6E6D4FACCEFE3902DA8EFE0
SHA1:	ECA48AAA3FDFA8E5832122EA41DDC6484BAA467C
SHA-256:	22FDAB89FC8446164EC402A6645C287EF0FCBCAD2C260C94023DE4C222EC163B
SHA-512:	A8A99F6A306B43D07C861C71CD8AA24A142561376ABED920488A5256ECBA846FFFA425CFBEC3B6E57B820CB2ABB611E869F3F011605D26B9B2A0291C698DD250
Malicious:	false
Reputation:	low
URL:	http://wppkg.baidupcs.com/favicon.ico
Preview:	...... .... .........(... ...@..... ............................................{...............................................................................................0.......................N...........................................................................................................\|...............L.......................................................................................................................................................................................................................................................E...\|..........................................................................................................................................................~..[..Y...v.................................................................s..c..................................U......................B........................................................e...`...P..........................)..p...x...w...s...s...v

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ISO-8859 text
Category:	downloaded
Size (bytes):	1204
Entropy (8bit):	6.276783117214743
Encrypted:	false
SSDEEP:	24:WdIcSW1JtB08riuvKq7oXnrKq7oXnp+dzu4gkX7rBv8r+ECNNah:WIchjtBrfx72nV72np+DR0+ah
MD5:	74E60E23851FCD362F3FD82B432C77B4
SHA1:	5D3BFDF0129C27F3D666AAEFBBE55307520DAB3E
SHA-256:	47B0DA6B543869A7B050DD0357548A47E2F17752B6953A7CC18891C646C422AF
SHA-512:	CD17DAD5D9C92180CB6C9751843B144060E8BEBD60D85BC9F260700B3F5608B4FEF73B442FFF93D71C7450FBC24ACE1B269C608857DD3B56E950B9FDC9CDB1F8
Malicious:	false
Reputation:	low
URL:	http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .<TITLE>..................URL........</TITLE>.<STYLE type="text/css"> BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.</HEAD><BODY>.<H1>....</H1>.<H2>..............URL........</H2>.<HR noshade size="1px">.<P>..................URL......<A HREF="http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip">http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip</A>.<P>................<UL>.<LI>.<STRONG>.Access Denied..<BR>........</STRONG>.<P>.Access control configuration prevents your request from.being allowed at this time. Please contact your service provider if.you feel this is incorrect..<BR>.....................................................

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	74
Entropy (8bit):	4.492540191701101
Encrypted:	false
SSDEEP:	3:YAiKBAHfrGo/VjT+gC/HaxVWR4n:YAiaif62vg/6xVWR4n
MD5:	4D08D92856EAA04B796BE6E8F5BC9C54
SHA1:	137C5E769D9C4EDFB1504EFB10F93FA5FACFD09E
SHA-256:	896D1882777CD3F8F0E029B1D033BA23674194F5CE82258D3CC061EF8241AA69
SHA-512:	2EEC4CEC75A1B294EE26E2BE09EC0A7B0DA31AF9C157852C6A55BDE1E10BFB0D51D4C03D1DFD7D9FCA780BF3AD00A161938876075E83DBAA9E16EF690F4CEBB6
Malicious:	false
Reputation:	low
URL:	http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip
Preview:	{"error_code":404,"request_id":3370003673364978560,"errmsg":"bad request"}

