Edit tour

Windows Analysis Report
https://3jryhyqvpxiqpvx.duckdns.org/

Overview

General Information

Sample URL:	https://3jryhyqvpxiqpvx.duckdns.org/
Analysis ID:	1466513
Infos:

Errors URL not reachable

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Uses dynamic DNS services

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,9404486237465622227,9361978775791284982,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://3jryhyqvpxiqpvx.duckdns.org/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://3jryhyqvpxiqpvx.duckdns.org/	Avira URL Cloud: detection malicious, Label: malware
Source: https://3jryhyqvpxiqpvx.duckdns.org/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://3jryhyqvpxiqpvx.duckdns.org/favicon.ico

Avira URL Cloud: Label: malware

Source: https://3jryhyqvpxiqpvx.duckdns.org/

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:52657 version: TLS 1.0

Networking

Uses dynamic DNS services

Source: unknown

DNS query: name: 3jryhyqvpxiqpvx.duckdns.org

Source: global traffic

TCP traffic: 192.168.2.8:52656 -> 1.1.1.1:53

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:52657 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 3jryhyqvpxiqpvx.duckdns.orgConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 3jryhyqvpxiqpvx.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://3jryhyqvpxiqpvx.duckdns.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 3jryhyqvpxiqpvx.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Tue, 02 Jul 2024 22:53:44 GMTserver: LiteSpeedconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Tue, 02 Jul 2024 22:53:44 GMTserver: LiteSpeedconnection: close

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52657
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: classification engine

Classification label: mal60.troj.win@19/10@11/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,9404486237465622227,9361978775791284982,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://3jryhyqvpxiqpvx.duckdns.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,9404486237465622227,9361978775791284982,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	14 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://3jryhyqvpxiqpvx.duckdns.org/	100%	Avira URL Cloud	malware
https://3jryhyqvpxiqpvx.duckdns.org/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://3jryhyqvpxiqpvx.duckdns.org/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.181.238	true	false	unknown
3jryhyqvpxiqpvx.duckdns.org	103.13.207.150	true	true	unknown
www.google.com	216.58.206.36	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://3jryhyqvpxiqpvx.duckdns.org/favicon.ico	true	Avira URL Cloud: malware	unknown
https://3jryhyqvpxiqpvx.duckdns.org/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
103.13.207.150	3jryhyqvpxiqpvx.duckdns.org	unknown	55843	ATS-GLNET-SGAcclivisTechnologySolutionSG	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466513
Start date and time:	2024-07-03 00:52:35 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://3jryhyqvpxiqpvx.duckdns.org/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.troj.win@19/10@11/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.185.174, 74.125.71.84, 34.104.35.123, 184.28.90.27, 52.165.165.26, 192.229.221.95, 13.85.23.206, 13.95.31.18
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://3jryhyqvpxiqpvx.duckdns.org/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://3jryhyqvpxiqpvx.duckdns.org/ Model: Perplexity: mixtral-8x7b-instruct	{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title and text of the webpage do not contain a login form, as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The title and text of the webpage do not create a sense of urgency or interest, as there are no phrases that encourage the user to click a link or view a document.","The title and text of the webpage do not contain a CAPTCHA or any other anti-robot detection mechanism."]}
Title: 404 Not Found OCR: 404 Not Found The resource requested could not be tound on this server' Proudly 1K)wered by LiteS'Eed Web Server Please advised that LiteSgE-ed Technologies Inc. is not a web hosting cornpany and, as such, has no contr(l over found on this site.

Input

Output

URL: https://3jryhyqvpxiqpvx.duckdns.org/ Model: Perplexity: mixtral-8x7b-instruct

{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title and text of the webpage do not contain a login form, as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The title and text of the webpage do not create a sense of urgency or interest, as there are no phrases that encourage the user to click a link or view a document.","The title and text of the webpage do not contain a CAPTCHA or any other anti-robot detection mechanism."]}

Title: 404 Not Found OCR: 404 Not Found The resource requested could not be tound on this server' Proudly 1K)wered by LiteS'Eed Web Server Please advised that LiteSgE-ed Technologies Inc. is not a web hosting cornpany and, as such, has no contr(l over found on this site.

