Edit tour

Windows Analysis Report
http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/

Overview

General Information

Sample URL:	http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/
Analysis ID:	1637961
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1180673031274230005,6436712644403840046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/

Avira URL Cloud: detection malicious, Label: phishing

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.163
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: svt-aletaharropact6825.pages.dev
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5972_1131717926

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5972_1131717926

Jump to behavior

Source: classification engine

Classification label: mal48.win@29/0@20/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1180673031274230005,6436712644403840046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1180673031274230005,6436712644403840046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
svt-aletaharropact6825.pages.dev	188.114.96.3	true	false	unknown
beacons-handoff.gcp.gvt2.com	142.251.143.35	true	false	high
www.google.com	142.250.186.100	true	false	high
beacons.gvt2.com	142.250.180.99	true	false	high
beacons6.gvt2.com	142.250.185.227	true	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.96.3	svt-aletaharropact6825.pages.dev	European Union		13335	CLOUDFLARENETUS	false
142.250.186.100	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6
192.168.2.23
192.168.2.14

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637961
Start date and time:	2025-03-14 01:36:56 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@29/0@20/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.238, 142.250.185.67, 142.250.185.206, 108.177.15.84, 2.19.11.178, 216.58.206.67, 142.250.186.131, 142.251.173.84
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 203
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:37:48.500929117 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:37:48.807960033 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:37:49.417352915 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:37:50.620505095 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:37:53.027466059 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:37:54.286530972 CET	49705	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:37:54.286582947 CET	443	49705	142.250.186.100	192.168.2.6
Mar 14, 2025 01:37:54.286674976 CET	49705	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:37:54.287029028 CET	49705	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:37:54.287039995 CET	443	49705	142.250.186.100	192.168.2.6
Mar 14, 2025 01:37:54.485821962 CET	443	49705	142.250.186.100	192.168.2.6
Mar 14, 2025 01:37:54.486531973 CET	49706	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:37:54.486566067 CET	443	49706	142.250.186.100	192.168.2.6
Mar 14, 2025 01:37:54.486664057 CET	49706	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:37:54.487054110 CET	49706	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:37:54.487067938 CET	443	49706	142.250.186.100	192.168.2.6
Mar 14, 2025 01:37:54.685852051 CET	443	49706	142.250.186.100	192.168.2.6
Mar 14, 2025 01:37:55.949311972 CET	49709	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.949366093 CET	443	49709	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:55.949418068 CET	49709	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.949796915 CET	49709	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.949814081 CET	443	49709	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:55.951766968 CET	49710	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.951803923 CET	443	49710	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:55.951854944 CET	49710	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.951921940 CET	49711	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.951950073 CET	443	49711	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:55.951996088 CET	49711	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.952529907 CET	49710	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.952552080 CET	443	49710	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:55.952893972 CET	49711	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:55.952904940 CET	443	49711	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:55.999174118 CET	49712	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:55.999197006 CET	443	49712	23.199.214.10	192.168.2.6
Mar 14, 2025 01:37:55.999244928 CET	49712	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.005079031 CET	49712	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.005090952 CET	443	49712	23.199.214.10	192.168.2.6
Mar 14, 2025 01:37:56.005754948 CET	443	49712	23.199.214.10	192.168.2.6
Mar 14, 2025 01:37:56.006597042 CET	49713	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.006625891 CET	443	49713	23.199.214.10	192.168.2.6
Mar 14, 2025 01:37:56.006680012 CET	49713	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.007149935 CET	49713	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.007162094 CET	443	49713	23.199.214.10	192.168.2.6
Mar 14, 2025 01:37:56.007525921 CET	443	49713	23.199.214.10	192.168.2.6
Mar 14, 2025 01:37:56.007827997 CET	49714	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.007865906 CET	443	49714	23.199.214.10	192.168.2.6
Mar 14, 2025 01:37:56.007947922 CET	49714	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.008631945 CET	49714	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.008655071 CET	443	49714	23.199.214.10	192.168.2.6
Mar 14, 2025 01:37:56.008698940 CET	49714	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:37:56.149382114 CET	443	49709	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.149986982 CET	49715	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.150052071 CET	443	49715	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.150113106 CET	49715	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.150485039 CET	49715	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.150504112 CET	443	49715	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.153315067 CET	443	49711	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.153562069 CET	443	49710	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.153975010 CET	49716	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.154009104 CET	443	49716	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.154062986 CET	49716	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.154470921 CET	49716	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.154484034 CET	443	49716	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.154884100 CET	49717	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.154917002 CET	443	49717	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.154967070 CET	49717	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.155495882 CET	49717	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:56.155517101 CET	443	49717	