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ISO-8859 text
Category:	downloaded
Size (bytes):	1080
Entropy (8bit):	6.3011744781050885
Encrypted:	false
SSDEEP:	24:WdIcSW1JtB08riu6a8Xat+dzu4gkX7rBv8r+ECNNah:WIchjtBrfb8qt+DR0+ah
MD5:	CB0F4E6E5E8A16372BC20EB7F2C8B279
SHA1:	3448098C2A00F26F5655AEFE235B3933D6AA0A32
SHA-256:	16EE439AA4C9A2B5A388B78269BC99697063AAB4BE28397CCE6D2B3F5A995D7F
SHA-512:	E44E856C21773E64CF6173B776B608DF3833E72A8864029DB2C0FB2395F7E09D62CC9AB7F9EB72468C56170310D636AECDBEAB0602DB785FF3952C5724071329
Malicious:	false
Reputation:	low
URL:	http://219.76.13.168/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .<TITLE>..................URL........</TITLE>.<STYLE type="text/css"> BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.</HEAD><BODY>.<H1>....</H1>.<H2>..............URL........</H2>.<HR noshade size="1px">.<P>..................URL......<A HREF="http://219.76.13.168/favicon.ico">http://219.76.13.168/favicon.ico</A>.<P>................<UL>.<LI>.<STRONG>.Access Denied..<BR>........</STRONG>.<P>.Access control configuration prevents your request from.being allowed at this time. Please contact your service provider if.you feel this is incorrect..<BR>.........................................................................</UL>.</P>.<P>...<BR clear="all">.<HR noshade size="1px">.<ADDRESS>.Generated Fri, 24 May 2024 23:1