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 21:53:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9849882236824445
Encrypted:	false
SSDEEP:	48:820dJTR1WHXZidAKZdA1oehwiZUklqehhy+3:82+bFiy
MD5:	9B87061CD0387747BBAD74B58419FEEE
SHA1:	E7E43C1DDEEEE483C47710387F1223FAF8B65149
SHA-256:	175E23FE8EFC62FB18735DA774D911950D39484066E5C211FEF47BE104BE010B
SHA-512:	86663D7549C04E43555FFB72BAD0BA34ADF99D738D6E7AB53869F80E1EEBBD9534202E8709679F3CD3D0A1E7F2ECCDB6B68F841E801DBEB7B1664017D31AAA60
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....HI%.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............0.b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 21:53:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.002586831927899
Encrypted:	false
SSDEEP:	48:8H0dJTR1WHXZidAKZdA1leh/iZUkAQkqehSy+2:8H+bf9Q/y
MD5:	40CCAB3A75DD5CC0A581E91A22158B4A
SHA1:	5DF8D4236A24939F7354F64FC66D022ACD4CD4AF
SHA-256:	018E60AA6C7E0B8021BA97F0A1D988FAEC4AC24C84CAD81852AC1A4ABA1BD101
SHA-512:	D14CF255AF16839273B3B3E85BF2403B4D9FB1FCBF2FD2CF1A42F61E5AD7D749953080D3262AB6CF1674C0983FB66E7BCBDDA26B98C3928E5E5F347CBA61037B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............0.b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.009646309875094
Encrypted:	false
SSDEEP:	48:8s0dJTR1bHXZidAKZdA14t5eh7sFiZUkmgqeh7sgy+BX:8s+bMnmy
MD5:	29F04EE5DA7C30106D543749EBBED8C1
SHA1:	6C94D26E0E8425C24BFA373E15A967BF1B90CA12
SHA-256:	149DD437221900726BF83E8A242A273680F6C2E16A5E902ED05164D538C86D19
SHA-512:	0F5D56B67BE16C1AB94C45B439981B0C146357386297E831184FF0ED21FCF1A1D23B638CC3FF81ECE72D75957DB691DFFBDB70707969F6EA54507E78217BD03B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............0.b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 21:53:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9999012652144934
Encrypted:	false
SSDEEP:	48:8N0dJTR1WHXZidAKZdA16ehDiZUkwqehuy+R:8N+bsoy
MD5:	8B7BC7281FD3C07834E53AE07834A498
SHA1:	6E5799D088289DBA3A4EB111D6C9165BAFCC056F
SHA-256:	7721B658331FE141B47A94D7432566C2571819B9FCC4255E852E04A3F93F3C0F
SHA-512:	272C7201BCCF47FD7E75E5E4BDF68DC8C7D8F9C09E51AA65F253E7E525A02C5394B234F97943C95FF8F97325A51558A0338DA1D61491B6144D09EE71E9A171C5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............0.b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 21:53:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.989640024563065
Encrypted:	false
SSDEEP:	48:8W0dJTR1WHXZidAKZdA1UehBiZUk1W1qehEy+C:8W+bc9ky
MD5:	48DA9B0292C0012AF40C49D30A286565
SHA1:	97DE571ADDD206821955FC1EC1F78CB4D95E238C
SHA-256:	D570EDE6C3FABB999D46758B1950E4D8F3B4F6C0338103FDCF366406C1F40B0B
SHA-512:	EE8362281513783D26F072AA24814BD3596970E2D81D1181E125368D08B593E0E7B4F6696B1F66A6F367B2DDAB02B7DCAF9E51888787E8065486B5305A182952
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...... .....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............0.b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 21:53:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.002834075256519
Encrypted:	false
SSDEEP:	48:890dJTR1WHXZidAKZdA1duTrehOuTbbiZUk5OjqehOuTbmy+yT+:89+bZTYTbxWOvTbmy7T
MD5:	55986C07AF9D46BCF1EE663C9C864D44
SHA1:	6BFCA940A9931239E1B2D081923B0C8464A2D32D
SHA-256:	A4E7FB171AB4610DB8A253E5551D0DCFCE8D3EB93F4B9F81A4FB198691995712
SHA-512:	928CFA3B15C7CFCB81DEEDCE6A5E7F443AA7D1445A2D6AE5D311E06EE216766D3A95A77D328F636B951614D5C062214032F36A5791A8B90149375443D0E16B62
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............0.b.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1249
Entropy (8bit):	5.242453121762845
Encrypted:	false
SSDEEP:	24:hYYIzD6yJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rq6Kj2CZLY5Mc6NDLYzkYKLlOM
MD5:	F58515DFE987F7E027C8A71BBC884621
SHA1:	BEC6AEBF5940EA88FBBFF5748D539453D49FA284
SHA-256:	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
SHA-512:	F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140
Malicious:	false
Reputation:	low
URL:	https://3jryhyqvpxiqpvx.duckdns.org/favicon.ico
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<title> 404 Not Found..</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1249
Entropy (8bit):	5.242453121762845
Encrypted:	false
SSDEEP:	24:hYYIzD6yJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rq6Kj2CZLY5Mc6NDLYzkYKLlOM
MD5:	F58515DFE987F7E027C8A71BBC884621
SHA1:	BEC6AEBF5940EA88FBBFF5748D539453D49FA284
SHA-256:	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
SHA-512:	F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140
Malicious:	false
Reputation:	low
URL:	https://3jryhyqvpxiqpvx.duckdns.org/
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<title> 404 Not Found..</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 00:53:22.314754963 CEST	49677	80	192.168.2.8	192.229.211.108
Jul 3, 2024 00:53:25.392858982 CEST	49673	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:25.736623049 CEST	49672	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:26.033482075 CEST	49676	443	192.168.2.8	52.182.143.211
Jul 3, 2024 00:53:27.283584118 CEST	49671	443	192.168.2.8	204.79.197.203
Jul 3, 2024 00:53:27.627217054 CEST	49677	80	192.168.2.8	192.229.211.108
Jul 3, 2024 00:53:34.993659019 CEST	49673	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:35.337393999 CEST	49672	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:35.634288073 CEST	49676	443	192.168.2.8	52.182.143.211
