Edit tour

Windows Analysis Report
http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602

Overview

General Information

Sample URL:	http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602
Analysis ID:	1572095
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2008,i,5574893621511147718,15708177694219159916,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.98
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.98
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.100
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.100
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 842991738.747100519.128322614.784396125.visitorchecking.ru

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: classification engine

Classification label: mal48.win@20/0@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2008,i,5574893621511147718,15708177694219159916,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2008,i,5574893621511147718,15708177694219159916,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602	0%	Avira URL Cloud	safe
http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
842991738.747100519.128322614.784396125.visitorchecking.ru	104.21.25.129	true	false		high
www.google.com	142.250.181.100	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.25.129	842991738.747100519.128322614.784396125.visitorchecking.ru	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572095
Start date and time:	2024-12-10 05:41:26 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@20/0@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.17.46, 173.194.222.84, 172.217.17.78, 23.64.59.136, 192.229.221.95, 199.232.210.172, 172.217.17.67, 184.30.17.174, 20.12.23.50, 13.107.246.63
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://842991738.747100519.128322614.784396125.visitorchecking.ru Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://842991738.747100519.128322614.784396125.visitorchecking.ru

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 05:42:21.026310921 CET	49675	443	192.168.2.4	173.222.162.32
Dec 10, 2024 05:42:27.102807045 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:27.102834940 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:27.102919102 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:27.103106022 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:27.103116989 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:28.827661991 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:28.827960968 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:28.827982903 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:28.828999996 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:28.829164982 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:28.830236912 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:28.830300093 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:28.872097015 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:28.872109890 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:28.920186996 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:29.102318048 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:29.102349997 CET	443	49740	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:29.102443933 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:29.102749109 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:29.102760077 CET	443	49740	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:30.314760923 CET	443	49740	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:30.352222919 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.352236032 CET	443	49740	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:30.353091955 CET	443	49740	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:30.353163958 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.357234955 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.357264042 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.357289076 CET	443	49740	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:30.357342005 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.357389927 CET	49740	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.357681990 CET	49742	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.357696056 CET	443	49742	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:30.357793093 CET	49742	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.357980013 CET	49742	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:30.357989073 CET	443	49742	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:32.769392014 CET	443	49742	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:32.769598961 CET	49742	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:32.769669056 CET	443	49742	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:32.769714117 CET	49742	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:32.769979954 CET	49743	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:32.770004988 CET	443	49743	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:32.770075083 CET	49743	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:32.770406008 CET	49743	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:32.770416021 CET	443	49743	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:35.194246054 CET	443	49743	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:35.194561005 CET	49743	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:35.194657087 CET	443	49743	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:35.194720030 CET	49743	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:36.234978914 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:36.235007048 CET	443	49746	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:36.235110044 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:36.235230923 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:36.235277891 CET	443	49747	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:36.235337019 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:36.236473083 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:36.236490011 CET	443	49747	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:36.236722946 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:36.236741066 CET	443	49746	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.455037117 CET	443	49747	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.455303907 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.455332041 CET	443	49747	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.455636024 CET	443	49746	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.455797911 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.455820084 CET	443	49746	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.456223965 CET	443	49747	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.456290960 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.456604958 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.456624031 