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 25, 2024 01:16:58.456362009 CEST	49675	443	192.168.2.4	173.222.162.32
May 25, 2024 01:16:59.221919060 CEST	49678	443	192.168.2.4	104.46.162.224
May 25, 2024 01:17:06.992799997 CEST	49735	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:06.992914915 CEST	49736	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:07.004019976 CEST	80	49735	219.76.13.168	192.168.2.4
May 25, 2024 01:17:07.005443096 CEST	49735	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:07.005600929 CEST	49735	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:07.010294914 CEST	80	49736	219.76.13.168	192.168.2.4
May 25, 2024 01:17:07.013448954 CEST	49736	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:07.015193939 CEST	80	49735	219.76.13.168	192.168.2.4
May 25, 2024 01:17:07.897241116 CEST	80	49735	219.76.13.168	192.168.2.4
May 25, 2024 01:17:07.942442894 CEST	49735	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:07.947510004 CEST	80	49735	219.76.13.168	192.168.2.4
May 25, 2024 01:17:07.947546959 CEST	80	49735	219.76.13.168	192.168.2.4
May 25, 2024 01:17:07.947575092 CEST	80	49735	219.76.13.168	192.168.2.4
May 25, 2024 01:17:07.947613955 CEST	49735	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:07.947613955 CEST	49735	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:07.964629889 CEST	49735	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:07.969599962 CEST	80	49735	219.76.13.168	192.168.2.4
May 25, 2024 01:17:08.066258907 CEST	49675	443	192.168.2.4	173.222.162.32
May 25, 2024 01:17:08.432773113 CEST	49736	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:08.437939882 CEST	80	49736	219.76.13.168	192.168.2.4
May 25, 2024 01:17:08.752948999 CEST	80	49736	219.76.13.168	192.168.2.4
May 25, 2024 01:17:08.757630110 CEST	80	49736	219.76.13.168	192.168.2.4
May 25, 2024 01:17:08.757652998 CEST	80	49736	219.76.13.168	192.168.2.4
May 25, 2024 01:17:08.757694006 CEST	49736	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:08.757757902 CEST	49736	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:08.758271933 CEST	49736	80	192.168.2.4	219.76.13.168
May 25, 2024 01:17:08.808087111 CEST	80	49736	219.76.13.168	192.168.2.4
May 25, 2024 01:17:09.459403038 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:09.459429026 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:09.459595919 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:09.464359045 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:09.464380026 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:09.812627077 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:09.812706947 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:09.813210964 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:09.819410086 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:09.819479942 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:10.104398012 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:10.104809046 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:10.104825974 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:10.106271029 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:10.106416941 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:10.461435080 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:10.461642027 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:10.476783991 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:10.476996899 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:10.515556097 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:10.515568018 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:10.521225929 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:10.521300077 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:10.522192955 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:10.562499046 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:10.562555075 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:10.734994888 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:10.778569937 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:10.930963039 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:10.935358047 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:10.935437918 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:10.939429045 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:10.939429045 CEST	49740	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:10.939491987 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:10.939528942 CEST	443	49740	2.19.104.72	192.168.2.4
May 25, 2024 01:17:11.089189053 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:11.089227915 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:11.089310884 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:11.089874029 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:11.089889050 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:11.743127108 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:11.743347883 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:11.744532108 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:11.744581938 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:11.745640993 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:11.746788979 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:11.790570974 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:12.303710938 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:12.303867102 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:12.304070950 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:12.339360952 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:12.339361906 CEST	49741	443	192.168.2.4	2.19.104.72