Jul 3, 2024 00:53:36.097585917 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:36.097631931 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:36.097702026 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:36.098479033 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:36.098490000 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:36.767530918 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:36.780014992 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:36.780029058 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:36.781428099 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:36.781543016 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:36.789300919 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:36.789500952 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:36.838146925 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:36.838162899 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:36.885046005 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:37.056936026 CEST	443	49704	23.206.229.226	192.168.2.8
Jul 3, 2024 00:53:37.057090998 CEST	49704	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:38.259862900 CEST	49677	80	192.168.2.8	192.229.211.108
Jul 3, 2024 00:53:39.969378948 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:39.969420910 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:39.969626904 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:39.970190048 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:39.970227957 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:39.972315073 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:39.972372055 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:39.972500086 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:39.974215031 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:39.974231005 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.952548981 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.952969074 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:43.952999115 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.954179049 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.954250097 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:43.956195116 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.961395979 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:43.961416960 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.961889982 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:43.961983919 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.962435961 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:43.962444067 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.962723017 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:43.962816954 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:43.965272903 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:43.965385914 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:44.009409904 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:44.009547949 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:44.009565115 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:44.056905985 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:44.532695055 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:44.532814026 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:44.532960892 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:44.535465002 CEST	49716	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:44.535485029 CEST	443	49716	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:44.734077930 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:44.780503035 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:45.074816942 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:45.074925900 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:45.074966908 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:45.094558001 CEST	49715	443	192.168.2.8	103.13.207.150
Jul 3, 2024 00:53:45.094584942 CEST	443	49715	103.13.207.150	192.168.2.8
Jul 3, 2024 00:53:46.712155104 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:46.712243080 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:46.712560892 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:47.817305088 CEST	52656	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:47.822163105 CEST	53	52656	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:47.822237968 CEST	52656	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:47.825081110 CEST	52656	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:47.830132961 CEST	53	52656	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:48.223329067 CEST	49704	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:48.223472118 CEST	49704	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:48.224152088 CEST	52657	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:48.224189997 CEST	443	52657	23.206.229.226	192.168.2.8
Jul 3, 2024 00:53:48.224406004 CEST	52657	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:48.224782944 CEST	52657	443	192.168.2.8	23.206.229.226
Jul 3, 2024 00:53:48.224798918 CEST	443	52657	23.206.229.226	192.168.2.8
Jul 3, 2024 00:53:48.230777979 CEST	443	49704	23.206.229.226	192.168.2.8
Jul 3, 2024 00:53:48.230792046 CEST	443	49704	23.206.229.226	192.168.2.8
Jul 3, 2024 00:53:48.288309097 CEST	53	52656	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:48.289086103 CEST	52656	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:48.294250965 CEST	53	52656	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:48.294336081 CEST	52656	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:48.487992048 CEST	49712	443	192.168.2.8	216.58.206.36
Jul 3, 2024 00:53:48.488028049 CEST	443	49712	216.58.206.36	192.168.2.8
Jul 3, 2024 00:53:48.814909935 CEST	443	52657	23.206.229.226	192.168.2.8
Jul 3, 2024 00:53:48.814999104 CEST	52657	443	192.168.2.8	23.206.229.226

