Edit tour

Windows Analysis Report
https://codes-connect.net/

Overview

General Information

Sample URL:	https://codes-connect.net/
Analysis ID:	1502507
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Performs DNS queries to domains with low reputation

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2488,i,693788804534267809,8532715652070118870,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://codes-connect.net/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Sun, 01 Sep 2024 22:20:13 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"connection: close

Source: chromecache_41.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_41.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_41.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_41.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_41.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_41.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13393
Source: chromecache_41.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/4833
Source: chromecache_41.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_41.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_41.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_41.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_41.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_42.2.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: chromecache_42.2.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: chromecache_41.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_41.2.dr	String found in binary or memory: https://github.com/whatwg/html/issues/2369
Source: chromecache_41.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#nonce-attributes
Source: chromecache_41.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_41.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_41.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_41.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_41.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_41.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_41.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_41.2.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_41.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_41.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_41.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_41.2.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_41.2.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_41.2.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_41.2.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_41.2.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_41.2.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_41.2.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_41.2.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_41.2.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_41.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_41.2.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_41.2.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: chromecache_42.2.dr	String found in binary or memory: https://web3diagnostic1.xyz/greencheck.png

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: mal68.troj.win@16/6@7/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2488,i,693788804534267809,8532715652070118870,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://codes-connect.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2488,i,693788804534267809,8532715652070118870,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://codes-connect.net/	9%	Virustotal		Browse
https://codes-connect.net/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://bugs.webkit.org/show_bug.cgi?id=136851	0%	URL Reputation	safe
https://drafts.csswg.org/cssom/#resolved-values	0%	URL Reputation	safe
https://jsperf.com/thor-indexof-vs-for/5	0%	URL Reputation	safe
https://jsperf.com/thor-indexof-vs-for/5	0%	URL Reputation	safe
https://bugs.jquery.com/ticket/12359	0%	URL Reputation	safe
https://html.spec.whatwg.org/#nonce-attributes	0%	URL Reputation	safe
https://html.spec.whatwg.org/#nonce-attributes	0%	URL Reputation	safe
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2	0%	URL Reputation	safe
https://promisesaplus.com/#point-59	0%	URL Reputation	safe
https://html.spec.whatwg.org/#strip-and-collapse-whitespace	0%	URL Reputation	safe
https://jsperf.com/getall-vs-sizzle/2	0%	URL Reputation	safe
https://promisesaplus.com/#point-57	0%	URL Reputation	safe
https://promisesaplus.com/#point-75	0%	URL Reputation	safe
https://promisesaplus.com/#point-75	0%	URL Reputation	safe
https://promisesaplus.com/#point-54	0%	URL Reputation	safe
https://promisesaplus.com/#point-54	0%	URL Reputation	safe
https://drafts.csswg.org/cssom/#common-serializing-idioms	0%	URL Reputation	safe
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled	0%	URL Reputation	safe
https://html.spec.whatwg.org/multipage/forms.html#category-listed	0%	URL Reputation	safe
https://html.spec.whatwg.org/multipage/forms.html#category-listed	0%	URL Reputation	safe
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled	0%	URL Reputation	safe
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace	0%	URL Reputation	safe
https://developer.mozilla.org/en-US/docs/CSS/display	0%	URL Reputation	safe
https://developer.mozilla.org/en-US/docs/CSS/display	0%	URL Reputation	safe
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled	0%	URL Reputation	safe
https://jquery.org/license	0%	URL Reputation	safe
https://jquery.org/license	0%	URL Reputation	safe
https://bugs.chromium.org/p/chromium/issues/detail?id=378607	0%	URL Reputation	safe
https://jquery.com/	0%	URL Reputation	safe
https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled	0%	URL Reputation	safe
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	0%	URL Reputation	safe
https://promisesaplus.com/#point-48	0%	URL Reputation	safe