May 25, 2024 01:17:12.339428902 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:12.339467049 CEST	443	49741	2.19.104.72	192.168.2.4
May 25, 2024 01:17:20.227643013 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:20.227714062 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:20.227782965 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:21.130220890 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:21.133131981 CEST	49743	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:21.133306980 CEST	49739	443	192.168.2.4	142.250.186.100
May 25, 2024 01:17:21.133338928 CEST	443	49739	142.250.186.100	192.168.2.4
May 25, 2024 01:17:21.135371923 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:21.135462999 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:21.135791063 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:21.140149117 CEST	80	49743	116.114.98.35	192.168.2.4
May 25, 2024 01:17:21.140238047 CEST	49743	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:21.145006895 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:22.337547064 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:22.378067017 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:22.760864973 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:22.766005993 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:23.256365061 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:23.258533955 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:23.258764982 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:23.263536930 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:23.268464088 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:23.268635035 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:23.307434082 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:17:23.307667971 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:24.165911913 CEST	49746	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:24.204879045 CEST	80	49746	116.114.98.35	192.168.2.4
May 25, 2024 01:17:24.205116987 CEST	49746	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:24.205434084 CEST	49746	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:24.260435104 CEST	80	49746	116.114.98.35	192.168.2.4
May 25, 2024 01:17:25.254333019 CEST	80	49746	116.114.98.35	192.168.2.4
May 25, 2024 01:17:25.255610943 CEST	80	49746	116.114.98.35	192.168.2.4
May 25, 2024 01:17:25.255680084 CEST	49746	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:25.258339882 CEST	80	49746	116.114.98.35	192.168.2.4
May 25, 2024 01:17:25.258377075 CEST	80	49746	116.114.98.35	192.168.2.4
May 25, 2024 01:17:25.258548021 CEST	49746	80	192.168.2.4	116.114.98.35
May 25, 2024 01:17:25.261166096 CEST	80	49746	116.114.98.35	192.168.2.4
May 25, 2024 01:17:25.314219952 CEST	49746	80	192.168.2.4	116.114.98.35
May 25, 2024 01:18:06.143536091 CEST	49743	80	192.168.2.4	116.114.98.35
May 25, 2024 01:18:06.178832054 CEST	80	49743	116.114.98.35	192.168.2.4
May 25, 2024 01:18:08.284077883 CEST	49742	80	192.168.2.4	116.114.98.35
May 25, 2024 01:18:08.289916039 CEST	80	49742	116.114.98.35	192.168.2.4
May 25, 2024 01:18:09.444091082 CEST	49753	443	192.168.2.4	142.250.186.100
May 25, 2024 01:18:09.444118977 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:09.444277048 CEST	49753	443	192.168.2.4	142.250.186.100
May 25, 2024 01:18:09.445266962 CEST	49753	443	192.168.2.4	142.250.186.100
May 25, 2024 01:18:09.445281029 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:10.086033106 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:10.086509943 CEST	49753	443	192.168.2.4	142.250.186.100
May 25, 2024 01:18:10.086519957 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:10.086757898 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:10.087209940 CEST	49753	443	192.168.2.4	142.250.186.100
May 25, 2024 01:18:10.087245941 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:10.136131048 CEST	49753	443	192.168.2.4	142.250.186.100
May 25, 2024 01:18:10.277118921 CEST	49746	80	192.168.2.4	116.114.98.35
May 25, 2024 01:18:10.282519102 CEST	80	49746	116.114.98.35	192.168.2.4
May 25, 2024 01:18:18.174642086 CEST	49723	80	192.168.2.4	199.232.214.172
May 25, 2024 01:18:18.174860001 CEST	49724	80	192.168.2.4	199.232.214.172
May 25, 2024 01:18:18.181157112 CEST	80	49723	199.232.214.172	192.168.2.4
May 25, 2024 01:18:18.181232929 CEST	49723	80	192.168.2.4	199.232.214.172
May 25, 2024 01:18:18.188338041 CEST	80	49724	199.232.214.172	192.168.2.4
May 25, 2024 01:18:18.188491106 CEST	49724	80	192.168.2.4	199.232.214.172
May 25, 2024 01:18:20.024007082 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:20.024053097 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:20.024095058 CEST	49753	443	192.168.2.4	142.250.186.100
May 25, 2024 01:18:21.160438061 CEST	49753	443	192.168.2.4	142.250.186.100
May 25, 2024 01:18:21.160445929 CEST	49743	80	192.168.2.4	116.114.98.35
May 25, 2024 01:18:21.160455942 CEST	443	49753	142.250.186.100	192.168.2.4
May 25, 2024 01:18:21.172111034 CEST	80	49743	116.114.98.35	192.168.2.4
May 25, 2024 01:18:21.172333956 CEST	49743	80	192.168.2.4	116.114.98.35