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.456664085 CET	443	49747	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.456671953 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.456804991 CET	443	49747	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.456823111 CET	443	49746	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.456861019 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.456880093 CET	49747	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.456917048 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.456931114 CET	49748	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.456947088 CET	443	49748	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.457274914 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457318068 CET	49748	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457340002 CET	443	49746	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.457369089 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457396984 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457407951 CET	443	49746	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.457418919 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457557917 CET	49749	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457576036 CET	443	49749	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.457578897 CET	49746	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457627058 CET	49749	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457736969 CET	49748	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457751989 CET	443	49748	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:37.457865953 CET	49749	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:37.457876921 CET	443	49749	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:38.497165918 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:38.497210979 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:38.497288942 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:39.031822920 CET	49738	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:42:39.031847000 CET	443	49738	142.250.181.100	192.168.2.4
Dec 10, 2024 05:42:39.934884071 CET	443	49748	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:39.935132027 CET	49748	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.935206890 CET	443	49748	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:39.935251951 CET	49748	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.935457945 CET	49753	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.935488939 CET	443	49753	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:39.935564041 CET	49753	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.935765028 CET	49753	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.935777903 CET	443	49753	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:39.936137915 CET	443	49749	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:39.936306953 CET	49749	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.936398029 CET	443	49749	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:39.936439037 CET	49749	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.936575890 CET	49754	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.936595917 CET	443	49754	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:39.936650038 CET	49754	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.936820030 CET	49754	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:39.936832905 CET	443	49754	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:40.271054029 CET	80	49723	217.20.58.98	192.168.2.4
Dec 10, 2024 05:42:40.271337032 CET	49723	80	192.168.2.4	217.20.58.98
Dec 10, 2024 05:42:40.271337032 CET	49723	80	192.168.2.4	217.20.58.98
Dec 10, 2024 05:42:40.390624046 CET	80	49723	217.20.58.98	192.168.2.4
Dec 10, 2024 05:42:42.347037077 CET	443	49753	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:42.347282887 CET	49753	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:42.347371101 CET	443	49753	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:42.347425938 CET	49753	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:42.349237919 CET	443	49754	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:42.349390984 CET	49754	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:42.349478006 CET	443	49754	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:42.349529028 CET	49754	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:47.362392902 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:47.362425089 CET	443	49756	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:47.362508059 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:47.362571955 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:47.362624884 CET	443	49757	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:47.362675905 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:47.363464117 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:47.363480091 CET	443	49757	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:47.363657951 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:47.363671064 CET	443	49756	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.572849035 CET	443	49757	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.573937893 CET	443	49756	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.574388027 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.574400902 CET	443	49756	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.574839115 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.574867010 CET	443	49757	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.575268030 CET	443	49756	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.575331926 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.575871944 CET	443	49757	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.575921059 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.576093912 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.576150894 CET	443	49756	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.576345921 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.576351881 CET	443	49756	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.576406956 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.576433897 CET	49756	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.576863050 CET	49758	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.576877117 CET	443	49758	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.576932907 CET	49758	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.577701092 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.577713013 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.577763081 CET	443	49757	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.577814102 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.577826023 CET	443	49757	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.577830076 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.577868938 CET	49757	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.578325987 