https://bugs.chromium.org/p/chromium/issues/detail?id=470258	0%	URL Reputation	safe
https://bugs.jquery.com/ticket/13378	0%	URL Reputation	safe
https://promisesaplus.com/#point-64	0%	URL Reputation	safe
https://bugs.jquery.com/ticket/4833	0%	URL Reputation	safe
https://sizzlejs.com/	0%	URL Reputation	safe
https://bugs.chromium.org/p/chromium/issues/detail?id=449857	0%	URL Reputation	safe
https://js.foundation/	0%	URL Reputation	safe
https://bugs.jquery.com/ticket/13393	0%	URL Reputation	safe
https://promisesaplus.com/#point-61	0%	URL Reputation	safe
https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/	0%	Avira URL Cloud	safe
https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a	0%	Avira URL Cloud	safe
https://web3diagnostic1.xyz/greencheck.png	0%	Avira URL Cloud	safe
https://github.com/jquery/sizzle/pull/225	0%	Avira URL Cloud	safe
https://codes-connect.net/favicon.ico	100%	Avira URL Cloud	phishing
https://github.com/whatwg/html/issues/2369	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.186.164	true	false	unknown
codes-connect.net	190.123.45.35	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
web3diagnostic1.xyz	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://codes-connect.net/	true		unknown
https://codes-connect.net/favicon.ico	true	Avira URL Cloud: phishing	unknown
https://codes-connect.net/x0/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://bugs.webkit.org/show_bug.cgi?id=136851	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://drafts.csswg.org/cssom/#resolved-values	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://jsperf.com/thor-indexof-vs-for/5	chromecache_41.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://bugs.jquery.com/ticket/12359	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://html.spec.whatwg.org/#nonce-attributes	chromecache_41.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/	chromecache_41.2.dr	false	Avira URL Cloud: safe	unknown
https://promisesaplus.com/#point-59	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://html.spec.whatwg.org/#strip-and-collapse-whitespace	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://jsperf.com/getall-vs-sizzle/2	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://promisesaplus.com/#point-57	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://promisesaplus.com/#point-75	chromecache_41.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a	chromecache_41.2.dr	false	Avira URL Cloud: safe	unknown
https://promisesaplus.com/#point-54	chromecache_41.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://drafts.csswg.org/cssom/#common-serializing-idioms	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://html.spec.whatwg.org/multipage/forms.html#category-listed	chromecache_41.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://developer.mozilla.org/en-US/docs/CSS/display	chromecache_41.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://jquery.org/license	chromecache_41.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=378607	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://jquery.com/	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://web3diagnostic1.xyz/greencheck.png	chromecache_42.2.dr	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://promisesaplus.com/#point-48	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=470258	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://bugs.jquery.com/ticket/13378	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://github.com/jquery/sizzle/pull/225	chromecache_41.2.dr	false	Avira URL Cloud: safe	unknown
https://promisesaplus.com/#point-64	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://bugs.jquery.com/ticket/4833	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://github.com/whatwg/html/issues/2369	chromecache_41.2.dr	false	Avira URL Cloud: safe	unknown
https://sizzlejs.com/	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=449857	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://js.foundation/	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://bugs.jquery.com/ticket/13393	chromecache_41.2.dr	false	URL Reputation: safe	unknown
https://promisesaplus.com/#point-61	chromecache_41.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
190.123.45.35	codes-connect.net	Panama	265540	ALTANREDESSAPIdeCVMX	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502507
Start date and time:	2024-09-02 00:19:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://codes-connect.net/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.troj.win@16/6@7/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.185.206, 74.125.206.84, 34.104.35.123, 142.250.185.202, 142.250.186.99, 52.165.165.26, 93.184.221.240, 192.229.221.95, 52.165.164.15, 20.3.187.198, 172.217.18.3
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://codes-connect.net/x0/ Model: jbxai	{ "brand":["unknown"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: https://codes-connect.net/x0/ Model: jbxai

{
"brand":["unknown"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1249
Entropy (8bit):	5.242453121762845
Encrypted:	false
SSDEEP:	24:hYYIzD6yJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rq6Kj2CZLY5Mc6NDLYzkYKLlOM
MD5:	F58515DFE987F7E027C8A71BBC884621
SHA1:	BEC6AEBF5940EA88FBBFF5748D539453D49FA284
SHA-256:	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
SHA-512:	F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140
Malicious:	false
Reputation:	low
URL:	https://codes-connect.net/favicon.ico
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<title> 404 Not Found..</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	245760
Entropy (8bit):	5.066097492239274
Encrypted:	false
SSDEEP:	6144:rJshNVlG+TCtlFhTzeKpzcYmD2zK8E1JEjPx+WK+978FyW48L/dCaYeNzIPfTvA:HjzcYmD4Y0Px+WK+978FyMhr+PfE
MD5:	BEDA3AADEAACB8BCDFC50D4B8731D8D7
SHA1:	D94AA69436D1D221E368BDEABA2BF52E23C9BE60
SHA-256:	0C4D9BC2FC855EACE3E5C347B4A084D5B9290B3DDF5E98770EE4A16D9D4936F4
