Edit tour

Windows Analysis Report
http://Alliancevvs11.ebtrk3.com

Overview

General Information

Sample URL:	http://Alliancevvs11.ebtrk3.com
Analysis ID:	1638078
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2588,i,13930551357670577704,12879664303690422559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2616 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://Alliancevvs11.ebtrk3.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://Alliancevvs11.ebtrk3.com

Avira URL Cloud: detection malicious, Label: malware

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: alliancevvs11.ebtrk3.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1844_1442490153

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1844_1442490153

Jump to behavior

Source: classification engine

Classification label: mal48.win@26/0@18/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2588,i,13930551357670577704,12879664303690422559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2616 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://Alliancevvs11.ebtrk3.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2588,i,13930551357670577704,12879664303690422559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2616 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://Alliancevvs11.ebtrk3.com	100%	Avira URL Cloud	malware

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
beacons-handoff.gcp.gvt2.com	142.251.143.67	true	false	high
www.google.com	142.250.185.100	true	false	high
beacons.gvt2.com	142.250.186.67	true	false	high
alliancevvs11.ebtrk3.com	172.67.198.217	true	false	unknown
beacons.gcp.gvt2.com	unknown	unknown	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.100	www.google.com	United States		15169	GOOGLEUS	false
104.21.92.214	unknown	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.13
192.168.2.23

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1638078
Start date and time:	2025-03-14 06:11:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://Alliancevvs11.ebtrk3.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@26/0@18/5