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.349325895 CET	443	49715	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.353112936 CET	443	49716	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:56.353136063 CET	443	49717	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.074426889 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:37:57.385020971 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:37:57.397382975 CET	49720	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.397413969 CET	443	49720	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.397475958 CET	49720	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.397694111 CET	49721	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.397735119 CET	443	49721	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.397774935 CET	49721	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.398320913 CET	49720	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.398334026 CET	443	49720	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.398893118 CET	49721	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.398905039 CET	443	49721	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.597120047 CET	443	49721	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.597630024 CET	443	49720	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.617280960 CET	49723	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.617333889 CET	443	49723	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.617384911 CET	49724	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.617403030 CET	49723	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.617422104 CET	443	49724	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.617475986 CET	49724	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.617969990 CET	49723	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.617993116 CET	443	49723	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.618197918 CET	49724	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:37:57.618216991 CET	443	49724	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.817100048 CET	443	49723	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.817111969 CET	443	49724	188.114.96.3	192.168.2.6
Mar 14, 2025 01:37:57.833014011 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:37:57.986933947 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:37:59.190253019 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:38:01.590162992 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:38:02.834139109 CET	49725	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:02.834199905 CET	443	49725	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:02.834270000 CET	49725	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:02.834363937 CET	49726	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:02.834429026 CET	443	49726	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:02.835148096 CET	49725	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:02.835163116 CET	443	49725	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:02.835177898 CET	49726	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:02.835483074 CET	49726	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:02.835494041 CET	443	49726	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.033133984 CET	443	49726	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.033618927 CET	443	49725	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.033782959 CET	49727	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.033822060 CET	443	49727	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.033932924 CET	49727	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.034044981 CET	49728	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.034070969 CET	443	49728	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.034116030 CET	49728	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.036333084 CET	49727	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.036351919 CET	443	49727	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.036657095 CET	49728	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.036668062 CET	443	49728	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.237890005 CET	443	49727	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.238127947 CET	443	49728	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.825499058 CET	49729	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.825556993 CET	443	49729	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.825634956 CET	49729	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.825727940 CET	49730	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.825779915 CET	443	49730	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.825835943 CET	49730	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.828891039 CET	49729	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.828910112 CET	443	49729	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:03.829883099 CET	49730	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:03.829899073 CET	443	49730	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:04.029150963 CET	443	49730	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:04.029817104 CET	49732	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:04.029822111 CET	443	49729	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:04.029867887 CET	443	49732	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:04.029942036 CET	49732	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:04.030328035 CET	49733	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:04.030349016 CET	443	49733	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:04.030419111 CET	49733	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:04.030719042 CET	49732	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:04.030738115 CET	443	49732	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:04.030993938 CET	49733	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:04.031002045 CET	443	49733	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:04.229418993 CET	443	49733	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:04.229654074 CET	443	49732	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:05.681966066 CET	49736	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.682017088 CET	443	49736	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.682116985 CET	49736	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.683213949 CET	49736	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.683227062 CET	443	49736	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.683815956 CET	443	49736	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.698793888 CET	49738	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.698832989 CET	443	49738	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.698899031 CET	49738	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.699220896 CET	49738	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.699235916 CET	443	49738	