Edit tour

Windows Analysis Report
http://aktifkaan-paylaterss4.resmi-ak3.xyz/

Overview

General Information

Sample URL:http://aktifkaan-paylaterss4.resmi-ak3.xyz/
Analysis ID:1637971
Infos:
Errors
  • URL not reachable

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Performs DNS queries to domains with low reputation

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 3036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,7968972125858442703,7151089821387546046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2148 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 3192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aktifkaan-paylaterss4.resmi-ak3.xyz/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://aktifkaan-paylaterss4.resmi-ak3.xyz/Avira URL Cloud: detection malicious, Label: phishing

Networking

barindex
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: global trafficDNS traffic detected: DNS query: google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal52.troj.win@20/0@18/2
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,7968972125858442703,7151089821387546046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2148 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aktifkaan-paylaterss4.resmi-ak3.xyz/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,7968972125858442703,7151089821387546046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2148 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1637971 URL: http://aktifkaan-paylaterss... Startdate: 14/03/2025 Architecture: WINDOWS Score: 52 15 aktifkaan-paylaterss4.resmi-ak3.xyz 2->15 26 Antivirus / Scanner detection for submitted sample 2->26 7 chrome.exe 2->7         started        10 chrome.exe 2->10         started        signatures3 28 Performs DNS queries to domains with low reputation 15->28 process4 dnsIp5 17 192.168.2.4, 443, 49708, 49726 unknown unknown 7->17 12 chrome.exe 7->12         started        process6 dnsIp7 19 aktifkaan-paylaterss4.resmi-ak3.xyz 12->19 22 www.google.com 172.217.16.196, 443, 49726, 49727 GOOGLEUS United States 12->22 24 google.com 12->24 signatures8 30 Performs DNS queries to domains with low reputation 19->30

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://aktifkaan-paylaterss4.resmi-ak3.xyz/100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
172.217.16.142
truefalse
    high
    www.google.com
    172.217.16.196
    truefalse
      high
      aktifkaan-paylaterss4.resmi-ak3.xyz
      unknown
      unknownfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        172.217.16.196
        www.google.comUnited States
        15169GOOGLEUSfalse
        IP
        192.168.2.4
        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1637971
        Start date and time:2025-03-14 01:43:00 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 4s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:http://aktifkaan-paylaterss4.resmi-ak3.xyz/
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:18
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal52.troj.win@20/0@18/2
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • URL browsing timeout or error
        • URL not reachable
        • Exclude process from analysis (whitelisted): audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.250.185.238, 142.250.184.227, 142.250.186.174, 64.233.167.84, 199.232.214.172, 2.23.77.188
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtOpenFile calls found.
        • VT rate limit hit for: http://aktifkaan-paylaterss4.resmi-ak3.xyz/
        No simulations
        No context
        No context
        No context
        No context
        No context
        No created / dropped files found
        No static file info

