Edit tour

Windows Analysis Report
http://sos-ch-dk-2.exo.io

Overview

General Information

Sample URL:http://sos-ch-dk-2.exo.io
Analysis ID:1587308
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 3128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1984,i,16115299869638035160,16612179982992934644,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sos-ch-dk-2.exo.io" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:53683 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.4:60163 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sos-ch-dk-2.exo.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sos-ch-dk-2.exo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://sos-ch-dk-2.exo.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: sos-ch-dk-2.exo.io
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: e74b3bdd-8fa3-4d8b-84aa-91eb53d4cfecx-amzn-request-id: e74b3bdd-8fa3-4d8b-84aa-91eb53d4cfecx-amz-id-2: e74b3bdd-8fa3-4d8b-84aa-91eb53d4cfeccontent-length: 110content-type: application/xmlserver: Aleph/0.6.0date: Fri, 10 Jan 2025 04:50:22 GMThost: sos-ch-dk-2.exo.ioData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundx-amz-request-id: d21ae68d-990f-404e-8f0b-76a6e9958b2ex-amzn-request-id: d21ae68d-990f-404e-8f0b-76a6e9958b2ex-amz-id-2: d21ae68d-990f-404e-8f0b-76a6e9958b2econtent-length: 169content-type: application/xmlserver: Aleph/0.6.0date: Fri, 10 Jan 2025 04:50:23 GMThost: sos-ch-dk-2.exo.ioData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 42 75 63 6b 65 74 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 62 75 63 6b 65 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist.</Message><BucketName>favicon.ico</BucketName></Error>
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53768
Source: unknownNetwork traffic detected: HTTP traffic on port 53768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: classification engineClassification label: clean0.win@16/4@4/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1984,i,16115299869638035160,16612179982992934644,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sos-ch-dk-2.exo.io"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1984,i,16115299869638035160,16612179982992934644,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1587308 URL: http://sos-ch-dk-2.exo.io Startdate: 10/01/2025 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49345 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.185.228, 443, 49738, 53768 GOOGLEUS United States 10->17 19 lb-ch-dk-2.exo.io 194.182.165.210, 49740, 49741, 80 EXOSCALECH Switzerland 10->19 21 sos-ch-dk-2.exo.io 10->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://sos-ch-dk-2.exo.io0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
lb-ch-dk-2.exo.io
194.182.165.210
truefalse
    unknown
    www.google.com
    142.250.185.228
    truefalse
      high
      sos-ch-dk-2.exo.io
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        http://sos-ch-dk-2.exo.io/favicon.icofalse
          high
          http://sos-ch-dk-2.exo.io/false
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            142.250.185.228
            www.google.comUnited States
            15169GOOGLEUSfalse
            194.182.165.210
            lb-ch-dk-2.exo.ioSwitzerland
            61098EXOSCALECHfalse
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            IP
            192.168.2.4
            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1587308
            Start date and time:2025-01-10 05:49:18 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 2m 59s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:http://sos-ch-dk-2.exo.io
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean0.win@16/4@4/4
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.181.227, 142.250.186.78, 64.233.184.84, 172.217.18.110, 142.250.185.142, 142.250.184.206, 199.232.214.172, 192.229.221.95, 216.58.206.78, 142.250.185.238, 142.250.186.142, 172.217.18.3, 142.250.181.238, 2.23.242.162, 172.202.163.200, 20.3.187.198, 13.107.246.45
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: http://sos-ch-dk-2.exo.io
            No simulations
            No context
            No context
            No context
            No context
            No context
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:XML 1.0 document, ASCII text, with no line terminators
            Category:downloaded
            Size (bytes):110
            Entropy (8bit):4.6232678388053445
            Encrypted:false
            SSDEEP:3:vFWWMNHU8LdgCfIqZj+PBMkmKqWWU66bukoL9KgqLn:TMVBd/IqZjZvKtWRV8g6n
            MD5:CCE2C8B7CEB5C2AD4147C8C2EDB1DD57
            SHA1:A45979D22E5F7A3B152C4F6EFAA9DFDFCFE7E5A7
            SHA-256:D9228B355C91A1939BE25F83F7D6ACC1F39DB8DFA5C37643FB710934F4E5CD40
            SHA-512:C902C049FEF3487CDC387E89E60068A9EDA89182249E1CFF77FEC50983DD9E4EB7529EC2BA280B89303149F2F3862186541530F79500C80726BE1DCC37C9895B
            Malicious:false
            Reputation:low
            URL:http://sos-ch-dk-2.exo.io/
            Preview:<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:XML 1.0 document, ASCII text, with no line terminators
            Category:downloaded
            Size (bytes):169
            Entropy (8bit):4.933248824592941
            Encrypted:false
            SSDEEP:3:vFWWMNHU8LdgCfIqZj++anCA/cAbWWUAVMABJRvWQBWRaWWU9nQkXTMJLMunQko2:TMVBd/IqZj7rAIWt5dTgRdW6sLMoiKvn
            MD5:3D6AA58C4F15BF83C29ACA18AAD95AB2
            SHA1:74540612914CDA9957CD2ECF9C6DB82E01F4CA70
            SHA-256:2686FB6EDE2A99746AA46E78B6704F20389EF6CE285819365F3D150A3252C140
            SHA-512:DD67B30E6B8A361F21F6D6476CF8E721BC390A16C4EA3156430E809238C68C40E5D8FCC267612807F914D7873155AE5C591E333D54C2AC9304EB48AAAE955AC3
            Malicious:false
            Reputation:low
            URL:http://sos-ch-dk-2.exo.io/favicon.ico
            Preview:<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist.</Message><BucketName>favicon.ico</BucketName></Error>
            No static file info