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.699794054 CET	443	49738	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.732253075 CET	49739	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.732301950 CET	443	49739	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.732382059 CET	49739	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.732726097 CET	49739	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.732738018 CET	443	49739	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.733362913 CET	443	49739	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.745686054 CET	49740	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.745745897 CET	443	49740	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.745826960 CET	49740	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.746138096 CET	49740	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.746151924 CET	443	49740	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.746620893 CET	443	49740	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.805296898 CET	49741	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.805350065 CET	443	49741	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.805423975 CET	49741	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.805731058 CET	49741	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.805751085 CET	443	49741	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.806288004 CET	443	49741	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.829371929 CET	49742	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.829421043 CET	443	49742	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.829488039 CET	49742	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.830432892 CET	49742	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.830457926 CET	443	49742	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.831046104 CET	443	49742	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.860493898 CET	49743	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.860524893 CET	443	49743	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.860599041 CET	49743	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.861066103 CET	49743	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.861073971 CET	443	49743	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.861485958 CET	443	49743	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.932795048 CET	49744	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.932848930 CET	443	49744	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.932914972 CET	49744	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.933233976 CET	49744	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:05.933255911 CET	443	49744	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:05.933892965 CET	443	49744	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:06.401823997 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:38:07.448692083 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:38:12.681906939 CET	49745	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.681952000 CET	443	49745	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.682013035 CET	49745	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.682203054 CET	49746	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.682244062 CET	443	49746	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.682295084 CET	49746	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.682610035 CET	49745	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.682630062 CET	443	49745	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.682967901 CET	49746	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.682985067 CET	443	49746	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.881014109 CET	443	49745	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.881310940 CET	443	49746	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.881676912 CET	49747	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.881724119 CET	443	49747	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.881782055 CET	49748	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.881803989 CET	49747	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.881827116 CET	443	49748	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.881880045 CET	49748	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.882097006 CET	49747	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.882112026 CET	443	49747	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:12.882304907 CET	49748	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:12.882325888 CET	443	49748	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:13.081592083 CET	443	49748	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:13.081634045 CET	443	49747	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:16.011455059 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:38:40.949117899 CET	49685	80	192.168.2.6	142.250.185.163
Mar 14, 2025 01:38:40.949170113 CET	49687	80	192.168.2.6	199.232.214.172
Mar 14, 2025 01:38:40.954018116 CET	80	49685	142.250.185.163	192.168.2.6
Mar 14, 2025 01:38:40.954098940 CET	49685	80	192.168.2.6	142.250.185.163
Mar 14, 2025 01:38:40.954345942 CET	80	49687	199.232.214.172	192.168.2.6
Mar 14, 2025 01:38:40.954394102 CET	49687	80	192.168.2.6	199.232.214.172
Mar 14, 2025 01:38:42.172758102 CET	49686	443	192.168.2.6	23.15.178.147
Mar 14, 2025 01:38:42.172969103 CET	49688	80	192.168.2.6	199.232.214.172
Mar 14, 2025 01:38:42.173003912 CET	49689	80	192.168.2.6	184.30.131.245
Mar 14, 2025 01:38:42.177223921 CET	49754	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.177246094 CET	443	49754	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.177309990 CET	49754	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.177728891 CET	49754	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.177742958 CET	443	49754	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.178414106 CET	443	49754	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.212248087 CET	49755	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.212287903 CET	443	49755	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.212346077 CET	49755	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.212730885 CET	49755	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.212754011 CET	443	49755	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.213623047 CET	443	49755	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.263139009 CET	49756	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.263171911 CET	443	49756	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.263242006 CET	49756	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.263803959 CET	49756	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.263819933 CET	443	49756	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.264513969 CET	443	49756	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.318785906 CET	49757	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.318842888 CET	443	49757	