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.206, 172.217.16.195, 172.217.23.110, 108.177.15.84, 2.23.77.188, 199.232.210.172, 172.217.18.3, 142.250.186.131, 74.125.133.84, 142.250.185.206
Excluded domains from analysis (whitelisted): fp.msedge.net, fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, ocsp.digicert.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: http://Alliancevvs11.ebtrk3.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 224
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 06:11:54.899812937 CET	49681	80	192.168.2.4	2.17.190.73
Mar 14, 2025 06:12:04.353375912 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 06:12:04.509205103 CET	49681	80	192.168.2.4	2.17.190.73
Mar 14, 2025 06:12:04.665438890 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 06:12:05.224708080 CET	49735	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:05.224735022 CET	443	49735	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:05.224903107 CET	49735	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:05.225162029 CET	49735	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:05.225183964 CET	443	49735	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:05.274843931 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 06:12:05.425462008 CET	443	49735	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:05.426031113 CET	49736	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:05.426059008 CET	443	49736	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:05.426135063 CET	49736	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:05.426412106 CET	49736	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:05.426428080 CET	443	49736	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:05.625477076 CET	443	49736	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:06.477957010 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 06:12:07.255544901 CET	49739	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.255578995 CET	443	49739	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.255651951 CET	49739	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.256489038 CET	49739	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.256505013 CET	443	49739	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.458806038 CET	443	49739	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.466582060 CET	49742	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.466619015 CET	443	49742	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.466691017 CET	49742	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.467346907 CET	49742	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.467360973 CET	443	49742	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.666179895 CET	443	49742	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.678603888 CET	49743	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.678637028 CET	443	49743	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.678699970 CET	49743	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.679512024 CET	49743	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.679524899 CET	443	49743	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.877448082 CET	443	49743	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.879127026 CET	49744	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.879156113 CET	443	49744	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:07.879226923 CET	49744	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.880198956 CET	49744	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:07.880212069 CET	443	49744	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:08.077173948 CET	443	49744	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:08.883450985 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 06:12:09.135257959 CET	49748	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.135273933 CET	443	49748	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.135338068 CET	49748	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.135504961 CET	49749	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.135545015 CET	443	49749	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.135601997 CET	49749	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.136492968 CET	49748	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.136504889 CET	443	49748	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.137437105 CET	49749	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.137451887 CET	443	49749	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.337033033 CET	443	49749	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.337708950 CET	443	49748	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.338519096 CET	49750	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.338550091 CET	443	49750	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.338641882 CET	49750	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.338963985 CET	49751	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.338993073 CET	443	49751	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.339060068 CET	49751	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.339369059 CET	49750	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.339385033 CET	443	49750	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.339647055 CET	49751	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:09.339664936 CET	443	49751	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.537020922 CET	443	49751	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:09.537391901 CET	443	49750	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:10.875976086 CET	49753	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:10.876013994 CET	443	49753	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:10.876127005 CET	49753	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:10.882884979 CET	49753	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:10.882900000 CET	443	49753	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:11.081518888 CET	443	49753	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:11.082251072 CET	49754	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:11.082293034 CET	443	49754	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:11.082716942 CET	49754	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:11.082716942 CET	49754	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:12:11.082756996 CET	443	49754	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:11.280801058 CET	443	49754	142.250.185.100	192.168.2.4
Mar 14, 2025 06:12:11.597601891 CET	49755	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.597625017 CET	443	49755	23.199.214.10	192.168.2.4
Mar 14, 2025 06:12:11.597690105 CET	49755	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.599179029 CET	49755	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.599193096 CET	443	49755	23.199.214.10	192.168.2.4
Mar 14, 2025 06:12:11.599657059 CET	443	49755	23.199.214.10	192.168.2.4
Mar 14, 2025 06:12:11.600445032 CET	49756	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.600476980 CET	443	49756	23.199.214.10	192.168.2.4
Mar 14, 2025 06:12:11.600533009 CET	49756	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.600879908 CET	49756	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.600898981 CET	443	49756	23.199.214.10	192.168.2.4
Mar 14, 2025 06:12:11.601290941 CET	443	49756	23.199.214.10	192.168.2.4
Mar 14, 2025 06:12:11.601675987 CET	49757	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.601722002 CET	443	49757	23.199.214.10	192.168.2.4