            Download Network PCAP: filteredfull

            • Total Packets: 50
            • 443 (HTTPS)
            • 80 (HTTP)
            • 53 (DNS)
            TimestampSource PortDest PortSource IPDest IP
            Jan 10, 2025 05:50:18.154196024 CET49675443192.168.2.4173.222.162.32
            Jan 10, 2025 05:50:21.257355928 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:21.257392883 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:21.257443905 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:21.257643938 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:21.257657051 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:21.903888941 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:21.904247999 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:21.904267073 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:21.905901909 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:21.905971050 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:21.907152891 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:21.907243967 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:21.951397896 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:21.951406956 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:21.998282909 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:22.974857092 CET4974080192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:22.975274086 CET4974180192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:22.979763031 CET8049740194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:22.979918003 CET4974080192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:22.980243921 CET8049741194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:22.980308056 CET4974180192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:22.988128901 CET4974080192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:22.993029118 CET8049740194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:23.645169020 CET8049740194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:23.686440945 CET4974080192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:23.789218903 CET4974080192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:23.794405937 CET8049740194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:23.990325928 CET8049740194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:24.036989927 CET4974080192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:31.798320055 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:31.798491001 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:31.798638105 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:32.819936037 CET4972380192.168.2.4199.232.210.172
            Jan 10, 2025 05:50:32.825088978 CET8049723199.232.210.172192.168.2.4
            Jan 10, 2025 05:50:32.825151920 CET4972380192.168.2.4199.232.210.172
            Jan 10, 2025 05:50:33.545200109 CET8049741194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:33.545269012 CET8049741194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:33.551332951 CET4974180192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:33.750854015 CET49738443192.168.2.4142.250.185.228
            Jan 10, 2025 05:50:33.750883102 CET44349738142.250.185.228192.168.2.4
            Jan 10, 2025 05:50:33.984862089 CET8049740194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:33.991383076 CET4974080192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:34.724283934 CET6016353192.168.2.41.1.1.1
            Jan 10, 2025 05:50:34.729283094 CET53601631.1.1.1192.168.2.4
            Jan 10, 2025 05:50:34.729365110 CET6016353192.168.2.41.1.1.1
            Jan 10, 2025 05:50:34.734229088 CET53601631.1.1.1192.168.2.4
            Jan 10, 2025 05:50:35.176507950 CET6016353192.168.2.41.1.1.1
            Jan 10, 2025 05:50:35.181664944 CET53601631.1.1.1192.168.2.4
            Jan 10, 2025 05:50:35.181725979 CET6016353192.168.2.41.1.1.1
            Jan 10, 2025 05:50:35.530811071 CET4974080192.168.2.4194.182.165.210
            Jan 10, 2025 05:50:35.535804033 CET8049740194.182.165.210192.168.2.4
            Jan 10, 2025 05:50:36.177886963 CET5368353192.168.2.41.1.1.1
            Jan 10, 2025 05:50:36.182823896 CET53536831.1.1.1192.168.2.4