        Download Network PCAP: filteredfull

        • Total Packets: 89
        • 443 (HTTPS)
        • 80 (HTTP)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Mar 14, 2025 01:44:00.105525970 CET49671443192.168.2.4204.79.197.203
        Mar 14, 2025 01:44:00.417803049 CET49671443192.168.2.4204.79.197.203
        Mar 14, 2025 01:44:01.042826891 CET49671443192.168.2.4204.79.197.203
        Mar 14, 2025 01:44:02.245987892 CET49671443192.168.2.4204.79.197.203
        Mar 14, 2025 01:44:04.745112896 CET49671443192.168.2.4204.79.197.203
        Mar 14, 2025 01:44:07.833293915 CET49726443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:07.833329916 CET44349726172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:07.833414078 CET49726443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:07.833827972 CET49726443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:07.833842039 CET44349726172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:08.034019947 CET44349726172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:08.034634113 CET49727443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:08.034684896 CET44349727172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:08.034826040 CET49727443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:08.035161018 CET49727443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:08.035175085 CET44349727172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:08.233829021 CET44349727172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:08.871241093 CET49678443192.168.2.420.189.173.27
        Mar 14, 2025 01:44:09.183339119 CET49678443192.168.2.420.189.173.27
        Mar 14, 2025 01:44:09.558353901 CET49671443192.168.2.4204.79.197.203
        Mar 14, 2025 01:44:09.800102949 CET49678443192.168.2.420.189.173.27
        Mar 14, 2025 01:44:10.047632933 CET49730443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.047673941 CET4434973023.60.203.209192.168.2.4
        Mar 14, 2025 01:44:10.047755003 CET49730443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.052700043 CET49730443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.052716017 CET4434973023.60.203.209192.168.2.4
        Mar 14, 2025 01:44:10.053257942 CET4434973023.60.203.209192.168.2.4
        Mar 14, 2025 01:44:10.054363012 CET49731443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.054420948 CET4434973123.60.203.209192.168.2.4
        Mar 14, 2025 01:44:10.054538965 CET49731443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.055054903 CET49731443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.055068970 CET4434973123.60.203.209192.168.2.4
        Mar 14, 2025 01:44:10.055406094 CET4434973123.60.203.209192.168.2.4
        Mar 14, 2025 01:44:10.056113958 CET49732443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.056163073 CET4434973223.60.203.209192.168.2.4
        Mar 14, 2025 01:44:10.056233883 CET49732443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.056909084 CET49732443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:10.056941986 CET4434973223.60.203.209192.168.2.4
        Mar 14, 2025 01:44:10.056998014 CET49732443192.168.2.423.60.203.209
        Mar 14, 2025 01:44:11.012296915 CET49678443192.168.2.420.189.173.27
        Mar 14, 2025 01:44:13.093404055 CET49738443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:13.093453884 CET44349738172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:13.093533039 CET49738443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:13.093996048 CET49738443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:13.094007015 CET44349738172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:13.293801069 CET44349738172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:13.294559956 CET49739443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:13.294625998 CET44349739172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:13.294698954 CET49739443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:13.295291901 CET49739443192.168.2.4172.217.16.196
        Mar 14, 2025 01:44:13.295310020 CET44349739172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:13.417923927 CET49678443192.168.2.420.189.173.27
        Mar 14, 2025 01:44:13.493278980 CET44349739172.217.16.196192.168.2.4
        Mar 14, 2025 01:44:14.041537046 CET49708443192.168.2.452.113.196.254
        Mar 14, 2025 01:44:14.046334982 CET4434970852.113.196.254192.168.2.4
        Mar 14, 2025 01:44:14.151822090 CET4434970852.113.196.254192.168.2.4
        Mar 14, 2025 01:44:14.151860952 CET4434970852.113.196.254192.168.2.4
        Mar 14, 2025 01:44:14.151880026 CET4434970852.113.196.254192.168.2.4
        Mar 14, 2025 01:44:14.151896000 CET4434970852.113.196.254192.168.2.4
        Mar 14, 2025 01:44:14.151906013 CET49708443192.168.2.452.113.196.254
        Mar 14, 2025 01:44:14.151921988 CET4434970852.113.196.254192.168.2.4
        Mar 14, 2025 01:44:14.151937008 CET4434970852.113.196.254192.168.2.4
        Mar 14, 2025 01:44:14.151941061 CET49708443192.168.2.452.113.196.254
        Mar 14, 2025 01:44:14.151971102 CET49708443192.168.2.452.113.196.254
        Mar 14, 2025 01:44:14.151999950 CET49708443192.168.2.452.113.196.254
        Mar 14, 2025 01:44:14.650899887 CET4968180192.168.2.42.17.190.73
        Mar 14, 2025 01:44:14.949078083 CET4968180192.168.2.42.17.190.73
        Mar 14, 2025 01:44:15.558478117 CET4968180192.168.2.42.17.190.73