Mar 14, 2025 06:12:11.601771116 CET	49757	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.602283955 CET	49757	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:11.602313995 CET	443	49757	23.199.214.10	192.168.2.4
Mar 14, 2025 06:12:11.602355957 CET	49757	443	192.168.2.4	23.199.214.10
Mar 14, 2025 06:12:13.133336067 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 06:12:13.446399927 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 06:12:13.696409941 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 06:12:14.055804014 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 06:12:14.176079035 CET	49708	443	192.168.2.4	13.107.246.60
Mar 14, 2025 06:12:14.181451082 CET	443	49708	13.107.246.60	192.168.2.4
Mar 14, 2025 06:12:14.498564005 CET	49711	443	192.168.2.4	131.253.33.254
Mar 14, 2025 06:12:14.499332905 CET	49711	443	192.168.2.4	131.253.33.254
Mar 14, 2025 06:12:14.499365091 CET	49711	443	192.168.2.4	131.253.33.254
Mar 14, 2025 06:12:14.503401041 CET	443	49711	131.253.33.254	192.168.2.4
Mar 14, 2025 06:12:14.504030943 CET	443	49711	131.253.33.254	192.168.2.4
Mar 14, 2025 06:12:14.504040003 CET	443	49711	131.253.33.254	192.168.2.4
Mar 14, 2025 06:12:14.569730043 CET	49758	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.569766045 CET	443	49758	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.569849014 CET	49758	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.570178032 CET	49759	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.570240021 CET	443	49759	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.570287943 CET	49759	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.587207079 CET	49759	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.587234020 CET	443	49759	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.588037968 CET	49758	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.588052988 CET	443	49758	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.598301888 CET	443	49711	131.253.33.254	192.168.2.4
Mar 14, 2025 06:12:14.598365068 CET	49711	443	192.168.2.4	131.253.33.254
Mar 14, 2025 06:12:14.726530075 CET	443	49711	131.253.33.254	192.168.2.4
Mar 14, 2025 06:12:14.726737976 CET	49711	443	192.168.2.4	131.253.33.254
Mar 14, 2025 06:12:14.737057924 CET	49711	443	192.168.2.4	131.253.33.254
Mar 14, 2025 06:12:14.741770983 CET	443	49711	131.253.33.254	192.168.2.4
Mar 14, 2025 06:12:14.741955996 CET	49711	443	192.168.2.4	131.253.33.254
Mar 14, 2025 06:12:14.746642113 CET	443	49711	131.253.33.254	192.168.2.4
Mar 14, 2025 06:12:14.785721064 CET	443	49758	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.785933018 CET	443	49759	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.786341906 CET	49760	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.786400080 CET	443	49760	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.786469936 CET	49760	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.786844969 CET	49761	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.786881924 CET	443	49761	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.787121058 CET	49761	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.787318945 CET	49760	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.787333965 CET	443	49760	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.787683010 CET	49761	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:14.787698984 CET	443	49761	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.855293036 CET	443	49711	131.253.33.254	192.168.2.4
Mar 14, 2025 06:12:14.855381012 CET	49711	443	192.168.2.4	131.253.33.254
Mar 14, 2025 06:12:14.859967947 CET	49680	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.860282898 CET	49762	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.860327959 CET	443	49762	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.860538006 CET	49762	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.860773087 CET	49762	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.860789061 CET	443	49762	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.861424923 CET	443	49762	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.861865044 CET	49763	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.861910105 CET	443	49763	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.862097979 CET	49763	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.862399101 CET	49763	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.862416029 CET	443	49763	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.862832069 CET	443	49763	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.863142014 CET	49764	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.863183022 CET	443	49764	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.863390923 CET	49764	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.863451004 CET	49764	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.863480091 CET	443	49764	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.863651037 CET	49764	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.875871897 CET	49765	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.875910044 CET	443	49765	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.876053095 CET	49765	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.876332045 CET	49765	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.876351118 CET	443	49765	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.876760960 CET	443	49765	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.877346039 CET	49766	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.877356052 CET	443	49766	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.877612114 CET	49766	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.877924919 CET	49766	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.877935886 CET	443	49766	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.878304958 CET	443	49766	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.878657103 CET	49767	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.878669024 CET	443	49767	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.878791094 CET	49767	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.878865004 CET	49767	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.878889084 CET	443	49767	204.79.197.222	192.168.2.4
Mar 14, 2025 06:12:14.878941059 CET	49767	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:14.985193968 CET	443	49761	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:14.985332012 CET	443	49760	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:15.161245108 CET	49680	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:15.267817974 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 06:12:15.774713993 CET	49680	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:16.180793047 CET	49770	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.180829048 CET	443	49770	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.180912971 CET	49770	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.182249069 CET	49770	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.182264090 CET	443	49770	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.182924986 CET	443	49770	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.198276043 CET	49771	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.198332071 CET	443	49771	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.198414087 CET	49771	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.198755980 CET	49771	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.198772907 CET	443	49771	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.199170113 CET	443	49771	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.240761995 