SHA-512:	FA403FA7CD0F9C59CCC83ED1F37C74719A30197E719DD54A033A460D45AB9FC44114187F9E6CA19B0845AC37852B5C4914F3066FD0A13C5118E3ED2B5DB7B44A
Malicious:	false
Reputation:	low
URL:	https://codes-connect.net/ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js
Preview:	/!. jQuery JavaScript Library v3.6.0. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright OpenJS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2021-03-02T17:08Z. */.( function( global, factory ) {..."use strict";...if ( typeof module === "object" && typeof module.exports === "object" ) {....// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return fa

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	8892
Entropy (8bit):	4.479673923896783
Encrypted:	false
SSDEEP:	192:jejacqFeKFBE1BBuGR5iLcN6VIccDmxVqChr7eIwCj/CB:WyFg/dBGphr7eIwL
MD5:	D2CB59D8DBFB34544E4A4C1BC6BB3CD5
SHA1:	67E394AD228E7D20BDD7931FBB368D0B83982C7C
SHA-256:	2C4C1D6BF5EE8ED0CC4F1F55FFA79579736C18BFB1C0AAAA9F8AB822067D4E75
SHA-512:	B90094553442BEA02E0B7AE6E7542BADADF62E227EF22E4989B1CF95DB2A414CE4B9D56DD9F5475E7709A76ACED175351B2F155919AFC6C8351E29D8588FC065
Malicious:	false
Reputation:	low
URL:	https://codes-connect.net/x0/
Preview:	<!DOCTYPE html>.<html class="" lang="en">.<head>. <meta http-equiv="content-type" content="text/html; charset=UTF-8">. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>WalletConnect</title>. <link rel="preconnect" href="https://fonts.googleapis.com/">. <link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin="">... matamask -->. <script src="../ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js"></script>. <style> . .progressbar {. position: relative;. max-width: 500px;. width: 100%;. margin: 30px auto 0;. height: 30px;. background: #274545;. overflow: hidden;. }.. span.progress {. position: absolute;. left: 0;. top: 0;. bottom: 0;. width: 0;. background

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 2, 2024 00:19:58.717744112 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 2, 2024 00:20:08.325912952 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 2, 2024 00:20:09.227757931 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.227816105 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.227910042 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.228163958 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.228173971 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.228241920 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.228437901 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.228451014 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.228585005 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.228594065 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.869343042 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.869405031 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.869704962 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.869724035 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.869801998 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.869810104 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.870743036 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.870819092 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.870887995 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.870934010 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.871882915 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.871968985 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.872255087 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.872328043 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.872390032 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.872396946 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.923821926 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.923821926 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:09.923836946 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:09.970151901 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.121716976 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.121797085 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.122293949 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.122304916 CEST	443	49735	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.122323036 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.122378111 CEST	49735	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.124897957 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.172502041 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.300143957 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.300770044 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.300777912 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.300813913 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.300828934 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.300844908 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.300863981 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.300920963 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.301721096 CEST	49736	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.301740885 CEST	443	49736	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.783416033 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.783463955 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:10.783550978 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.784212112 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:10.784224033 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.112873077 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:11.112915039 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:11.112982035 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:11.113240957 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:11.113251925 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:11.479983091 