        Mar 14, 2025 01:44:16.135292053 CET49742443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.135339022 CET44349742172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.135509014 CET49742443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.136501074 CET49742443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.136512995 CET44349742172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.137150049 CET44349742172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.160962105 CET49743443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.160995960 CET44349743172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.161181927 CET49743443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.161464930 CET49743443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.161479950 CET44349743172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.161931992 CET44349743172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.226365089 CET49744443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.226399899 CET44349744172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.226542950 CET49744443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.226876020 CET49744443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.226890087 CET44349744172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.227440119 CET44349744172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.242511988 CET49745443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.242558956 CET44349745172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.242707968 CET49745443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.243132114 CET49745443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.243149996 CET44349745172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.243562937 CET44349745172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.285094976 CET49746443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.285136938 CET44349746172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.285310984 CET49746443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.285566092 CET49746443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.285581112 CET44349746172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.286032915 CET44349746172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.301260948 CET49747443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.301290035 CET44349747172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.301433086 CET49747443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.302407980 CET49747443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.302422047 CET44349747172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.303131104 CET44349747172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.320228100 CET49748443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.320241928 CET44349748172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.320419073 CET49748443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.320828915 CET49748443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.320842028 CET44349748172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.321258068 CET44349748172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.337901115 CET49749443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.337920904 CET44349749172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.338063955 CET49749443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.338251114 CET49749443192.168.2.4172.202.163.200
        Mar 14, 2025 01:44:16.338263988 CET44349749172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.338658094 CET44349749172.202.163.200192.168.2.4
        Mar 14, 2025 01:44:16.761198997 CET4968180192.168.2.42.17.190.73
        Mar 14, 2025 01:44:18.229958057 CET49678443192.168.2.420.189.173.27
        Mar 14, 2025 01:44:19.167571068 CET49671443192.168.2.4204.79.197.203
        Mar 14, 2025 01:44:19.167571068 CET4968180192.168.2.42.17.190.73
        Mar 14, 2025 01:44:23.971784115 CET4968180192.168.2.42.17.190.73
        Mar 14, 2025 01:44:27.837302923 CET49678443192.168.2.420.189.173.27
        TimestampSource PortDest PortSource IPDest IP
        Mar 14, 2025 01:44:03.727555037 CET53557711.1.1.1192.168.2.4
        Mar 14, 2025 01:44:03.819746971 CET53601671.1.1.1192.168.2.4
        Mar 14, 2025 01:44:07.825443983 CET5155953192.168.2.41.1.1.1
        Mar 14, 2025 01:44:07.825612068 CET5766253192.168.2.41.1.1.1
        Mar 14, 2025 01:44:07.832190990 CET53515591.1.1.1192.168.2.4
        Mar 14, 2025 01:44:07.832206964 CET53576621.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.677063942 CET5484253192.168.2.41.1.1.1
        Mar 14, 2025 01:44:09.677265882 CET5846553192.168.2.41.1.1.1
        Mar 14, 2025 01:44:09.687449932 CET53584651.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.687730074 CET53548421.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.698086023 CET5351453192.168.2.41.1.1.1
        Mar 14, 2025 01:44:09.707093954 CET53535141.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.716629982 CET6326653192.168.2.41.1.1.1
        Mar 14, 2025 01:44:09.717081070 CET5788253192.168.2.41.1.1.1
        Mar 14, 2025 01:44:09.725605011 CET53632661.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.727322102 CET53578821.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.773828030 CET5375553192.168.2.41.1.1.1
        Mar 14, 2025 01:44:09.774266958 CET5047953192.168.2.41.1.1.1
        Mar 14, 2025 01:44:09.783699989 CET53504791.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.783979893 CET53537551.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.873811007 CET5808553192.168.2.48.8.8.8
        Mar 14, 2025 01:44:09.874221087 CET6455953192.168.2.41.1.1.1
        Mar 14, 2025 01:44:09.881217003 CET53645591.1.1.1192.168.2.4
        Mar 14, 2025 01:44:09.888669968 CET53580858.8.8.8192.168.2.4
        Mar 14, 2025 01:44:10.895066977 CET6145053192.168.2.41.1.1.1
        Mar 14, 2025 01:44:10.895510912 CET6535953192.168.2.41.1.1.1
        Mar 14, 2025 01:44:10.902719021 CET53653591.1.1.1192.168.2.4
        Mar 14, 2025 01:44:10.903892040 CET53614501.1.1.1192.168.2.4
        Mar 14, 2025 01:44:10.942163944 CET6482053192.168.2.41.1.1.1
        Mar 14, 2025 01:44:10.942589998 CET5399753192.168.2.41.1.1.1
        Mar 14, 2025 01:44:10.951283932 CET53539971.1.1.1192.168.2.4
        Mar 14, 2025 01:44:10.951297998 CET53648201.1.1.1192.168.2.4
        Mar 14, 2025 01:44:15.978228092 CET5234653192.168.2.41.1.1.1
        Mar 14, 2025 01:44:15.978498936 CET5492153192.168.2.41.1.1.1
        Mar 14, 2025 01:44:15.987426996 CET53549211.1.1.1192.168.2.4
        Mar 14, 2025 01:44:15.988115072 CET53523461.1.1.1192.168.2.4
        Mar 14, 2025 01:44:15.992808104 CET5066553192.168.2.41.1.1.1