CET	49772	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.240797997 CET	443	49772	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.240889072 CET	49772	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.241204023 CET	49772	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.241219044 CET	443	49772	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.241627932 CET	443	49772	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.252357960 CET	49773	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.252396107 CET	443	49773	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.252496004 CET	49773	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.252811909 CET	49773	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.252825975 CET	443	49773	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.253164053 CET	443	49773	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.278117895 CET	49774	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.278141022 CET	443	49774	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.278197050 CET	49774	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.278565884 CET	49774	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.278578997 CET	443	49774	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.278970957 CET	443	49774	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.288903952 CET	49775	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.288944960 CET	443	49775	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.289073944 CET	49775	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.289376020 CET	49775	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.289391994 CET	443	49775	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.289768934 CET	443	49775	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.344296932 CET	49777	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.344329119 CET	443	49777	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.344603062 CET	49777	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.345253944 CET	49777	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.345268011 CET	443	49777	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.346122980 CET	443	49777	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.357266903 CET	49778	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.357285023 CET	443	49778	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.357345104 CET	49778	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.357676983 CET	49778	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:16.357692957 CET	443	49778	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.358289003 CET	443	49778	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:16.977710962 CET	49680	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:17.680596113 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 06:12:19.383709908 CET	49680	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:22.480721951 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 06:12:23.321578979 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 06:12:23.964387894 CET	49780	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:23.964423895 CET	443	49780	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:23.964492083 CET	49780	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:23.964781046 CET	49781	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:23.964833975 CET	443	49781	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:23.964895964 CET	49781	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:23.967838049 CET	49781	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:23.967854977 CET	443	49781	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:23.968295097 CET	49780	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:23.968313932 CET	443	49780	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:24.165124893 CET	443	49781	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:24.166410923 CET	49782	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:24.166448116 CET	443	49782	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:24.166526079 CET	49782	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:24.168697119 CET	49782	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:24.168709993 CET	443	49782	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:24.169137955 CET	443	49780	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:24.170258999 CET	49783	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:24.170284986 CET	443	49783	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:24.170341015 CET	49783	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:24.170835972 CET	49783	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:24.170850992 CET	443	49783	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:24.201775074 CET	49680	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:24.368906021 CET	443	49783	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:24.369559050 CET	443	49782	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:32.082595110 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 06:12:33.804272890 CET	49680	443	192.168.2.4	204.79.197.222
Mar 14, 2025 06:12:39.168570042 CET	49787	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.168618917 CET	443	49787	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.168699026 CET	49787	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.168749094 CET	49788	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.168800116 CET	443	49788	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.168849945 CET	49788	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.169878960 CET	49788	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.169894934 CET	443	49788	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.170325994 CET	49787	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.170341969 CET	443	49787	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.369081020 CET	443	49787	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.369350910 CET	443	49788	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.369623899 CET	49790	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.369662046 CET	443	49790	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.369720936 CET	49790	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.369898081 CET	49791	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.369927883 CET	443	49791	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.369975090 CET	49791	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.370263100 CET	49790	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.370277882 CET	443	49790	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.370568037 CET	49791	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:12:39.370582104 CET	443	49791	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.569499016 CET	443	49791	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:39.569854975 CET	443	49790	104.21.92.214	192.168.2.4
Mar 14, 2025 06:12:50.228445053 CET	49718	80	192.168.2.4	88.221.110.91
Mar 14, 2025 06:12:50.228490114 CET	49720	80	192.168.2.4	88.221.110.91
Mar 14, 2025 06:12:50.233374119 CET	80	49718	88.221.110.91	192.168.2.4
Mar 14, 2025 06:12:50.233448029 CET	49718	80	192.168.2.4	88.221.110.91
Mar 14, 2025 06:12:50.233813047 CET	80	49720	88.221.110.91	192.168.2.4
Mar 14, 2025 06:12:50.233860970 CET	49720	80	192.168.2.4	88.221.110.91
Mar 14, 2025 06:12:50.668741941 CET	49717	443	192.168.2.4	2.23.227.208
Mar 14, 2025 06:12:50.668904066 CET	49719	80	192.168.2.4	88.221.110.91