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.480509996 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.480519056 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.480976105 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.481822968 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.481888056 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.482060909 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.528493881 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.730958939 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.749186039 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:11.749403000 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:11.749432087 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:11.750400066 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:11.750472069 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:11.784948111 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.811568022 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.811582088 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.811614990 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.811630964 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.811634064 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.811645985 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.811654091 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.811712027 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.811718941 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.816036940 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.816059113 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.816128016 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.816135883 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.816190958 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.894186974 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.894207001 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.894296885 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.894296885 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.894309998 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.894398928 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.897181034 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.897198915 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.897394896 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.897403002 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.897531033 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.898803949 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.898823977 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.898919106 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.898919106 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.898926973 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.899065971 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.901396036 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.901417017 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.901501894 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.901501894 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.901515007 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.901571035 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.976828098 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.976850033 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.977036953 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.977056980 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.977123976 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.979279995 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.979295015 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.979383945 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.979388952 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.979491949 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.980087042 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.980099916 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.980402946 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.980412960 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.980462074 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.980488062 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.980551004 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.980556965 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.980593920 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.980593920 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.980892897 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.981396914 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.981410980 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.981491089 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.981497049 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.981591940 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.982295990 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.982310057 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.982387066 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.982387066 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:11.982394934 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:11.985131025 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.004478931 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:12.004523039 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:12.004662991 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:12.006612062 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:12.006627083 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:12.107175112 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:12.107372046 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:12.154834032 