            Jan 10, 2025 05:50:36.182924032 CET5368353192.168.2.41.1.1.1
            Jan 10, 2025 05:50:36.187892914 CET53536831.1.1.1192.168.2.4
            Jan 10, 2025 05:50:36.650402069 CET5368353192.168.2.41.1.1.1
            Jan 10, 2025 05:50:36.655628920 CET53536831.1.1.1192.168.2.4
            Jan 10, 2025 05:50:36.655693054 CET5368353192.168.2.41.1.1.1
            Jan 10, 2025 05:51:18.560806036 CET4974180192.168.2.4194.182.165.210
            Jan 10, 2025 05:51:18.565685034 CET8049741194.182.165.210192.168.2.4
            Jan 10, 2025 05:51:20.092120886 CET4972480192.168.2.4199.232.210.172
            Jan 10, 2025 05:51:20.097245932 CET8049724199.232.210.172192.168.2.4
            Jan 10, 2025 05:51:20.097328901 CET4972480192.168.2.4199.232.210.172
            Jan 10, 2025 05:51:21.312486887 CET53768443192.168.2.4142.250.185.228
            Jan 10, 2025 05:51:21.312522888 CET44353768142.250.185.228192.168.2.4
            Jan 10, 2025 05:51:21.312592030 CET53768443192.168.2.4142.250.185.228
            Jan 10, 2025 05:51:21.312884092 CET53768443192.168.2.4142.250.185.228
            Jan 10, 2025 05:51:21.312895060 CET44353768142.250.185.228192.168.2.4
            Jan 10, 2025 05:51:21.941869020 CET44353768142.250.185.228192.168.2.4
            Jan 10, 2025 05:51:21.942734957 CET53768443192.168.2.4142.250.185.228
            Jan 10, 2025 05:51:21.942754984 CET44353768142.250.185.228192.168.2.4
            Jan 10, 2025 05:51:21.943008900 CET44353768142.250.185.228192.168.2.4
            Jan 10, 2025 05:51:21.943279028 CET53768443192.168.2.4142.250.185.228
            Jan 10, 2025 05:51:21.943345070 CET44353768142.250.185.228192.168.2.4
            Jan 10, 2025 05:51:21.998387098 CET53768443192.168.2.4142.250.185.228
            Jan 10, 2025 05:51:23.750021935 CET4974180192.168.2.4194.182.165.210
            Jan 10, 2025 05:51:23.750021935 CET4974180192.168.2.4194.182.165.210
            Jan 10, 2025 05:51:23.754904985 CET8049741194.182.165.210192.168.2.4
            Jan 10, 2025 05:51:23.754985094 CET4974180192.168.2.4194.182.165.210
            Jan 10, 2025 05:51:31.854089022 CET44353768142.250.185.228192.168.2.4
            Jan 10, 2025 05:51:31.854235888 CET44353768142.250.185.228192.168.2.4
            Jan 10, 2025 05:51:31.854281902 CET53768443192.168.2.4142.250.185.228
            Jan 10, 2025 05:51:33.750835896 CET53768443192.168.2.4142.250.185.228
            Jan 10, 2025 05:51:33.750854969 CET44353768142.250.185.228192.168.2.4
            TimestampSource PortDest PortSource IPDest IP
            Jan 10, 2025 05:50:17.476666927 CET53577201.1.1.1192.168.2.4
            Jan 10, 2025 05:50:17.506602049 CET53521631.1.1.1192.168.2.4
            Jan 10, 2025 05:50:18.570919037 CET53606031.1.1.1192.168.2.4
            Jan 10, 2025 05:50:21.249327898 CET5061753192.168.2.41.1.1.1
            Jan 10, 2025 05:50:21.249701023 CET6009753192.168.2.41.1.1.1
            Jan 10, 2025 05:50:21.256270885 CET53506171.1.1.1192.168.2.4
            Jan 10, 2025 05:50:21.256318092 CET53600971.1.1.1192.168.2.4
            Jan 10, 2025 05:50:22.959875107 CET5213053192.168.2.41.1.1.1
            Jan 10, 2025 05:50:22.960114956 CET6494053192.168.2.41.1.1.1
            Jan 10, 2025 05:50:22.967401028 CET53521301.1.1.1192.168.2.4
            Jan 10, 2025 05:50:22.973902941 CET53649401.1.1.1192.168.2.4
            Jan 10, 2025 05:50:31.660094023 CET138138192.168.2.4192.168.2.255
            Jan 10, 2025 05:50:34.723696947 CET53558421.1.1.1192.168.2.4
            Jan 10, 2025 05:50:35.538155079 CET53600971.1.1.1192.168.2.4
            Jan 10, 2025 05:50:36.177509069 CET53518281.1.1.1192.168.2.4
            Jan 10, 2025 05:50:54.413289070 CET53493451.1.1.1192.168.2.4
            Jan 10, 2025 05:51:16.821568966 CET53498251.1.1.1192.168.2.4
            Jan 10, 2025 05:51:17.319665909 CET53531761.1.1.1192.168.2.4
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jan 10, 2025 05:50:21.249327898 CET192.168.2.41.1.1.10x35d3Standard query (0)www.google.comA (IP address)IN (0x0001)false
            Jan 10, 2025 05:50:21.249701023 CET192.168.2.41.1.1.10xed7aStandard query (0)www.google.com65IN (0x0001)false