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.318909883 CET	49757	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.319278002 CET	49757	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.319295883 CET	443	49757	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.319849968 CET	443	49757	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.371192932 CET	49758	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.371217966 CET	443	49758	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.371273041 CET	49758	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.371707916 CET	49758	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.371716022 CET	443	49758	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.372179031 CET	443	49758	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.404793978 CET	49759	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.404834032 CET	443	49759	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.404896021 CET	49759	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.405169964 CET	49759	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.405188084 CET	443	49759	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.405663967 CET	443	49759	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.441509008 CET	49760	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.441530943 CET	443	49760	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.441607952 CET	49760	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.441895962 CET	49760	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.441910982 CET	443	49760	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.442352057 CET	443	49760	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.445326090 CET	49761	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.445342064 CET	443	49761	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.445395947 CET	49761	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.445683956 CET	49761	443	192.168.2.6	4.175.87.197
Mar 14, 2025 01:38:42.445689917 CET	443	49761	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:42.446060896 CET	443	49761	4.175.87.197	192.168.2.6
Mar 14, 2025 01:38:43.141483068 CET	49762	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.141570091 CET	443	49762	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.141664028 CET	49762	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.142072916 CET	49762	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.142091036 CET	443	49762	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.173290014 CET	49763	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.173322916 CET	443	49763	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.173414946 CET	49763	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.173765898 CET	49763	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.173777103 CET	443	49763	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.341087103 CET	443	49762	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.343736887 CET	49764	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.343786001 CET	443	49764	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.343902111 CET	49764	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.344228029 CET	49764	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.344247103 CET	443	49764	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.373333931 CET	443	49763	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.373826981 CET	49765	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.373850107 CET	443	49765	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.373950005 CET	49765	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.374198914 CET	49765	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:38:43.374213934 CET	443	49765	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.541578054 CET	443	49764	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:43.573740005 CET	443	49765	188.114.96.3	192.168.2.6
Mar 14, 2025 01:38:54.343929052 CET	49775	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:38:54.343950987 CET	443	49775	142.250.186.100	192.168.2.6
Mar 14, 2025 01:38:54.344018936 CET	49775	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:38:54.344429016 CET	49775	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:38:54.344440937 CET	443	49775	142.250.186.100	192.168.2.6
Mar 14, 2025 01:38:54.545819998 CET	443	49775	142.250.186.100	192.168.2.6
Mar 14, 2025 01:38:54.546406031 CET	49776	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:38:54.546430111 CET	443	49776	142.250.186.100	192.168.2.6
Mar 14, 2025 01:38:54.546494961 CET	49776	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:38:54.546802998 CET	49776	443	192.168.2.6	142.250.186.100
Mar 14, 2025 01:38:54.546818972 CET	443	49776	142.250.186.100	192.168.2.6
Mar 14, 2025 01:38:54.744869947 CET	443	49776	142.250.186.100	192.168.2.6
Mar 14, 2025 01:39:04.952735901 CET	49777	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:04.952786922 CET	443	49777	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:04.952879906 CET	49777	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:04.953063965 CET	49778	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:04.953113079 CET	443	49778	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:04.953190088 CET	49778	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:04.953566074 CET	49777	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:04.953584909 CET	443	49777	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:04.954188108 CET	49778	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:04.954200983 CET	443	49778	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:05.153193951 CET	443	49778	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:05.153316021 CET	443	49777	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:05.154700994 CET	49779	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:05.154756069 CET	443	49779	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:05.154910088 CET	49779	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:05.154957056 CET	49780	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:05.154993057 CET	443	49780	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:05.155060053 CET	49780	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:05.155271053 CET	49779	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:05.155287027 CET	443	49779	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:05.155550003 CET	49780	443	192.168.2.6	188.114.96.3
Mar 14, 2025 01:39:05.155565977 CET	443	49780	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:05.353241920 CET	443	49780	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:05.354049921 CET	443	49779	188.114.96.3	192.168.2.6
Mar 14, 2025 01:39:07.683032990 CET	443	49681	2.23.227.215	192.168.2.6
Mar 14, 2025 01:39:07.683160067 CET	443	49681	2.23.227.215	192.168.2.6
Mar 14, 2025 01:39:07.683275938 CET	49681	443	192.168.2.6	2.23.227.215
Mar 14, 2025 01:39:07.683350086 CET	49681	443	192.168.2.6	2.23.227.215