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:12.154855967 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:12.200619936 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:12.228352070 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.228374004 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.228635073 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.228645086 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.228790045 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.228809118 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.228907108 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.228918076 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.228967905 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.229110003 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.229124069 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.229149103 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.229156017 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.229180098 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.229279995 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.229314089 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.229401112 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.234060049 CEST	49741	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.234082937 CEST	443	49741	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.290824890 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.290878057 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.291059971 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.291575909 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:12.291589975 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.606106043 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:12.606225014 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:12.609954119 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:12.609966993 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:12.610424995 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:12.653664112 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:12.676985025 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:12.724505901 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:12.855638981 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:12.855704069 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:12.858127117 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:12.913959980 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:12.966784000 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:13.309818029 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:13.309868097 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:13.309885025 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:13.309891939 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:13.310497999 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:13.310528040 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:13.311038971 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:13.313565016 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:13.313644886 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:13.314460039 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:13.360498905 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:13.396255016 CEST	49746	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:13.396295071 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:13.396363974 CEST	49746	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:13.397140980 CEST	49746	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:13.397156000 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:13.487190962 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:13.487277985 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:13.487323046 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:13.488559961 CEST	49744	443	192.168.2.4	190.123.45.35
Sep 2, 2024 00:20:13.488570929 CEST	443	49744	190.123.45.35	192.168.2.4
Sep 2, 2024 00:20:13.995904922 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:13.995970964 CEST	49746	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:14.045067072 CEST	49746	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:14.045084000 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:14.045383930 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:14.062905073 CEST	49746	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:14.108500004 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:14.252582073 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:14.252688885 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:14.252749920 CEST	49746	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:14.254300117 CEST	49746	443	192.168.2.4	184.28.90.27
Sep 2, 2024 00:20:14.254322052 CEST	443	49746	184.28.90.27	192.168.2.4
Sep 2, 2024 00:20:21.656296015 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:21.656375885 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:20:21.658194065 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:22.098648071 CEST	49742	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:20:22.098669052 CEST	443	49742	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:11.152920961 CEST	49755	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:21:11.152966022 CEST	443	49755	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:11.153388023 CEST	49755	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:21:11.158230066 CEST	49755	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:21:11.158253908 CEST	443	49755	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:11.766136885 CEST	443	49755	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:11.766550064 CEST	49755	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:21:11.766563892 CEST	443	49755	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:11.766895056 CEST	443	49755	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:11.767363071 CEST	49755	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:21:11.767425060 CEST	443	49755	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:11.811079979 CEST	49755	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:21:15.795485020 CEST	49723	80	192.168.2.4	199.232.210.172