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 25, 2024 01:17:04.814363003 CEST	53	55098	1.1.1.1	192.168.2.4
May 25, 2024 01:17:04.863033056 CEST	53	58545	1.1.1.1	192.168.2.4
May 25, 2024 01:17:05.978313923 CEST	53	65206	1.1.1.1	192.168.2.4
May 25, 2024 01:17:09.393338919 CEST	56006	53	192.168.2.4	1.1.1.1
May 25, 2024 01:17:09.400623083 CEST	53	56006	1.1.1.1	192.168.2.4
May 25, 2024 01:17:09.404839993 CEST	55654	53	192.168.2.4	1.1.1.1
May 25, 2024 01:17:09.411773920 CEST	53	55654	1.1.1.1	192.168.2.4
May 25, 2024 01:17:19.273525953 CEST	51403	53	192.168.2.4	1.1.1.1
May 25, 2024 01:17:19.277520895 CEST	55317	53	192.168.2.4	1.1.1.1
May 25, 2024 01:17:20.222732067 CEST	53	55317	1.1.1.1	192.168.2.4
May 25, 2024 01:17:20.289827108 CEST	56947	53	192.168.2.4	1.1.1.1
May 25, 2024 01:17:20.993288994 CEST	53	51403	1.1.1.1	192.168.2.4
May 25, 2024 01:17:22.086107016 CEST	53	56947	1.1.1.1	192.168.2.4
May 25, 2024 01:17:24.148632050 CEST	57253	53	192.168.2.4	1.1.1.1
May 25, 2024 01:17:24.148632050 CEST	55123	53	192.168.2.4	1.1.1.1
May 25, 2024 01:17:24.157510042 CEST	53	57253	1.1.1.1	192.168.2.4
May 25, 2024 01:17:24.209609985 CEST	53	50760	1.1.1.1	192.168.2.4
May 25, 2024 01:17:25.234288931 CEST	53	55123	1.1.1.1	192.168.2.4
May 25, 2024 01:17:29.814861059 CEST	138	138	192.168.2.4	192.168.2.255
May 25, 2024 01:17:42.957021952 CEST	53	60687	1.1.1.1	192.168.2.4
May 25, 2024 01:18:05.097486973 CEST	53	50988	1.1.1.1	192.168.2.4
May 25, 2024 01:18:05.284420967 CEST	53	54356	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 25, 2024 01:17:22.086633921 CEST	192.168.2.4	1.1.1.1	c26a	(Port unreachable)	Destination Unreachable
May 25, 2024 01:17:25.234368086 CEST	192.168.2.4	1.1.1.1	c25a	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 25, 2024 01:17:09.393338919 CEST	192.168.2.4	1.1.1.1	0x8e03	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:09.404839993 CEST	192.168.2.4	1.1.1.1	0xbcb4	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 25, 2024 01:17:19.273525953 CEST	192.168.2.4	1.1.1.1	0xf86f	Standard query (0)	wppkg.baidupcs.com	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:19.277520895 CEST	192.168.2.4	1.1.1.1	0x4acf	Standard query (0)	wppkg.baidupcs.com	65	IN (0x0001)	false
May 25, 2024 01:17:20.289827108 CEST	192.168.2.4	1.1.1.1	0x5e82	Standard query (0)	wppkg.baidupcs.com	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:24.148632050 CEST	192.168.2.4	1.1.1.1	0x44cc	Standard query (0)	wppkg.baidupcs.com	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:24.148632050 CEST	192.168.2.4	1.1.1.1	0xed1e	Standard query (0)	wppkg.baidupcs.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 25, 2024 01:17:09.400623083 CEST	1.1.1.1	192.168.2.4	0x8e03	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:09.411773920 CEST	1.1.1.1	192.168.2.4	0xbcb4	No error (0)	www.google.com			65	IN (0x0001)	false