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:37:50.750044107 CET	53	54060	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:50.780436993 CET	53	53994	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:54.278559923 CET	51884	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:37:54.278723955 CET	50032	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:37:54.285520077 CET	53	50032	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:54.285679102 CET	53	51884	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:55.919270992 CET	49189	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:37:55.919567108 CET	57173	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:37:55.927818060 CET	64429	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:37:55.927973986 CET	57287	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:37:55.931467056 CET	53	49189	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:55.938282013 CET	53	57173	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:55.938957930 CET	50300	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:37:55.939104080 CET	59033	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:37:55.940339088 CET	53	64429	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:55.949487925 CET	53	50300	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:55.951345921 CET	53	59033	1.1.1.1	192.168.2.6
Mar 14, 2025 01:37:55.980536938 CET	53	57287	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:49.962161064 CET	53	50284	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:50.369780064 CET	53	61043	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:51.585109949 CET	53	57856	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:53.566098928 CET	52270	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:38:53.566337109 CET	57631	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:38:53.572649002 CET	53	52270	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:53.573019981 CET	53	57631	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:54.577394009 CET	61907	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:38:54.577543974 CET	59516	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:38:54.584064960 CET	53	59516	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:54.584357023 CET	53	61907	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:55.158920050 CET	138	138	192.168.2.6	192.168.2.255
Mar 14, 2025 01:38:56.606097937 CET	56952	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:38:56.612631083 CET	53	56952	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:57.621073961 CET	56952	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:38:57.627886057 CET	53	56952	1.1.1.1	192.168.2.6
Mar 14, 2025 01:38:58.621927023 CET	56952	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:38:58.628720999 CET	53	56952	1.1.1.1	192.168.2.6
Mar 14, 2025 01:39:00.621917009 CET	56952	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:39:00.628469944 CET	53	56952	1.1.1.1	192.168.2.6
Mar 14, 2025 01:39:04.624068975 CET	56952	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:39:04.631019115 CET	53	56952	1.1.1.1	192.168.2.6
Mar 14, 2025 01:39:09.579076052 CET	59910	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:39:09.579524040 CET	49575	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:39:09.586091042 CET	53	59910	1.1.1.1	192.168.2.6
Mar 14, 2025 01:39:09.586111069 CET	53	49575	1.1.1.1	192.168.2.6
Mar 14, 2025 01:39:10.590322971 CET	59814	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:39:10.596952915 CET	53	59814	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 14, 2025 01:37:55.980588913 CET	192.168.2.6	1.1.1.1	c28c	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 14, 2025 01:37:54.278559923 CET	192.168.2.6	1.1.1.1	0x6c6c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:54.278723955 CET	192.168.2.6	1.1.1.1	0xc595	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 14, 2025 01:37:55.919270992 CET	192.168.2.6	1.1.1.1	0x35aa	Standard query (0)	svt-aletaharropact6825.pages.dev	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.919567108 CET	192.168.2.6	1.1.1.1	0x88a6	Standard query (0)	svt-aletaharropact6825.pages.dev	65	IN (0x0001)	false
Mar 14, 2025 01:37:55.927818060 CET	192.168.2.6	1.1.1.1	0xe02e	Standard query (0)	svt-aletaharropact6825.pages.dev	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.927973986 CET	192.168.2.6	1.1.1.1	0xc95a	Standard query (0)	svt-aletaharropact6825.pages.dev	65	IN (0x0001)	false
Mar 14, 2025 01:37:55.938957930 CET	192.168.2.6	1.1.1.1	0x780	Standard query (0)	svt-aletaharropact6825.pages.dev	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.939104080 CET	192.168.2.6	1.1.1.1	0x4a4e	Standard query (0)	svt-aletaharropact6825.pages.dev	65	IN (0x0001)	false