Sep 2, 2024 00:21:15.795557022 CEST	49724	80	192.168.2.4	199.232.210.172
Sep 2, 2024 00:21:15.800906897 CEST	80	49723	199.232.210.172	192.168.2.4
Sep 2, 2024 00:21:15.800928116 CEST	80	49724	199.232.210.172	192.168.2.4
Sep 2, 2024 00:21:15.800982952 CEST	49723	80	192.168.2.4	199.232.210.172
Sep 2, 2024 00:21:15.801011086 CEST	49724	80	192.168.2.4	199.232.210.172
Sep 2, 2024 00:21:21.676907063 CEST	443	49755	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:21.676973104 CEST	443	49755	142.250.186.164	192.168.2.4
Sep 2, 2024 00:21:21.677237034 CEST	49755	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:21:21.792924881 CEST	49755	443	192.168.2.4	142.250.186.164
Sep 2, 2024 00:21:21.792953014 CEST	443	49755	142.250.186.164	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 2, 2024 00:20:07.514265060 CEST	53	49224	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:07.564543962 CEST	53	61229	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:08.501053095 CEST	53	58527	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:08.831549883 CEST	62202	53	192.168.2.4	1.1.1.1
Sep 2, 2024 00:20:08.831721067 CEST	59009	53	192.168.2.4	1.1.1.1
Sep 2, 2024 00:20:09.163208961 CEST	53	62202	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:09.938246012 CEST	53	59009	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:10.390904903 CEST	53	59555	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:10.392750025 CEST	53	60168	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:10.785357952 CEST	58506	53	192.168.2.4	1.1.1.1
Sep 2, 2024 00:20:10.785664082 CEST	54762	53	192.168.2.4	1.1.1.1
Sep 2, 2024 00:20:10.796422958 CEST	53	54762	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:10.803739071 CEST	53	58506	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:10.806626081 CEST	61582	53	192.168.2.4	1.1.1.1
Sep 2, 2024 00:20:10.830599070 CEST	53	61582	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:11.101902962 CEST	50021	53	192.168.2.4	1.1.1.1
Sep 2, 2024 00:20:11.102310896 CEST	62488	53	192.168.2.4	1.1.1.1
Sep 2, 2024 00:20:11.111068010 CEST	53	50021	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:11.111864090 CEST	53	62488	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:25.552615881 CEST	53	63373	1.1.1.1	192.168.2.4
Sep 2, 2024 00:20:27.378647089 CEST	138	138	192.168.2.4	192.168.2.255
Sep 2, 2024 00:20:44.506948948 CEST	53	55565	1.1.1.1	192.168.2.4
Sep 2, 2024 00:21:06.835124016 CEST	53	58111	1.1.1.1	192.168.2.4
Sep 2, 2024 00:21:07.102217913 CEST	53	55920	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 2, 2024 00:20:09.938314915 CEST	192.168.2.4	1.1.1.1	c231	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 2, 2024 00:20:08.831549883 CEST	192.168.2.4	1.1.1.1	0x32fb	Standard query (0)	codes-connect.net	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:08.831721067 CEST	192.168.2.4	1.1.1.1	0xaf81	Standard query (0)	codes-connect.net	65	IN (0x0001)	false
Sep 2, 2024 00:20:10.785357952 CEST	192.168.2.4	1.1.1.1	0x48f7	Standard query (0)	web3diagnostic1.xyz	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:10.785664082 CEST	192.168.2.4	1.1.1.1	0x3411	Standard query (0)	web3diagnostic1.xyz	65	IN (0x0001)	false
Sep 2, 2024 00:20:10.806626081 CEST	192.168.2.4	1.1.1.1	0x9f99	Standard query (0)	web3diagnostic1.xyz	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:11.101902962 CEST	192.168.2.4	1.1.1.1	0xcd5d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:11.102310896 CEST	192.168.2.4	1.1.1.1	0x2bff	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 2, 2024 00:20:09.163208961 CEST	1.1.1.1	192.168.2.4	0x32fb	No error (0)	codes-connect.net		190.123.45.35	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:10.796422958 CEST	1.1.1.1	192.168.2.4	0x3411	Name error (3)	web3diagnostic1.xyz	none	none	65	IN (0x0001)	false
Sep 2, 2024 00:20:10.803739071 CEST	1.1.1.1	192.168.2.4	0x48f7	Name error (3)	web3diagnostic1.xyz	none	none	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:10.830599070 CEST	1.1.1.1	192.168.2.4	0x9f99	Name error (3)	web3diagnostic1.xyz	none	none	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:11.111068010 CEST	1.1.1.1	192.168.2.4	0xcd5d	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:11.111864090 CEST	1.1.1.1	192.168.2.4	0x2bff	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 2, 2024 00:20:22.667234898 CEST	1.1.1.1	192.168.2.4	0x95de	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 2, 2024 00:20:22.667234898 CEST	1.1.1.1	192.168.2.4	0x95de	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:36.324074984 CEST	1.1.1.1	192.168.2.4	0xab6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 2, 2024 00:20:36.324074984 CEST	1.1.1.1	192.168.2.4	0xab6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:20:59.599706888 CEST	1.1.1.1	192.168.2.4	0xa34e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 2, 2024 00:20:59.599706888 CEST	1.1.1.1	192.168.2.4	0xa34e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:21:20.132936001 CEST	1.1.1.1	192.168.2.4	0xb19d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 2, 2024 00:21:20.132936001 CEST	1.1.1.1	192.168.2.4	0xb19d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

codes-connect.net