Mar 14, 2025 06:12:52.655524969 CET	49793	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.655565977 CET	443	49793	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.655643940 CET	49793	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.656012058 CET	49793	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.656028986 CET	443	49793	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.656673908 CET	443	49793	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.670470953 CET	49794	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.670509100 CET	443	49794	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.670578003 CET	49794	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.670850039 CET	49794	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.670862913 CET	443	49794	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.671251059 CET	443	49794	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.690073967 CET	49795	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.690104008 CET	443	49795	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.690181971 CET	49795	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.690462112 CET	49795	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.690475941 CET	443	49795	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.690836906 CET	443	49795	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.706784010 CET	49796	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.706813097 CET	443	49796	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.706866026 CET	49796	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.707313061 CET	49796	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.707325935 CET	443	49796	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.707669020 CET	443	49796	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.722405910 CET	49797	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.722443104 CET	443	49797	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.722500086 CET	49797	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.722764969 CET	49797	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.722779036 CET	443	49797	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.723098040 CET	443	49797	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.732955933 CET	49798	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.732978106 CET	443	49798	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.733046055 CET	49798	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.733309031 CET	49798	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.733319044 CET	443	49798	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.733639002 CET	443	49798	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.748910904 CET	49799	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.748922110 CET	443	49799	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.748987913 CET	49799	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.749274969 CET	49799	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.749285936 CET	443	49799	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.749624014 CET	443	49799	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.752665043 CET	49800	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.752696037 CET	443	49800	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.752757072 CET	49800	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.753079891 CET	49800	443	192.168.2.4	20.109.210.53
Mar 14, 2025 06:12:52.753093004 CET	443	49800	20.109.210.53	192.168.2.4
Mar 14, 2025 06:12:52.753400087 CET	443	49800	20.109.210.53	192.168.2.4
Mar 14, 2025 06:13:05.291244030 CET	49810	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:13:05.291282892 CET	443	49810	142.250.185.100	192.168.2.4
Mar 14, 2025 06:13:05.291380882 CET	49810	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:13:05.291733027 CET	49810	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:13:05.291748047 CET	443	49810	142.250.185.100	192.168.2.4
Mar 14, 2025 06:13:05.488980055 CET	443	49810	142.250.185.100	192.168.2.4
Mar 14, 2025 06:13:05.489615917 CET	49811	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:13:05.489645958 CET	443	49811	142.250.185.100	192.168.2.4
Mar 14, 2025 06:13:05.489741087 CET	49811	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:13:05.490075111 CET	49811	443	192.168.2.4	142.250.185.100
Mar 14, 2025 06:13:05.490093946 CET	443	49811	142.250.185.100	192.168.2.4
Mar 14, 2025 06:13:05.688988924 CET	443	49811	142.250.185.100	192.168.2.4
Mar 14, 2025 06:13:06.747613907 CET	49812	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.747643948 CET	443	49812	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.747714043 CET	49812	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.748150110 CET	49813	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.748198032 CET	443	49813	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.748256922 CET	49813	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.748797894 CET	49813	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.748816013 CET	443	49813	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.749277115 CET	49812	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.749293089 CET	443	49812	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.949331045 CET	443	49813	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.949525118 CET	443	49812	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.950330973 CET	49814	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.950386047 CET	443	49814	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.950515032 CET	49814	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.950817108 CET	49815	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.950843096 CET	443	49815	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.950905085 CET	49815	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.951277018 CET	49814	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.951294899 CET	443	49814	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:06.951561928 CET	49815	443	192.168.2.4	104.21.92.214
Mar 14, 2025 06:13:06.951579094 CET	443	49815	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:07.149077892 CET	443	49815	104.21.92.214	192.168.2.4
Mar 14, 2025 06:13:07.149158955 CET	443	49814	104.21.92.214	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 06:12:01.867433071 CET	53	54052	1.1.1.1	192.168.2.4
Mar 14, 2025 06:12:01.947468042 CET	53	62226	1.1.1.1	192.168.2.4
Mar 14, 2025 06:12:05.213397980 CET	63614	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:12:05.213397980 CET	54240	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:12:05.223822117 CET	53	63614	1.1.1.1	192.168.2.4
Mar 14, 2025 06:12:05.223906994 CET	53	54240	1.1.1.1	192.168.2.4
Mar 14, 2025 06:12:07.204943895 CET	53742	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:12:07.205995083 CET	58985	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:12:07.219558001 CET	53	53742	1.1.1.1	192.168.2.4
Mar 14, 2025 06:12:07.219747066 CET	53	58985	1.1.1.1	192.168.2.4
Mar 14, 2025 06:12:07.231981993 CET	52236	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:12:07.232228994 CET	52069	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:12:07.245358944 CET	53	52069	1.1.1.1	192.168.2.4