May 25, 2024 01:17:20.222732067 CEST	1.1.1.1	192.168.2.4	0x4acf	No error (0)	wppkg.baidupcs.com	wppkg.baidupcs.com.a.bdydns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:20.222732067 CEST	1.1.1.1	192.168.2.4	0x4acf	No error (0)	wppkg.baidupcs.com.a.bdydns.com	opencdnv6.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:20.222732067 CEST	1.1.1.1	192.168.2.4	0x4acf	No error (0)	opencdnv6.jomodns.com	opencdnv6.f24i25ec.hzyidc.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:20.993288994 CEST	1.1.1.1	192.168.2.4	0xf86f	No error (0)	wppkg.baidupcs.com	wppkg.baidupcs.com.a.bdydns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:20.993288994 CEST	1.1.1.1	192.168.2.4	0xf86f	No error (0)	wppkg.baidupcs.com.a.bdydns.com	opencdnv6.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:20.993288994 CEST	1.1.1.1	192.168.2.4	0xf86f	No error (0)	opencdnv6.jomodns.com	opencdnv6.f24i25ec.hzyidc.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:20.993288994 CEST	1.1.1.1	192.168.2.4	0xf86f	No error (0)	opencdnv6.f24i25ec.hzyidc.com		116.114.98.35	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:22.086107016 CEST	1.1.1.1	192.168.2.4	0x5e82	No error (0)	wppkg.baidupcs.com	wppkg.baidupcs.com.a.bdydns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:22.086107016 CEST	1.1.1.1	192.168.2.4	0x5e82	No error (0)	wppkg.baidupcs.com.a.bdydns.com	opencdnv6.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:22.086107016 CEST	1.1.1.1	192.168.2.4	0x5e82	No error (0)	opencdnv6.jomodns.com	opencdnv6.f24i25ec.hzyidc.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:22.086107016 CEST	1.1.1.1	192.168.2.4	0x5e82	No error (0)	opencdnv6.f24i25ec.hzyidc.com		116.114.98.35	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:24.157510042 CEST	1.1.1.1	192.168.2.4	0x44cc	No error (0)	wppkg.baidupcs.com	wppkg.baidupcs.com.a.bdydns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:24.157510042 CEST	1.1.1.1	192.168.2.4	0x44cc	No error (0)	wppkg.baidupcs.com.a.bdydns.com	opencdnv6.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:24.157510042 CEST	1.1.1.1	192.168.2.4	0x44cc	No error (0)	opencdnv6.jomodns.com	opencdnv6.f24i25ec.hzyidc.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:24.157510042 CEST	1.1.1.1	192.168.2.4	0x44cc	No error (0)	opencdnv6.f24i25ec.hzyidc.com		116.114.98.35	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:24.266700983 CEST	1.1.1.1	192.168.2.4	0xa9a0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:24.266700983 CEST	1.1.1.1	192.168.2.4	0xa9a0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:25.234288931 CEST	1.1.1.1	192.168.2.4	0xed1e	No error (0)	wppkg.baidupcs.com	wppkg.baidupcs.com.a.bdydns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:25.234288931 CEST	1.1.1.1	192.168.2.4	0xed1e	No error (0)	wppkg.baidupcs.com.a.bdydns.com	opencdnv6.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:25.234288931 CEST	1.1.1.1	192.168.2.4	0xed1e	No error (0)	opencdnv6.jomodns.com	opencdnv6.f24i25ec.hzyidc.com		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:37.814851046 CEST	1.1.1.1	192.168.2.4	0x1320	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:37.814851046 CEST	1.1.1.1	192.168.2.4	0x1320	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 25, 2024 01:17:58.030025959 CEST	1.1.1.1	192.168.2.4	0xbac8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:17:58.030025959 CEST	1.1.1.1	192.168.2.4	0xbac8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 25, 2024 01:18:18.260457993 CEST	1.1.1.1	192.168.2.4	0x5f0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 25, 2024 01:18:18.260457993 CEST	1.1.1.1	192.168.2.4	0x5f0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