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 00:53:31.821005106 CEST	53	60801	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:31.890501976 CEST	53	63969	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:32.874773026 CEST	53	58487	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:32.962089062 CEST	59777	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:32.962249994 CEST	64379	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:33.083372116 CEST	53	64379	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:33.084541082 CEST	53	59777	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:33.086286068 CEST	54025	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:33.207492113 CEST	53	54025	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:33.265103102 CEST	51956	53	192.168.2.8	8.8.8.8
Jul 3, 2024 00:53:33.265368938 CEST	63159	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:33.273260117 CEST	53	63159	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:33.280337095 CEST	53	51956	8.8.8.8	192.168.2.8
Jul 3, 2024 00:53:34.270370007 CEST	49931	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:34.270545006 CEST	52393	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:34.376251936 CEST	53	52393	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:34.392126083 CEST	53	49931	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:36.077881098 CEST	64443	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:36.078655958 CEST	60773	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:36.088872910 CEST	53	64443	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:36.094470978 CEST	53	60773	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:39.438585043 CEST	56476	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:39.438745022 CEST	56891	53	192.168.2.8	1.1.1.1
Jul 3, 2024 00:53:39.560286045 CEST	53	56891	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:39.560734987 CEST	53	56476	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:47.815913916 CEST	53	60935	1.1.1.1	192.168.2.8
Jul 3, 2024 00:53:49.925880909 CEST	53	49203	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 3, 2024 00:53:32.962089062 CEST	192.168.2.8	1.1.1.1	0xb0de	Standard query (0)	3jryhyqvpxiqpvx.duckdns.org	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:32.962249994 CEST	192.168.2.8	1.1.1.1	0x299f	Standard query (0)	3jryhyqvpxiqpvx.duckdns.org	65	IN (0x0001)	false
Jul 3, 2024 00:53:33.086286068 CEST	192.168.2.8	1.1.1.1	0xca1e	Standard query (0)	3jryhyqvpxiqpvx.duckdns.org	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:33.265103102 CEST	192.168.2.8	8.8.8.8	0xf123	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:33.265368938 CEST	192.168.2.8	1.1.1.1	0xdfa5	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:34.270370007 CEST	192.168.2.8	1.1.1.1	0xb16f	Standard query (0)	3jryhyqvpxiqpvx.duckdns.org	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:34.270545006 CEST	192.168.2.8	1.1.1.1	0xf00d	Standard query (0)	3jryhyqvpxiqpvx.duckdns.org	65	IN (0x0001)	false
Jul 3, 2024 00:53:36.077881098 CEST	192.168.2.8	1.1.1.1	0x306f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:36.078655958 CEST	192.168.2.8	1.1.1.1	0x8a81	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 3, 2024 00:53:39.438585043 CEST	192.168.2.8	1.1.1.1	0xafdb	Standard query (0)	3jryhyqvpxiqpvx.duckdns.org	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:39.438745022 CEST	192.168.2.8	1.1.1.1	0x6910	Standard query (0)	3jryhyqvpxiqpvx.duckdns.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 3, 2024 00:53:33.083372116 CEST	1.1.1.1	192.168.2.8	0x299f	Name error (3)	3jryhyqvpxiqpvx.duckdns.org	none	none	65	IN (0x0001)	false
Jul 3, 2024 00:53:33.084541082 CEST	1.1.1.1	192.168.2.8	0xb0de	Name error (3)	3jryhyqvpxiqpvx.duckdns.org	none	none	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:33.207492113 CEST	1.1.1.1	192.168.2.8	0xca1e	Name error (3)	3jryhyqvpxiqpvx.duckdns.org	none	none	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:33.273260117 CEST	1.1.1.1	192.168.2.8	0xdfa5	No error (0)	google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:33.280337095 CEST	8.8.8.8	192.168.2.8	0xf123	No error (0)	google.com		172.217.168.78	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:34.392126083 CEST	1.1.1.1	192.168.2.8	0xb16f	Name error (3)	3jryhyqvpxiqpvx.duckdns.org	none	none	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:36.088872910 CEST	1.1.1.1	192.168.2.8	0x306f	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:36.094470978 CEST	1.1.1.1	192.168.2.8	0x8a81	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 3, 2024 00:53:39.560286045 CEST	1.1.1.1	192.168.2.8	0x6910	Name error (3)	3jryhyqvpxiqpvx.duckdns.org	none	none	65	IN (0x0001)	false
Jul 3, 2024 00:53:39.560734987 CEST	1.1.1.1	192.168.2.8	0xafdb	No error (0)	3jryhyqvpxiqpvx.duckdns.org		103.13.207.150	A (IP address)	IN (0x0001)	false
Jul 3, 2024 00:53:46.670767069 CEST	1.1.1.1	192.168.2.8	0x6d5e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 00:53:46.670767069 CEST	1.1.1.1	192.168.2.8	0x6d5e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

