Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://primakovreadings.info

Overview

General Information

Sample URL:https://primakovreadings.info
Analysis ID:1649969
Infos:
Errors
  • URL not reachable

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2300,i,9331745643516107620,18116287357682249321,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2328 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://primakovreadings.info" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://primakovreadings.infoAvira URL Cloud: detection malicious, Label: malware
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: primakovreadings.info
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: classification engineClassification label: mal48.win@22/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2300,i,9331745643516107620,18116287357682249321,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2328 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://primakovreadings.info"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2300,i,9331745643516107620,18116287357682249321,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2328 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1649969 URL: https://primakovreadings.info Startdate: 27/03/2025 Architecture: WINDOWS Score: 48 20 Antivirus / Scanner detection for submitted sample 2->20 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 443, 49723, 49725 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 primakovreadings.info 188.40.151.88, 443, 49725, 49726 HETZNER-ASDE Germany 11->16 18 www.google.com 142.251.40.132, 443, 49723 GOOGLEUS United States 11->18

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://primakovreadings.info100%Avira URL Cloudmalware

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.40.132
truefalse
    		high
    primakovreadings.info
    		188.40.151.88
    		truefalse
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      188.40.151.88
      		primakovreadings.infoGermany
      		24940HETZNER-ASDEfalse
      142.251.40.132
      		www.google.comUnited States
      		15169GOOGLEUSfalse

      Private

      IP
      192.168.2.4

      General Information

      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1649969
      Start date and time:2025-03-27 10:33:43 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 1m 55s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://primakovreadings.info
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:12
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal48.win@22/0@4/3
      Cookbook Comments:
      • URL browsing timeout or error
      • URL not reachable
      • Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 142.250.80.99, 142.250.81.238, 172.253.63.84, 142.250.65.238, 199.232.38.172, 23.204.23.20, 172.202.163.200
      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenFile calls found.
      • VT rate limit hit for: https://primakovreadings.info