Mar 14, 2025 01:38:53.566098928 CET	192.168.2.6	1.1.1.1	0x5fef	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:38:53.566337109 CET	192.168.2.6	1.1.1.1	0x98a2	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 01:38:54.577394009 CET	192.168.2.6	1.1.1.1	0x80ab	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:38:54.577543974 CET	192.168.2.6	1.1.1.1	0xa56	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 01:38:56.606097937 CET	192.168.2.6	1.1.1.1	0x8842	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:38:57.621073961 CET	192.168.2.6	1.1.1.1	0x8842	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:38:58.621927023 CET	192.168.2.6	1.1.1.1	0x8842	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:39:00.621917009 CET	192.168.2.6	1.1.1.1	0x8842	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:39:04.624068975 CET	192.168.2.6	1.1.1.1	0x8842	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:39:09.579076052 CET	192.168.2.6	1.1.1.1	0x37e2	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:39:09.579524040 CET	192.168.2.6	1.1.1.1	0xe2d7	Standard query (0)	beacons.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 01:39:10.590322971 CET	192.168.2.6	1.1.1.1	0xc764	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 14, 2025 01:37:54.285520077 CET	1.1.1.1	192.168.2.6	0xc595	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 14, 2025 01:37:54.285679102 CET	1.1.1.1	192.168.2.6	0x6c6c	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.931467056 CET	1.1.1.1	192.168.2.6	0x35aa	No error (0)	svt-aletaharropact6825.pages.dev		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.931467056 CET	1.1.1.1	192.168.2.6	0x35aa	No error (0)	svt-aletaharropact6825.pages.dev		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.938282013 CET	1.1.1.1	192.168.2.6	0x88a6	No error (0)	svt-aletaharropact6825.pages.dev			65	IN (0x0001)	false
Mar 14, 2025 01:37:55.940339088 CET	1.1.1.1	192.168.2.6	0xe02e	No error (0)	svt-aletaharropact6825.pages.dev		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.940339088 CET	1.1.1.1	192.168.2.6	0xe02e	No error (0)	svt-aletaharropact6825.pages.dev		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.949487925 CET	1.1.1.1	192.168.2.6	0x780	No error (0)	svt-aletaharropact6825.pages.dev		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.949487925 CET	1.1.1.1	192.168.2.6	0x780	No error (0)	svt-aletaharropact6825.pages.dev		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:37:55.951345921 CET	1.1.1.1	192.168.2.6	0x4a4e	No error (0)	svt-aletaharropact6825.pages.dev			65	IN (0x0001)	false
Mar 14, 2025 01:37:55.980536938 CET	1.1.1.1	192.168.2.6	0xc95a	No error (0)	svt-aletaharropact6825.pages.dev			65	IN (0x0001)	false
Mar 14, 2025 01:38:53.572649002 CET	1.1.1.1	192.168.2.6	0x5fef	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:38:53.572649002 CET	1.1.1.1	192.168.2.6	0x5fef	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:38:53.573019981 CET	1.1.1.1	192.168.2.6	0x98a2	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:38:54.584064960 CET	1.1.1.1	192.168.2.6	0xa56	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:38:54.584357023 CET	1.1.1.1	192.168.2.6	0x80ab	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:38:54.584357023 CET	1.1.1.1	192.168.2.6	0x80ab	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.67	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:38:56.612631083 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:38:56.612631083 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:38:57.627886057 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:38:57.627886057 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:38:58.628720999 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:38:58.628720999 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:39:00.628469944 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:39:00.628469944 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:39:04.631019115 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:39:04.631019115 CET	1.1.1.1	192.168.2.6	0x8842	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:39:09.586091042 CET	1.1.1.1	192.168.2.6	0x37e2	No error (0)	beacons.gvt2.com	beacons6.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 01:39:09.586091042 CET	1.1.1.1	192.168.2.6	0x37e2	No error (0)	beacons6.gvt2.com		142.250.185.227	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:39:10.596952915 CET	1.1.1.1	192.168.2.6	0xc764	No error (0)	beacons.gvt2.com		142.250.180.99	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5972, Parent PID: 3860

Function Logs

General

Target ID:	1
Start time:	20:37:47
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5264, Parent PID: 5972

Function Logs

General

Target ID:	2
Start time:	20:37:48
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1180673031274230005,6436712644403840046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6744, Parent PID: 3860

Function Logs

General

Target ID:	6
Start time:	20:37:55
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5972, Parent PID: 3860

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Process Created

Process Terminated

Thread Activities

Thread Terminated

Memory Activities

Windows Analysis Report
http://svt-aletaharropact6825.pages.dev/help/contact/200748660570057/