219.76.13.168

wppkg.baidupcs.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	219.76.13.168	80	1376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 25, 2024 01:17:07.005600929 CEST	515	OUT	GET /wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip HTTP/1.1 Host: 219.76.13.168 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 25, 2024 01:17:07.897241116 CEST	1236	IN	HTTP/1.1 403 Forbidden Server: Cdn Cache Server V2.0 Date: Fri, 24 May 2024 23:17:07 GMT Content-Type: text/html Content-Length: 1204 Expires: Fri, 24 May 2024 23:17:07 GMT Via: 1.1 hkpccw13.168:8103 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 20 0a 3c 54 49 54 4c 45 3e b4 ed ce f3 a3 ba c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 54 49 54 4c 45 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 42 4f 44 59 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 65 72 64 61 6e 61 2c 73 61 6e 73 2d 73 65 72 69 66 7d 50 52 45 7b 66 6f 6e 74 2d 66 61 6d 69 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> <TITLE>URL</TITLE><STYLE type="text/css">...BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE></HEAD><BODY><H1></H1><H2>URL</H2><HR noshade size="1px"><P>URL<A HREF="http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip">http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip</A><P><UL><LI><STRONG>Access Denied.<BR></STRONG><P>Access control configuration prevents your request frombeing allowed at this time. Please contact your service provider ifyou feel this is incorrect.<BR>
May 25, 2024 01:17:07.947510004 CEST	196	IN	Data Raw: ce f1 b5 c4 cc e1 b9 a9 d5 df c1 aa cf b5 a1 a3 0a 3c 2f 55 4c 3e 0a 3c 2f 50 3e 0a 3c 50 3e 0a 0a 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 41 44 44 52 45 53 Data Ascii: </UL></P><P><BR clear="all"><HR noshade size="1px"><ADDRESS>Generated Fri, 24 May 2024 23:17:07 GMT by www.hkpccwapp.com (Cdn Cache Server V2.0)</ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	219.76.13.168	80	1376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 25, 2024 01:17:08.432773113 CEST	457	OUT	GET /favicon.ico HTTP/1.1 Host: 219.76.13.168 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 25, 2024 01:17:08.752948999 CEST	1236	IN	HTTP/1.1 403 Forbidden Server: Cdn Cache Server V2.0 Date: Fri, 24 May 2024 23:17:07 GMT Content-Type: text/html Content-Length: 1080 Expires: Fri, 24 May 2024 23:17:07 GMT Via: 1.1 hkpccw13.168:8104 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 20 0a 3c 54 49 54 4c 45 3e b4 ed ce f3 a3 ba c4 fa cb f9 c7 eb c7 f3 b5 c4 cd f8 d6 b7 a3 a8 55 52 4c a3 a9 ce de b7 a8 bb f1 c8 a1 3c 2f 54 49 54 4c 45 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 42 4f 44 59 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 65 72 64 61 6e 61 2c 73 61 6e 73 2d 73 65 72 69 66 7d 50 52 45 7b 66 6f 6e 74 2d 66 61 6d 69 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> <TITLE>URL</TITLE><STYLE type="text/css">...BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE></HEAD><BODY><H1></H1><H2>URL</H2><HR noshade size="1px"><P>URL<A HREF="http://219.76.13.168/favicon.ico">http://219.76.13.168/favicon.ico</A><P><UL><LI><STRONG>Access Denied.<BR></STRONG><P>Access control configuration prevents your request frombeing allowed at this time. Please contact your service provider ifyou feel this is incorrect.<BR></UL></P><P><BR clear="all"><HR noshade size="1px"><ADDRESS>Generated Fri, 24 May 2024 23:17:07 GMT
May 25, 2024 01:17:08.757630110 CEST	72	IN	Data Raw: 20 62 79 20 77 77 77 2e 68 6b 70 63 63 77 61 70 70 2e 63 6f 6d 20 28 43 64 6e 20 43 61 63 68 65 20 53 65 72 76 65 72 20 56 32 2e 30 29 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: by www.hkpccwapp.com (Cdn Cache Server V2.0)</ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	116.114.98.35	80	1376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 25, 2024 01:17:21.135791063 CEST	501	OUT	GET /issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip HTTP/1.1 Host: wppkg.baidupcs.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 25, 2024 01:17:22.337547064 CEST	730	IN	HTTP/1.1 404 Not Found Server: JSP3/2.0.14 Date: Fri, 24 May 2024 23:17:22 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 74 Connection: keep-alive Set-Cookie: - x-bs-client-ip: OC40Ni4xMjMuMTc1 x-bs-request-id: MTAuMTQ2LjM1LjIxOjIwMjI6MzM3MDAwMzY3MzM2NDk3ODU2MDoyMDI0LTA1LTI1IDA3OjE3OjIx Remote-Ip: flowserver.pcs.bae.baidu.com Status: 404 Ohc-Cache-HIT: als3un70 [1], wzix103 [1] Ohc-File-Size: 74 X-Error-Info: Origin X-Cache-Status: MISS Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD Data Raw: 7b 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 33 33 37 30 30 30 33 36 37 33 33 36 34 39 37 38 35 36 30 2c 22 65 72 72 6d 73 67 22 3a 22 62 61 64 20 72 65 71 75 65 73 74 22 7d Data Ascii: {"error_code":404,"request_id":3370003673364978560,"errmsg":"bad request"}
May 25, 2024 01:17:22.760864973 CEST	448	OUT	GET /favicon.ico HTTP/1.1 Host: wppkg.baidupcs.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 25, 2024 01:17:23.256365061 CEST	1236	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Fri, 24 May 2024 23:17:23 GMT Content-Type: image/x-icon Content-Length: 4286 Connection: keep-alive Last-Modified: Thu, 21 Sep 2023 03:16:26 GMT ETag: "650bb58a-10be" Accept-Ranges: bytes Ohc-Cache-HIT: als3un62 [1], bdix231 [1] Ohc-File-Size: 4286 X-Cache-Status: MISS Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD Data Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 17 ff ff ff 7b ff ff ff c7 ff ff ff e7 ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ea ff ff ff d1 ff ff ff 94 ff ff ff 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 4e ff ff ff e4 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f8 ff ff ff 7c 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 4c ff ff ff fb ff ff ff ff ff ff ff ff [TRUNCATED] Data Ascii: ( @ {0N\|LE\|