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	190.123.45.35	443	2188	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:20:09 UTC	660	OUT	GET / HTTP/1.1 Host: codes-connect.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:20:10 UTC	350	IN	HTTP/1.1 302 Found location: /x0/ content-type: text/html; charset=UTF-8 content-length: 0 date: Sun, 01 Sep 2024 22:20:10 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	190.123.45.35	443	2188	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:20:10 UTC	663	OUT	GET /x0/ HTTP/1.1 Host: codes-connect.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:20:10 UTC	419	IN	HTTP/1.1 200 OK etag: "22bc-66cfc269-c89af;;;" last-modified: Thu, 29 Aug 2024 00:35:53 GMT content-type: text/html content-length: 8892 accept-ranges: bytes date: Sun, 01 Sep 2024 22:20:10 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" connection: close
2024-09-01 22:20:10 UTC	8892	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 Data Ascii: <!DOCTYPE html><html class="" lang="en"><head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	190.123.45.35	443	2188	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:20:11 UTC	574	OUT	GET /ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js HTTP/1.1 Host: codes-connect.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://codes-connect.net/x0/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:20:11 UTC	428	IN	HTTP/1.1 200 OK etag: "46744-66cfc26f-c89df;;;" last-modified: Thu, 29 Aug 2024 00:35:59 GMT content-type: text/javascript content-length: 288580 accept-ranges: bytes date: Sun, 01 Sep 2024 22:20:11 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" connection: close
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 2f 2a 21 0a 20 2a 20 6a 51 75 65 72 79 20 4a 61 76 61 53 63 72 69 70 74 20 4c 69 62 72 61 72 79 20 76 33 2e 36 2e 30 0a 20 2a 20 68 74 74 70 73 3a 2f 2f 6a 71 75 65 72 79 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 49 6e 63 6c 75 64 65 73 20 53 69 7a 7a 6c 65 2e 6a 73 0a 20 2a 20 68 74 74 70 73 3a 2f 2f 73 69 7a 7a 6c 65 6a 73 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0a 20 2a 20 68 74 74 70 73 3a 2f 2f 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 44 61 74 65 3a 20 32 30 32 31 2d 30 33 2d 30 Data Ascii: /! jQuery JavaScript Library v3.6.0 * https://jquery.com/ * * Includes Sizzle.js * https://sizzlejs.com/ * * Copyright OpenJS Foundation and other contributors * Released under the MIT license * https://jquery.org/license * * Date: 2021-03-0
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 20 57 65 20 75 73 65 20 74 68 69 73 20 66 6f 72 20 50 4f 53 20 6d 61 74 63 68 69 6e 67 20 69 6e 20 60 73 65 6c 65 63 74 60 0a 09 09 22 6e 65 65 64 73 43 6f 6e 74 65 78 74 22 3a 20 6e 65 77 20 52 65 67 45 78 70 28 20 22 5e 22 20 2b 20 77 68 69 74 65 73 70 61 63 65 20 2b 0a 09 09 09 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 20 2b 20 77 68 69 74 65 73 70 61 63 65 20 2b 0a 09 09 09 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 20 2b 20 77 68 69 74 65 73 70 61 63 65 20 2b 20 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 20 22 69 22 20 29 0a 09 7d 2c 0a 0a 09 72 68 74 6d 6c 20 3d 20 2f 48 54 4d 4c 24 2f 69 2c 0a 09 72 69 6e 70 75 74 73 Data Ascii: We use this for POS matching in `select`"needsContext": new RegExp( "^" + whitespace +"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$" + whitespace +"((?:-\\d)?\\d)" + whitespace + "\$\|)(?=[^-]\|$)", "i" )},rhtml = /HTML$/i,rinputs
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 65 74 75 72 6e 20 21 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 20 7c 7c 20 21 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 28 20 65 78 70 61 6e 64 6f 20 29 2e 6c 65 6e 67 74 68 3b 0a 09 7d 20 29 3b 0a 0a 09 2f 2f 20 49 44 20 66 69 6c 74 65 72 20 61 6e 64 20 66 69 6e 64 0a 09 69 66 20 28 20 73 75 70 70 6f 72 74 2e 67 65 74 42 79 49 64 20 29 20 7b 0a 09 09 45 78 70 72 2e 66 69 6c 74 65 72 5b 20 22 49 44 22 20 5d 20 3d 20 66 75 6e 63 74 69 6f 6e 28 20 69 64 20 29 20 7b 0a 09 09 09 76 61 72 20 61 74 74 72 49 64 20 3d 20 69 64 2e 72 65 70 6c 61 63 65 28 20 72 75 6e 65 73 63 61 70 65 2c 20 66 75 6e 65 73 63 61 70 65 20 29 3b 0a 09 09 09 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 20 65 6c Data Ascii: eturn !document.getElementsByName \|\| !document.getElementsByName( expando ).length;} );// ID filter and findif ( support.getById ) {Expr.filter[ "ID" ] = function( id ) {var attrId = id.replace( runescape, funescape );return function( el
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 2f 2f 20 4d 6f 76 65 20 74 68 65 20 67 69 76 65 6e 20 76 61 6c 75 65 20 74 6f 20 6d 61 74 63 68 5b 33 5d 20 77 68 65 74 68 65 72 20 71 75 6f 74 65 64 20 6f 72 20 75 6e 71 75 6f 74 65 64 0a 09 09 09 6d 61 74 63 68 5b 20 33 20 5d 20 3d 20 28 20 6d 61 74 63 68 5b 20 33 20 5d 20 7c 7c 20 6d 61 74 63 68 5b 20 34 20 5d 20 7c 7c 0a 09 09 09 09 6d 61 74 63 68 5b 20 35 20 5d 20 7c 7c 20 22 22 20 29 2e 72 65 70 6c 61 63 65 28 20 72 75 6e 65 73 63 61 70 65 2c 20 66 75 6e 65 73 63 61 70 65 20 29 3b 0a 0a 09 09 09 69 66 20 28 20 6d 61 74 63 68 5b 20 32 20 5d 20 3d 3d 3d 20 22 7e 3d 22 20 29 20 7b 0a 09 09 09 09 6d 61 74 63 68 5b 20 33 20 5d 20 3d 20 22 20 22 20 2b 20 6d 61 74 63 68 5b 20 33 20 5d 20 2b 20 22 20 22 3b 0a 09 09 09 7d 0a 0a 09 09 09 72 65 74 75 72 6e 20 Data Ascii: // Move the given value to match[3] whether quoted or unquotedmatch[ 3 ] = ( match[ 3 ] \|\| match[ 4 ] \|\|match[ 5 ] \|\| "" ).replace( runescape, funescape );if ( match[ 2 ] === "~=" ) {match[ 3 ] = " " + match[ 3 ] + " ";}return
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 09 09 09 09 74 79 70 65 3a 20 74 79 70 65 2c 0a 09 09 09 09 09 6d 61 74 63 68 65 73 3a 20 6d 61 74 63 68 0a 09 09 09 09 7d 20 29 3b 0a 09 09 09 09 73 6f 46 61 72 20 3d 20 73 6f 46 61 72 2e 73 6c 69 63 65 28 20 6d 61 74 63 68 65 64 2e 6c 65 6e 67 74 68 20 29 3b 0a 09 09 09 7d 0a 09 09 7d 0a 0a 09 09 69 66 20 28 20 21 6d 61 74 63 68 65 64 20 29 20 7b 0a 09 09 09 62 72 65 61 6b 3b 0a 09 09 7d 0a 09 7d 0a 0a 09 2f 2f 20 52 65 74 75 72 6e 20 74 68 65 20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 69 6e 76 61 6c 69 64 20 65 78 63 65 73 73 0a 09 2f 2f 20 69 66 20 77 65 27 72 65 20 6a 75 73 74 20 70 61 72 73 69 6e 67 0a 09 2f 2f 20 4f 74 68 65 72 77 69 73 65 2c 20 74 68 72 6f 77 20 61 6e 20 65 72 72 6f 72 20 6f 72 20 72 65 74 75 72 6e 20 74 6f 6b 65 6e 73 0a 09 72 Data Ascii: type: type,matches: match} );soFar = soFar.slice( matched.length );}}if ( !matched ) {break;}}// Return the length of the invalid excess// if we're just parsing// Otherwise, throw an error or return tokensr