Mar 14, 2025 06:12:07.246361017 CET	53	52236	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:01.302783012 CET	53	57829	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:01.710047960 CET	53	51879	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:04.644610882 CET	53	50533	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:05.052129030 CET	50320	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:05.052268028 CET	52271	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:05.062979937 CET	53	50320	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:05.065501928 CET	53	52271	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:06.073364019 CET	54441	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:06.073852062 CET	65008	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:06.080311060 CET	53	54441	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:06.080375910 CET	53	65008	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:08.104635954 CET	64808	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:08.111373901 CET	53	64808	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:09.118113041 CET	64808	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:09.125173092 CET	53	64808	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:10.133660078 CET	64808	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:10.141305923 CET	53	64808	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:12.134599924 CET	64808	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:12.141165972 CET	53	64808	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:12.593638897 CET	138	138	192.168.2.4	192.168.2.255
Mar 14, 2025 06:13:16.149719954 CET	64808	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:16.157407999 CET	53	64808	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:21.959295034 CET	61071	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:21.959449053 CET	61914	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:21.966027021 CET	53	61071	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:21.966907978 CET	53	61914	1.1.1.1	192.168.2.4
Mar 14, 2025 06:13:22.978328943 CET	58457	53	192.168.2.4	1.1.1.1
Mar 14, 2025 06:13:22.985389948 CET	53	58457	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 14, 2025 06:12:05.213397980 CET	192.168.2.4	1.1.1.1	0xaddb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:12:05.213397980 CET	192.168.2.4	1.1.1.1	0x3400	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 14, 2025 06:12:07.204943895 CET	192.168.2.4	1.1.1.1	0xe1ca	Standard query (0)	alliancevvs11.ebtrk3.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:12:07.205995083 CET	192.168.2.4	1.1.1.1	0x2a96	Standard query (0)	alliancevvs11.ebtrk3.com	65	IN (0x0001)	false
Mar 14, 2025 06:12:07.231981993 CET	192.168.2.4	1.1.1.1	0xb861	Standard query (0)	alliancevvs11.ebtrk3.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:12:07.232228994 CET	192.168.2.4	1.1.1.1	0x885c	Standard query (0)	alliancevvs11.ebtrk3.com	65	IN (0x0001)	false
Mar 14, 2025 06:13:05.052129030 CET	192.168.2.4	1.1.1.1	0x586a	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:05.052268028 CET	192.168.2.4	1.1.1.1	0x64ce	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 06:13:06.073364019 CET	192.168.2.4	1.1.1.1	0x533e	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:06.073852062 CET	192.168.2.4	1.1.1.1	0xfd4b	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 06:13:08.104635954 CET	192.168.2.4	1.1.1.1	0xa0f4	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:09.118113041 CET	192.168.2.4	1.1.1.1	0xa0f4	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:10.133660078 CET	192.168.2.4	1.1.1.1	0xa0f4	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:12.134599924 CET	192.168.2.4	1.1.1.1	0xa0f4	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:16.149719954 CET	192.168.2.4	1.1.1.1	0xa0f4	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:21.959295034 CET	192.168.2.4	1.1.1.1	0x82c5	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:21.959449053 CET	192.168.2.4	1.1.1.1	0x7f9d	Standard query (0)	beacons.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 06:13:22.978328943 CET	192.168.2.4	1.1.1.1	0xaded	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 14, 2025 06:12:05.223822117 CET	1.1.1.1	192.168.2.4	0xaddb	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:12:05.223906994 CET	1.1.1.1	192.168.2.4	0x3400	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 14, 2025 06:12:07.219558001 CET	1.1.1.1	192.168.2.4	0xe1ca	No error (0)	alliancevvs11.ebtrk3.com		172.67.198.217	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:12:07.219558001 CET	1.1.1.1	192.168.2.4	0xe1ca	No error (0)	alliancevvs11.ebtrk3.com		104.21.92.214	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:12:07.219747066 CET	1.1.1.1	192.168.2.4	0x2a96	No error (0)	alliancevvs11.ebtrk3.com			65	IN (0x0001)	false
Mar 14, 2025 06:12:07.245358944 CET	1.1.1.1	192.168.2.4	0x885c	No error (0)	alliancevvs11.ebtrk3.com			65	IN (0x0001)	false
Mar 14, 2025 06:12:07.246361017 CET	1.1.1.1	192.168.2.4	0xb861	No error (0)	alliancevvs11.ebtrk3.com		104.21.92.214	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:12:07.246361017 CET	1.1.1.1	192.168.2.4	0xb861	No error (0)	alliancevvs11.ebtrk3.com		172.67.198.217	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:05.062979937 CET	1.1.1.1	192.168.2.4	0x586a	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:05.062979937 CET	1.1.1.1	192.168.2.4	0x586a	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.67	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:05.065501928 CET	1.1.1.1	192.168.2.4	0x64ce	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:06.080311060 CET	1.1.1.1	192.168.2.4	0x533e	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:06.080311060 CET	1.1.1.1	192.168.2.4	0x533e	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.185.195	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:06.080375910 CET	1.1.1.1	192.168.2.4	0xfd4b	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:08.111373901 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:08.111373901 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:09.125173092 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:09.125173092 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:10.141305923 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:10.141305923 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:12.141165972 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:12.141165972 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:16.157407999 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 14, 2025 06:13:16.157407999 CET	1.1.1.1	192.168.2.4	0xa0f4	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:21.966027021 CET	1.1.1.1	192.168.2.4	0x82c5	No error (0)	beacons.gvt2.com		142.250.186.67	A (IP address)	IN (0x0001)	false
Mar 14, 2025 06:13:22.985389948 CET	1.1.1.1	192.168.2.4	0xaded	No error (0)	beacons.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1844, Parent PID: 5348

Function Logs

General

Target ID:	1
Start time:	01:11:57
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6204, Parent PID: 1844

Function Logs

General

Target ID:	2
Start time:	01:12:00
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2588,i,13930551357670577704,12879664303690422559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2616 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7008, Parent PID: 5348

Function Logs

General

Target ID:	4
Start time:	01:12:06
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://Alliancevvs11.ebtrk3.com"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://Alliancevvs11.ebtrk3.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1844, Parent PID: 5348

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Process Created

Process Terminated

Thread Activities

Thread Terminated

Memory Activities

Memory Usage Statistics

Windows Analysis Report
http://Alliancevvs11.ebtrk3.com