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      No static file info

      Network Behavior

      Download Network PCAP: filteredfull

      Network Port Distribution

      • Total Packets: 75
      • 443 (HTTPS)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Mar 27, 2025 10:34:34.388576031 CET49680443192.168.2.4204.79.197.222
      Mar 27, 2025 10:34:41.429830074 CET49671443192.168.2.4204.79.197.203
      Mar 27, 2025 10:34:41.787795067 CET49671443192.168.2.4204.79.197.203
      Mar 27, 2025 10:34:42.529752970 CET49671443192.168.2.4204.79.197.203
      Mar 27, 2025 10:34:43.732058048 CET49671443192.168.2.4204.79.197.203
      Mar 27, 2025 10:34:43.997642994 CET49680443192.168.2.4204.79.197.222
      Mar 27, 2025 10:34:45.417330980 CET49723443192.168.2.4142.251.40.132
      Mar 27, 2025 10:34:45.417361021 CET44349723142.251.40.132192.168.2.4
      Mar 27, 2025 10:34:45.417486906 CET49723443192.168.2.4142.251.40.132
      Mar 27, 2025 10:34:45.417629957 CET49723443192.168.2.4142.251.40.132
      Mar 27, 2025 10:34:45.417639017 CET44349723142.251.40.132192.168.2.4
      Mar 27, 2025 10:34:45.609563112 CET44349723142.251.40.132192.168.2.4
      Mar 27, 2025 10:34:45.609642982 CET49723443192.168.2.4142.251.40.132
      Mar 27, 2025 10:34:45.610965967 CET49723443192.168.2.4142.251.40.132
      Mar 27, 2025 10:34:45.610972881 CET44349723142.251.40.132192.168.2.4
      Mar 27, 2025 10:34:45.611211061 CET44349723142.251.40.132192.168.2.4
      Mar 27, 2025 10:34:45.653745890 CET49723443192.168.2.4142.251.40.132
      Mar 27, 2025 10:34:46.138353109 CET49671443192.168.2.4204.79.197.203
      Mar 27, 2025 10:34:48.488434076 CET49725443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.488456011 CET44349725188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.488565922 CET49725443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.488733053 CET49725443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.488744020 CET44349725188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.489195108 CET49726443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.489233971 CET44349726188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.489459991 CET49726443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.489459991 CET49726443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.489497900 CET44349726188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.664530039 CET44349725188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.664927006 CET44349726188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.665267944 CET49727443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.665299892 CET44349727188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.665365934 CET49727443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.665783882 CET49728443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.665823936 CET44349728188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.665889978 CET49728443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.666007996 CET49727443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.666024923 CET44349727188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.666126013 CET49728443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:48.666136026 CET44349728188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.841506958 CET44349727188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:48.842483997 CET44349728188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:49.920806885 CET49732443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:49.920842886 CET44349732188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:49.920900106 CET49732443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:49.921026945 CET49733443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:49.921060085 CET44349733188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:49.921107054 CET49733443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:49.921370983 CET49732443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:49.921385050 CET44349732188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:49.921529055 CET49733443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:49.921541929 CET44349733188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.097800970 CET44349733188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.098252058 CET44349732188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.098362923 CET49734443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:50.098436117 CET44349734188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.098510027 CET49734443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:50.098814011 CET49735443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:50.098882914 CET44349735188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.098922968 CET49734443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:50.098949909 CET44349734188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.098958015 CET49735443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:50.099550962 CET49735443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:50.099575043 CET44349735188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.170990944 CET49678443192.168.2.420.189.173.27
      Mar 27, 2025 10:34:50.275475025 CET44349734188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.276024103 CET44349735188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:50.482180119 CET49678443192.168.2.420.189.173.27
      Mar 27, 2025 10:34:50.940004110 CET49671443192.168.2.4204.79.197.203
      Mar 27, 2025 10:34:51.096293926 CET49678443192.168.2.420.189.173.27
      Mar 27, 2025 10:34:52.309861898 CET49678443192.168.2.420.189.173.27
      Mar 27, 2025 10:34:54.715737104 CET49678443192.168.2.420.189.173.27
      Mar 27, 2025 10:34:55.308084965 CET49737443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.308120012 CET44349737188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.308151960 CET49736443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.308183908 CET44349736188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.308352947 CET49737443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.308388948 CET49736443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.312472105 CET49736443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.312490940 CET44349736188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.312521935 CET49737443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.312561989 CET44349737188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.488718987 CET44349736188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.488987923 CET44349737188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.489413977 CET49739443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.489439964 CET44349739188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.489860058 CET49740443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.489867926 CET44349740188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.489943027 CET49739443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.489943027 CET49740443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.490180016 CET49739443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.490180016 CET49740443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:55.490190983 CET44349739188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.490206957 CET44349740188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.618884087 CET44349723142.251.40.132192.168.2.4
      Mar 27, 2025 10:34:55.618959904 CET44349723142.251.40.132192.168.2.4
      Mar 27, 2025 10:34:55.619869947 CET49723443192.168.2.4142.251.40.132
      Mar 27, 2025 10:34:55.665712118 CET44349739188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.665712118 CET44349740188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:55.708440065 CET49723443192.168.2.4142.251.40.132
      Mar 27, 2025 10:34:55.708467960 CET44349723142.251.40.132192.168.2.4
      Mar 27, 2025 10:34:58.824807882 CET49747443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:58.824847937 CET44349747188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:58.824964046 CET49747443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:58.825201988 CET49748443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:58.825210094 CET44349748188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:58.825344086 CET49748443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:58.825787067 CET49747443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:58.825787067 CET49748443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:58.825803995 CET44349747188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:58.825819016 CET44349748188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.000721931 CET44349747188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.001177073 CET49749443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:59.001211882 CET44349749188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.001276016 CET49749443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:59.001415968 CET44349748188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.001420021 CET49749443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:59.001435995 CET44349749188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.001751900 CET49750443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:59.001784086 CET44349750188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.002080917 CET49750443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:59.002171040 CET49750443192.168.2.4188.40.151.88
      Mar 27, 2025 10:34:59.002188921 CET44349750188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.178942919 CET44349749188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.179482937 CET44349750188.40.151.88192.168.2.4
      Mar 27, 2025 10:34:59.524857044 CET49678443192.168.2.420.189.173.27
      Mar 27, 2025 10:35:00.544797897 CET49671443192.168.2.4204.79.197.203
      TimestampSource PortDest PortSource IPDest IP
      Mar 27, 2025 10:34:42.281147003 CET53649991.1.1.1192.168.2.4
      Mar 27, 2025 10:34:42.375674963 CET53591881.1.1.1192.168.2.4
      Mar 27, 2025 10:34:42.985152960 CET53549821.1.1.1192.168.2.4
      Mar 27, 2025 10:34:43.148921013 CET53602671.1.1.1192.168.2.4
      Mar 27, 2025 10:34:45.330945015 CET5992253192.168.2.41.1.1.1
      Mar 27, 2025 10:34:45.331130981 CET5278153192.168.2.41.1.1.1
      Mar 27, 2025 10:34:45.415736914 CET53599221.1.1.1192.168.2.4
      Mar 27, 2025 10:34:45.415754080 CET53527811.1.1.1192.168.2.4
      Mar 27, 2025 10:34:48.171156883 CET5627253192.168.2.41.1.1.1
      Mar 27, 2025 10:34:48.171370983 CET5821153192.168.2.41.1.1.1
      Mar 27, 2025 10:34:48.344043970 CET53582111.1.1.1192.168.2.4
      Mar 27, 2025 10:34:48.487427950 CET53562721.1.1.1192.168.2.4
      Mar 27, 2025 10:35:00.162206888 CET53575671.1.1.1192.168.2.4

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Mar 27, 2025 10:34:45.330945015 CET192.168.2.41.1.1.10xc54bStandard query (0)www.google.comA (IP address)IN (0x0001)false
      Mar 27, 2025 10:34:45.331130981 CET192.168.2.41.1.1.10xd567Standard query (0)www.google.com65IN (0x0001)false
      Mar 27, 2025 10:34:48.171156883 CET192.168.2.41.1.1.10x60a5Standard query (0)primakovreadings.infoA (IP address)IN (0x0001)false
      Mar 27, 2025 10:34:48.171370983 CET192.168.2.41.1.1.10x2439Standard query (0)primakovreadings.info65IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Mar 27, 2025 10:34:45.415736914 CET1.1.1.1192.168.2.40xc54bNo error (0)www.google.com142.251.40.132A (IP address)IN (0x0001)false
      Mar 27, 2025 10:34:45.415754080 CET1.1.1.1192.168.2.40xd567No error (0)www.google.com65IN (0x0001)false
      Mar 27, 2025 10:34:48.487427950 CET1.1.1.1192.168.2.40x60a5No error (0)primakovreadings.info188.40.151.88A (IP address)IN (0x0001)false

      Statistics

      CPU Usage

      0510152025s020406080100

      Click to jump to process

      Memory Usage

      0510152025s0.0050100MB

      Click to jump to process

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:1
      Start time:05:34:38
      Start date:27/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Process Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Process Token Activities


      General

      Target ID:2
      Start time:05:34:40
      Start date:27/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2300,i,9331745643516107620,18116287357682249321,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2328 /prefetch:3
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false
      Show Windows behavior

      File Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      Show Windows behavior

      Memory Activities

      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      General

      Target ID:4
      Start time:05:34:47
      Start date:27/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://primakovreadings.info"
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      Disassembly

      No disassembly