            Jan 10, 2025 05:50:22.959875107 CET192.168.2.41.1.1.10xae0eStandard query (0)sos-ch-dk-2.exo.ioA (IP address)IN (0x0001)false
            Jan 10, 2025 05:50:22.960114956 CET192.168.2.41.1.1.10x9470Standard query (0)sos-ch-dk-2.exo.io65IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jan 10, 2025 05:50:21.256270885 CET1.1.1.1192.168.2.40x35d3No error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
            Jan 10, 2025 05:50:21.256318092 CET1.1.1.1192.168.2.40xed7aNo error (0)www.google.com65IN (0x0001)false
            Jan 10, 2025 05:50:22.967401028 CET1.1.1.1192.168.2.40xae0eNo error (0)sos-ch-dk-2.exo.iolb-ch-dk-2.exo.ioCNAME (Canonical name)IN (0x0001)false
            Jan 10, 2025 05:50:22.967401028 CET1.1.1.1192.168.2.40xae0eNo error (0)lb-ch-dk-2.exo.io194.182.165.210A (IP address)IN (0x0001)false
            Jan 10, 2025 05:50:22.973902941 CET1.1.1.1192.168.2.40x9470No error (0)sos-ch-dk-2.exo.iolb-ch-dk-2.exo.ioCNAME (Canonical name)IN (0x0001)false
            • sos-ch-dk-2.exo.io
            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449740194.182.165.210802056C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Jan 10, 2025 05:50:22.988128901 CET433OUTGET / HTTP/1.1
            Host: sos-ch-dk-2.exo.io
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Jan 10, 2025 05:50:23.645169020 CET435INHTTP/1.1 403 Forbidden
            x-amz-request-id: e74b3bdd-8fa3-4d8b-84aa-91eb53d4cfec
            x-amzn-request-id: e74b3bdd-8fa3-4d8b-84aa-91eb53d4cfec
            x-amz-id-2: e74b3bdd-8fa3-4d8b-84aa-91eb53d4cfec
            content-length: 110
            content-type: application/xml
            server: Aleph/0.6.0
            date: Fri, 10 Jan 2025 04:50:22 GMT
            host: sos-ch-dk-2.exo.io
            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e
            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
            Jan 10, 2025 05:50:23.789218903 CET380OUTGET /favicon.ico HTTP/1.1
            Host: sos-ch-dk-2.exo.io
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Referer: http://sos-ch-dk-2.exo.io/
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Jan 10, 2025 05:50:23.990325928 CET494INHTTP/1.1 404 Not Found
            x-amz-request-id: d21ae68d-990f-404e-8f0b-76a6e9958b2e
            x-amzn-request-id: d21ae68d-990f-404e-8f0b-76a6e9958b2e
            x-amz-id-2: d21ae68d-990f-404e-8f0b-76a6e9958b2e
            content-length: 169
            content-type: application/xml
            server: Aleph/0.6.0
            date: Fri, 10 Jan 2025 04:50:23 GMT
            host: sos-ch-dk-2.exo.io
            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 42 75 63 6b 65 74 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 62 75 63 6b 65 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 2f 45 72 72 6f 72 3e
            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist.</Message><BucketName>favicon.ico</BucketName></Error>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449741194.182.165.210802056C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Jan 10, 2025 05:50:33.545200109 CET233INHTTP/1.1 408 Request Time-out
            Content-length: 110
            Cache-Control: no-cache
            Connection: close
            Content-Type: text/html
            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
            Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>
            Jan 10, 2025 05:51:18.560806036 CET6OUTData Raw: 00
            Data Ascii:


            020406080s020406080100

            Click to jump to process

            020406080s0.0020406080100MB

            Click to jump to process

            Target ID:0
            Start time:23:50:13
            Start date:09/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:1
            Start time:23:50:15
            Start date:09/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1984,i,16115299869638035160,16612179982992934644,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:3
            Start time:23:50:21
            Start date:09/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sos-ch-dk-2.exo.io"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

            No disassembly