3jryhyqvpxiqpvx.duckdns.org

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49716	103.13.207.150	443	2704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 22:53:43 UTC	696	OUT	GET / HTTP/1.1 Host: 3jryhyqvpxiqpvx.duckdns.org Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 22:53:44 UTC	211	IN	HTTP/1.1 404 Not Found content-type: text/html cache-control: private, no-cache, max-age=0 pragma: no-cache content-length: 1249 date: Tue, 02 Jul 2024 22:53:44 GMT server: LiteSpeed connection: close
2024-07-02 22:53:44 UTC	1249	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49715	103.13.207.150	443	2704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-02 22:53:44 UTC	610	OUT	GET /favicon.ico HTTP/1.1 Host: 3jryhyqvpxiqpvx.duckdns.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://3jryhyqvpxiqpvx.duckdns.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-02 22:53:45 UTC	211	IN	HTTP/1.1 404 Not Found content-type: text/html cache-control: private, no-cache, max-age=0 pragma: no-cache content-length: 1249 date: Tue, 02 Jul 2024 22:53:44 GMT server: LiteSpeed connection: close
2024-07-02 22:53:45 UTC	1249	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6864, Parent PID: 4100

General

Target ID:	0
Start time:	18:53:25
Start date:	02/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2704, Parent PID: 6864

General

Target ID:	2
Start time:	18:53:29
Start date:	02/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,9404486237465622227,9361978775791284982,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7024, Parent PID: 4100

General

Target ID:	3
Start time:	18:53:31
Start date:	02/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://3jryhyqvpxiqpvx.duckdns.org/"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://3jryhyqvpxiqpvx.duckdns.org/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6864, Parent PID: 4100

General

Chronological Activities

Analysis Process: chrome.exePID: 2704, Parent PID: 6864

Windows Analysis Report
https://3jryhyqvpxiqpvx.duckdns.org/