CET	49759	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.578349113 CET	443	49759	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.578397036 CET	49759	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.578547955 CET	49758	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.578562021 CET	443	49758	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:48.578890085 CET	49759	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:48.578902960 CET	443	49759	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.023041010 CET	443	49759	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.023180962 CET	443	49758	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.023233891 CET	443	49759	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.023287058 CET	49759	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.023318052 CET	443	49759	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.023360968 CET	443	49758	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.023458004 CET	49759	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.023458004 CET	49758	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.023660898 CET	49760	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.023690939 CET	443	49760	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.023746014 CET	49760	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.023808002 CET	49758	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.023823023 CET	443	49758	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.023999929 CET	49761	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.024036884 CET	443	49761	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.024101973 CET	49761	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.024243116 CET	49760	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.024255991 CET	443	49760	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:51.024391890 CET	49761	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:51.024405956 CET	443	49761	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:53.435503960 CET	443	49761	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:53.435959101 CET	443	49760	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:53.436089993 CET	443	49761	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:53.436178923 CET	49761	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:53.436968088 CET	443	49760	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:53.437019110 CET	49760	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:53.454878092 CET	49760	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:53.454895973 CET	443	49760	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:53.457873106 CET	49761	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:42:53.457889080 CET	443	49761	104.21.25.129	192.168.2.4
Dec 10, 2024 05:42:55.252944946 CET	80	49724	217.20.58.100	192.168.2.4
Dec 10, 2024 05:42:55.253242970 CET	49724	80	192.168.2.4	217.20.58.100
Dec 10, 2024 05:42:55.253242970 CET	49724	80	192.168.2.4	217.20.58.100
Dec 10, 2024 05:42:55.372585058 CET	80	49724	217.20.58.100	192.168.2.4
Dec 10, 2024 05:43:23.501456976 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:23.501498938 CET	443	49775	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:23.501583099 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:23.501877069 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:23.501923084 CET	443	49776	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:23.502382040 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:23.502398014 CET	443	49775	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:23.502418995 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:23.502665997 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:23.502676010 CET	443	49776	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.710836887 CET	443	49775	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.711093903 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.711114883 CET	443	49775	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.712042093 CET	443	49775	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.712115049 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.712337971 CET	443	49776	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.712431908 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.712455034 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.712495089 CET	443	49775	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.712507010 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.712544918 CET	49775	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.712758064 CET	49782	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.712789059 CET	443	49782	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.712847948 CET	49782	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.712904930 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.712918043 CET	443	49776	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.713079929 CET	49782	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.713093042 CET	443	49782	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.713953972 CET	443	49776	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.714025021 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.714371920 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.714389086 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.714425087 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.714443922 CET	443	49776	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.714487076 CET	49776	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.714682102 CET	49783	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.714711905 CET	443	49783	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:24.714764118 CET	49783	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.714939117 CET	49783	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:24.714956045 CET	443	49783	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.028354883 CET	49789	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:43:27.028372049 CET	443	49789	142.250.181.100	192.168.2.4
Dec 10, 2024 05:43:27.028453112 CET	49789	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:43:27.028682947 CET	49789	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:43:27.028695107 CET	443	49789	142.250.181.100	192.168.2.4