May 25, 2024 01:17:23.258533955 CEST	1236	IN	Data Raw: ff f8 e7 c8 ff f0 c8 7e ff ec ba 5b ff ec b9 59 ff ef c4 76 ff f6 e1 bc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd Data Ascii: ~[YvscUBe`P
May 25, 2024 01:17:23.263536930 CEST	1236	IN	Data Raw: ff e6 8f 2a ff e4 87 1c ff f4 cf a4 ff ff ff ff ff ff ff ff ed ff ff ff ed ff ff ff ff fd f7 f0 ff ec a0 48 ff eb 94 2e ff eb 97 36 ff ee 95 28 ff df a5 6f ff a6 a2 f1 ff ab a8 f6 ff 77 71 ec ff 38 30 e3 ff 3c 34 e4 ff 3c 35 e8 ff 38 2e df ff b9 Data Ascii: *H.6(owq80<4<58.Rr/63.oe-5.I;<A2Q@0-93B;@;32ve>AA85
May 25, 2024 01:17:23.268464088 CEST	1089	IN	Data Raw: ff fb ad 52 ff fc b0 57 ff fc b1 59 ff fc ac 50 ff fc b8 69 ff ff f2 e4 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ed ff ff ff e8 ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: RWYPiZTVVUZ
May 25, 2024 01:17:23.307434082 CEST	1089	IN	Data Raw: ff fb ad 52 ff fc b0 57 ff fc b1 59 ff fc ac 50 ff fc b8 69 ff ff f2 e4 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ed ff ff ff e8 ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: RWYPiZTVVUZ
May 25, 2024 01:18:08.284077883 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	116.114.98.35	80	1376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 25, 2024 01:17:24.205434084 CEST	282	OUT	GET /favicon.ico HTTP/1.1 Host: wppkg.baidupcs.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 25, 2024 01:17:25.254333019 CEST	1236	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Fri, 24 May 2024 23:17:25 GMT Content-Type: image/x-icon Content-Length: 4286 Connection: keep-alive Last-Modified: Tue, 31 Oct 2023 08:22:40 GMT ETag: "6540b950-10be" Accept-Ranges: bytes Ohc-Cache-HIT: als3un62 [1], bdix231 [1] Ohc-File-Size: 4286 X-Cache-Status: MISS Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length Access-Control-Allow-Origin: * Data Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 17 ff ff ff 7b ff ff ff c7 ff ff ff e7 ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ed ff ff ff ea ff ff ff d1 ff ff ff 94 ff ff ff 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 4e ff ff ff e4 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f8 ff ff ff 7c 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 4c ff ff ff fb ff ff ff ff ff ff ff ff [TRUNCATED] Data Ascii: ( @ {0N\|LE\|
May 25, 2024 01:17:25.255610943 CEST	224	IN	Data Raw: ff f8 e7 c8 ff f0 c8 7e ff ec ba 5b ff ec b9 59 ff ef c4 76 ff f6 e1 bc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd Data Ascii: ~[YvscUBe`P
May 25, 2024 01:17:25.258339882 CEST	1236	IN	Data Raw: ff ff ff ff ff ff ff ff ee ff ff ff ee ff ff ff ff ff ff ff ff fa f0 e3 ff dc 8c 29 ff d3 70 00 ff d6 78 00 ff d5 77 00 ff d5 73 00 ff d5 73 00 ff d5 76 00 ff d6 78 00 ff d4 71 00 ff d8 80 14 ff f5 e2 c9 ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: )pxwssvxq% aEhrmr39xlrl~
May 25, 2024 01:17:25.258377075 CEST	1236	IN	Data Raw: ff f1 a0 41 ff f0 a0 41 ff ef 9b 38 ff ef 9a 35 ff ef 9a 35 ff f0 9c 39 ff f0 a0 42 ff f0 9e 3c ff f0 9e 3d ff fa e2 c5 ff ff ff ff ff ff ff ff ff ff ff ff ed ff ff ff ed ff ff ff ff ff ff ff ff ff ff ff ff fa e0 c1 ff f6 ad 55 ff f8 a8 3d ff c9 Data Ascii: AA8559B<=U=iD?A?A?:=>8FSPNKHCWlhMMLFWI\|Q_
May 25, 2024 01:17:25.261166096 CEST	865	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ed d9 ff ff d9 ac ff ff cf 95 ff ff ce 95 ff ff d8 aa ff ff ed d7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: \|
May 25, 2024 01:18:10.277118921 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	116.114.98.35	80	1376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 25, 2024 01:18:06.143536091 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	2.19.104.72	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 23:17:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-24 23:17:10 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=147161 Date: Fri, 24 May 2024 23:17:10 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	2.19.104.72	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 23:17:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-24 23:17:12 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=147082 Date: Fri, 24 May 2024 23:17:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-24 23:17:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5772, Parent PID: 3620

General

Target ID:	0
Start time:	19:17:01
Start date:	24/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1376, Parent PID: 5772

General

Target ID:	2
Start time:	19:17:03
Start date:	24/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2284,i,3381681460673931225,7676759459634345178,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6420, Parent PID: 3620

General

Target ID:	3
Start time:	19:17:06
Start date:	24/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5772, Parent PID: 3620

General

Chronological Activities

Analysis Process: chrome.exePID: 1376, Parent PID: 5772

General

Chronological Activities

Analysis Process: chrome.exePID: 6420, Parent PID: 3620

General

Windows Analysis Report
http://219.76.13.168/wppkg.baidupcs.com/issue/netdisk/gray//202405100252/ios_video_clarity_clut_20240510.zip