        Mar 14, 2025 01:44:16.002149105 CET53506651.1.1.1192.168.2.4
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Mar 14, 2025 01:44:07.825443983 CET192.168.2.41.1.1.10x62b6Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:07.825612068 CET192.168.2.41.1.1.10x49b2Standard query (0)www.google.com65IN (0x0001)false
        Mar 14, 2025 01:44:09.677063942 CET192.168.2.41.1.1.10xa3e1Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyzA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.677265882 CET192.168.2.41.1.1.10xf1bdStandard query (0)aktifkaan-paylaterss4.resmi-ak3.xyz65IN (0x0001)false
        Mar 14, 2025 01:44:09.698086023 CET192.168.2.41.1.1.10x1fe4Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyzA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.716629982 CET192.168.2.41.1.1.10xa830Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyzA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.717081070 CET192.168.2.41.1.1.10x7bf8Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyz65IN (0x0001)false
        Mar 14, 2025 01:44:09.773828030 CET192.168.2.41.1.1.10x4201Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyzA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.774266958 CET192.168.2.41.1.1.10x797cStandard query (0)aktifkaan-paylaterss4.resmi-ak3.xyz65IN (0x0001)false
        Mar 14, 2025 01:44:09.873811007 CET192.168.2.48.8.8.80xb0d5Standard query (0)google.comA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.874221087 CET192.168.2.41.1.1.10x6ae2Standard query (0)google.comA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:10.895066977 CET192.168.2.41.1.1.10x994cStandard query (0)aktifkaan-paylaterss4.resmi-ak3.xyzA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:10.895510912 CET192.168.2.41.1.1.10x9e73Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyz65IN (0x0001)false
        Mar 14, 2025 01:44:10.942163944 CET192.168.2.41.1.1.10x9d4cStandard query (0)aktifkaan-paylaterss4.resmi-ak3.xyzA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:10.942589998 CET192.168.2.41.1.1.10x25ceStandard query (0)aktifkaan-paylaterss4.resmi-ak3.xyz65IN (0x0001)false
        Mar 14, 2025 01:44:15.978228092 CET192.168.2.41.1.1.10x9443Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyzA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:15.978498936 CET192.168.2.41.1.1.10xe245Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyz65IN (0x0001)false
        Mar 14, 2025 01:44:15.992808104 CET192.168.2.41.1.1.10xbde0Standard query (0)aktifkaan-paylaterss4.resmi-ak3.xyzA (IP address)IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Mar 14, 2025 01:44:07.832190990 CET1.1.1.1192.168.2.40x62b6No error (0)www.google.com172.217.16.196A (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:07.832206964 CET1.1.1.1192.168.2.40x49b2No error (0)www.google.com65IN (0x0001)false
        Mar 14, 2025 01:44:09.687449932 CET1.1.1.1192.168.2.40xf1bdName error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenone65IN (0x0001)false
        Mar 14, 2025 01:44:09.687730074 CET1.1.1.1192.168.2.40xa3e1Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenoneA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.707093954 CET1.1.1.1192.168.2.40x1fe4Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenoneA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.725605011 CET1.1.1.1192.168.2.40xa830Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenoneA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.727322102 CET1.1.1.1192.168.2.40x7bf8Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenone65IN (0x0001)false
        Mar 14, 2025 01:44:09.783699989 CET1.1.1.1192.168.2.40x797cName error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenone65IN (0x0001)false
        Mar 14, 2025 01:44:09.783979893 CET1.1.1.1192.168.2.40x4201Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenoneA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.881217003 CET1.1.1.1192.168.2.40x6ae2No error (0)google.com172.217.16.142A (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:09.888669968 CET8.8.8.8192.168.2.40xb0d5No error (0)google.com142.251.36.78A (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:10.902719021 CET1.1.1.1192.168.2.40x9e73Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenone65IN (0x0001)false
        Mar 14, 2025 01:44:10.903892040 CET1.1.1.1192.168.2.40x994cName error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenoneA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:10.951283932 CET1.1.1.1192.168.2.40x25ceName error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenone65IN (0x0001)false
        Mar 14, 2025 01:44:10.951297998 CET1.1.1.1192.168.2.40x9d4cName error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenoneA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:15.987426996 CET1.1.1.1192.168.2.40xe245Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenone65IN (0x0001)false
        Mar 14, 2025 01:44:15.988115072 CET1.1.1.1192.168.2.40x9443Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenoneA (IP address)IN (0x0001)false
        Mar 14, 2025 01:44:16.002149105 CET1.1.1.1192.168.2.40xbde0Name error (3)aktifkaan-paylaterss4.resmi-ak3.xyznonenoneA (IP address)IN (0x0001)false
        0510152025s020406080100

        Click to jump to process

        0510152025s0.0050100MB

        Click to jump to process

        Target ID:1
        Start time:20:43:57
        Start date:13/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff786830000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:2
        Start time:20:44:02
        Start date:13/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,7968972125858442703,7151089821387546046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2148 /prefetch:3
        Imagebase:0x7ff786830000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:9
        Start time:20:44:08
        Start date:13/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aktifkaan-paylaterss4.resmi-ak3.xyz/"
        Imagebase:0x7ff786830000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        No disassembly