Dec 10, 2024 05:43:27.168255091 CET	443	49782	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.168448925 CET	49782	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.168525934 CET	443	49782	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.168585062 CET	49782	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.168767929 CET	49790	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.168776989 CET	443	49790	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.168834925 CET	49790	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.169034004 CET	49790	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.169040918 CET	443	49790	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.181977034 CET	443	49783	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.182336092 CET	443	49783	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.182410955 CET	49783	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.182949066 CET	49783	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.182955980 CET	443	49783	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.183226109 CET	49791	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.183248043 CET	443	49791	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:27.183315992 CET	49791	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.183515072 CET	49791	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:27.183527946 CET	443	49791	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:28.719789028 CET	443	49789	142.250.181.100	192.168.2.4
Dec 10, 2024 05:43:28.720079899 CET	49789	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:43:28.720093012 CET	443	49789	142.250.181.100	192.168.2.4
Dec 10, 2024 05:43:28.720387936 CET	443	49789	142.250.181.100	192.168.2.4
Dec 10, 2024 05:43:28.720690966 CET	49789	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:43:28.720748901 CET	443	49789	142.250.181.100	192.168.2.4
Dec 10, 2024 05:43:28.774349928 CET	49789	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:43:29.621211052 CET	443	49791	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:29.621448994 CET	49791	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:29.621541977 CET	443	49791	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:29.621592045 CET	49791	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:29.624211073 CET	443	49790	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:29.624376059 CET	49790	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:29.624429941 CET	443	49790	104.21.25.129	192.168.2.4
Dec 10, 2024 05:43:29.624483109 CET	49790	443	192.168.2.4	104.21.25.129
Dec 10, 2024 05:43:38.417301893 CET	443	49789	142.250.181.100	192.168.2.4
Dec 10, 2024 05:43:38.417346001 CET	443	49789	142.250.181.100	192.168.2.4
Dec 10, 2024 05:43:38.417536020 CET	49789	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:43:39.026563883 CET	49789	443	192.168.2.4	142.250.181.100
Dec 10, 2024 05:43:39.026576042 CET	443	49789	142.250.181.100	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 05:42:22.697551966 CET	53	53160	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:22.708775997 CET	53	52176	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:26.171401024 CET	53	54742	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:26.964315891 CET	58947	53	192.168.2.4	1.1.1.1
Dec 10, 2024 05:42:26.964443922 CET	54570	53	192.168.2.4	1.1.1.1
Dec 10, 2024 05:42:27.101396084 CET	53	58947	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:27.102035046 CET	53	54570	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:28.450042963 CET	56886	53	192.168.2.4	1.1.1.1
Dec 10, 2024 05:42:28.455941916 CET	61172	53	192.168.2.4	1.1.1.1
Dec 10, 2024 05:42:28.958178997 CET	53	56886	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:28.959295988 CET	53	61172	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:28.961591005 CET	56869	53	192.168.2.4	1.1.1.1
Dec 10, 2024 05:42:28.961724043 CET	52360	53	192.168.2.4	1.1.1.1
Dec 10, 2024 05:42:29.100902081 CET	53	56869	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:29.101818085 CET	53	52360	1.1.1.1	192.168.2.4
Dec 10, 2024 05:42:39.921637058 CET	138	138	192.168.2.4	192.168.2.255
Dec 10, 2024 05:42:43.233978033 CET	53	60310	1.1.1.1	192.168.2.4
Dec 10, 2024 05:43:02.179997921 CET	53	50585	1.1.1.1	192.168.2.4
Dec 10, 2024 05:43:22.539942026 CET	53	56507	1.1.1.1	192.168.2.4
Dec 10, 2024 05:43:24.921251059 CET	53	65045	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 10, 2024 05:42:26.964315891 CET	192.168.2.4	1.1.1.1	0x4aa9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 05:42:26.964443922 CET	192.168.2.4	1.1.1.1	0x40ea	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 10, 2024 05:42:28.450042963 CET	192.168.2.4	1.1.1.1	0x180b	Standard query (0)	842991738.747100519.128322614.784396125.visitorchecking.ru	A (IP address)	IN (0x0001)	false
Dec 10, 2024 05:42:28.455941916 CET	192.168.2.4	1.1.1.1	0x2761	Standard query (0)	842991738.747100519.128322614.784396125.visitorchecking.ru	65	IN (0x0001)	false
Dec 10, 2024 05:42:28.961591005 CET	192.168.2.4	1.1.1.1	0x566c	Standard query (0)	842991738.747100519.128322614.784396125.visitorchecking.ru	A (IP address)	IN (0x0001)	false
Dec 10, 2024 05:42:28.961724043 CET	192.168.2.4	1.1.1.1	0x1da6	Standard query (0)	842991738.747100519.128322614.784396125.visitorchecking.ru	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 10, 2024 05:42:27.101396084 CET	1.1.1.1	192.168.2.4	0x4aa9	No error (0)	www.google.com	142.250.181.100	A (IP address)	IN (0x0001)	false
Dec 10, 2024 05:42:27.102035046 CET	1.1.1.1	192.168.2.4	0x40ea	No error (0)	www.google.com		65	IN (0x0001)	false
Dec 10, 2024 05:42:28.958178997 CET	1.1.1.1	192.168.2.4	0x180b	No error (0)	842991738.747100519.128322614.784396125.visitorchecking.ru	104.21.25.129	A (IP address)	IN (0x0001)	false
Dec 10, 2024 05:42:28.958178997 CET	1.1.1.1	192.168.2.4	0x180b	No error (0)	842991738.747100519.128322614.784396125.visitorchecking.ru	172.67.134.63	A (IP address)	IN (0x0001)	false
Dec 10, 2024 05:42:28.959295988 CET	1.1.1.1	192.168.2.4	0x2761	No error (0)	842991738.747100519.128322614.784396125.visitorchecking.ru		65	IN (0x0001)	false
Dec 10, 2024 05:42:29.100902081 CET	1.1.1.1	192.168.2.4	0x566c	No error (0)	842991738.747100519.128322614.784396125.visitorchecking.ru	104.21.25.129	A (IP address)	IN (0x0001)	false
Dec 10, 2024 05:42:29.100902081 CET	1.1.1.1	192.168.2.4	0x566c	No error (0)	842991738.747100519.128322614.784396125.visitorchecking.ru	172.67.134.63	A (IP address)	IN (0x0001)	false
Dec 10, 2024 05:42:29.101818085 CET	1.1.1.1	192.168.2.4	0x1da6	No error (0)	842991738.747100519.128322614.784396125.visitorchecking.ru		65	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1420, Parent PID: 1800

General

Target ID:	0
Start time:	23:42:16
Start date:	09/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6108, Parent PID: 1420

General

Target ID:	2
Start time:	23:42:21
Start date:	09/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2008,i,5574893621511147718,15708177694219159916,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6552, Parent PID: 1800

General

Target ID:	3
Start time:	23:42:27
Start date:	09/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1420, Parent PID: 1800

General

Chronological Activities

Analysis Process: chrome.exePID: 6108, Parent PID: 1420

General

Chronological Activities

Analysis Process: chrome.exePID: 6552, Parent PID: 1800

General

Chronological Activities

Disassembly

Windows Analysis Report
http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602