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 74 75 72 6e 20 65 6c 65 6d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 20 6e 61 6d 65 2c 20 6e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 20 3d 3d 3d 20 22 74 79 70 65 22 20 3f 20 31 20 3a 20 32 20 29 3b 0a 09 09 7d 0a 09 7d 20 29 3b 0a 7d 0a 0a 2f 2f 20 53 75 70 70 6f 72 74 3a 20 49 45 3c 39 0a 2f 2f 20 55 73 65 20 64 65 66 61 75 6c 74 56 61 6c 75 65 20 69 6e 20 70 6c 61 63 65 20 6f 66 20 67 65 74 41 74 74 72 69 62 75 74 65 28 22 76 61 6c 75 65 22 29 0a 69 66 20 28 20 21 73 75 70 70 6f 72 74 2e 61 74 74 72 69 62 75 74 65 73 20 7c 7c 20 21 61 73 73 65 72 74 28 20 66 75 6e 63 74 69 6f 6e 28 20 65 6c 20 29 20 7b 0a 09 65 6c 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 22 3c 69 6e 70 75 74 2f 3e 22 3b 0a 09 65 6c 2e 66 69 72 73 74 43 68 69 6c 64 2e 73 65 74 Data Ascii: turn elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 );}} );}// Support: IE<9// Use defaultValue in place of getAttribute("value")if ( !support.attributes \|\| !assert( function( el ) {el.innerHTML = "<input/>";el.firstChild.set
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 09 09 6c 69 73 74 20 3d 20 6d 65 6d 6f 72 79 20 3d 20 22 22 3b 0a 09 09 09 09 7d 0a 09 09 09 09 72 65 74 75 72 6e 20 74 68 69 73 3b 0a 09 09 09 7d 2c 0a 09 09 09 6c 6f 63 6b 65 64 3a 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 09 09 09 09 72 65 74 75 72 6e 20 21 21 6c 6f 63 6b 65 64 3b 0a 09 09 09 7d 2c 0a 0a 09 09 09 2f 2f 20 43 61 6c 6c 20 61 6c 6c 20 63 61 6c 6c 62 61 63 6b 73 20 77 69 74 68 20 74 68 65 20 67 69 76 65 6e 20 63 6f 6e 74 65 78 74 20 61 6e 64 20 61 72 67 75 6d 65 6e 74 73 0a 09 09 09 66 69 72 65 57 69 74 68 3a 20 66 75 6e 63 74 69 6f 6e 28 20 63 6f 6e 74 65 78 74 2c 20 61 72 67 73 20 29 20 7b 0a 09 09 09 09 69 66 20 28 20 21 6c 6f 63 6b 65 64 20 29 20 7b 0a 09 09 09 09 09 61 72 67 73 20 3d 20 61 72 67 73 20 7c 7c 20 5b 5d 3b 0a 09 09 09 09 Data Ascii: list = memory = "";}return this;},locked: function() {return !!locked;},// Call all callbacks with the given context and argumentsfireWith: function( context, args ) {if ( !locked ) {args = args \|\| [];
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 6e 20 6d 6f 64 65 72 6e 20 62 72 6f 77 73 65 72 73 2c 0a 09 09 09 2f 2f 20 62 75 74 20 77 65 20 73 68 6f 75 6c 64 20 6e 6f 74 2c 20 73 65 65 20 23 38 33 33 35 2e 0a 09 09 09 2f 2f 20 41 6c 77 61 79 73 20 72 65 74 75 72 6e 20 61 6e 20 65 6d 70 74 79 20 6f 62 6a 65 63 74 2e 0a 09 09 09 69 66 20 28 20 61 63 63 65 70 74 44 61 74 61 28 20 6f 77 6e 65 72 20 29 20 29 20 7b 0a 0a 09 09 09 09 2f 2f 20 49 66 20 69 74 20 69 73 20 61 20 6e 6f 64 65 20 75 6e 6c 69 6b 65 6c 79 20 74 6f 20 62 65 20 73 74 72 69 6e 67 69 66 79 2d 65 64 20 6f 72 20 6c 6f 6f 70 65 64 20 6f 76 65 72 0a 09 09 09 09 2f 2f 20 75 73 65 20 70 6c 61 69 6e 20 61 73 73 69 67 6e 6d 65 6e 74 0a 09 09 09 09 69 66 20 28 20 6f 77 6e 65 72 2e 6e 6f 64 65 54 79 70 65 20 29 20 7b 0a 09 09 09 09 09 6f 77 6e Data Ascii: n modern browsers,// but we should not, see #8335.// Always return an empty object.if ( acceptData( owner ) ) {// If it is a node unlikely to be stringify-ed or looped over// use plain assignmentif ( owner.nodeType ) {own
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 6e 6c 79 0a 09 2f 2f 20 43 68 65 63 6b 20 73 74 61 74 65 20 6c 6f 73 74 20 69 66 20 74 68 65 20 6e 61 6d 65 20 69 73 20 73 65 74 20 28 23 31 31 32 31 37 29 0a 09 2f 2f 20 53 75 70 70 6f 72 74 3a 20 57 69 6e 64 6f 77 73 20 57 65 62 20 41 70 70 73 20 28 57 57 41 29 0a 09 2f 2f 20 60 6e 61 6d 65 60 20 61 6e 64 20 60 74 79 70 65 60 20 6d 75 73 74 20 75 73 65 20 2e 73 65 74 41 74 74 72 69 62 75 74 65 20 66 6f 72 20 57 57 41 20 28 23 31 34 39 30 31 29 0a 09 69 6e 70 75 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 20 22 74 79 70 65 22 2c 20 22 72 61 64 69 6f 22 20 29 3b 0a 09 69 6e 70 75 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 20 22 63 68 65 63 6b 65 64 22 2c 20 22 63 68 65 63 6b 65 64 22 20 29 3b 0a 09 69 6e 70 75 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 Data Ascii: nly// Check state lost if the name is set (#11217)// Support: Windows Web Apps (WWA)// `name` and `type` must use .setAttribute for WWA (#14901)input.setAttribute( "type", "radio" );input.setAttribute( "checked", "checked" );input.setAttribute
2024-09-01 22:20:11 UTC	16384	IN	Data Raw: 72 65 63 74 6c 79 2d 62 6f 75 6e 64 29 20 68 61 6e 64 6c 65 72 73 0a 09 09 63 75 72 20 3d 20 74 68 69 73 3b 0a 09 09 69 66 20 28 20 64 65 6c 65 67 61 74 65 43 6f 75 6e 74 20 3c 20 68 61 6e 64 6c 65 72 73 2e 6c 65 6e 67 74 68 20 29 20 7b 0a 09 09 09 68 61 6e 64 6c 65 72 51 75 65 75 65 2e 70 75 73 68 28 20 7b 20 65 6c 65 6d 3a 20 63 75 72 2c 20 68 61 6e 64 6c 65 72 73 3a 20 68 61 6e 64 6c 65 72 73 2e 73 6c 69 63 65 28 20 64 65 6c 65 67 61 74 65 43 6f 75 6e 74 20 29 20 7d 20 29 3b 0a 09 09 7d 0a 0a 09 09 72 65 74 75 72 6e 20 68 61 6e 64 6c 65 72 51 75 65 75 65 3b 0a 09 7d 2c 0a 0a 09 61 64 64 50 72 6f 70 3a 20 66 75 6e 63 74 69 6f 6e 28 20 6e 61 6d 65 2c 20 68 6f 6f 6b 20 29 20 7b 0a 09 09 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 20 Data Ascii: rectly-bound) handlerscur = this;if ( delegateCount < handlers.length ) {handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } );}return handlerQueue;},addProp: function( name, hook ) {Object.defineProperty(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:20:12 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-01 22:20:12 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=152728 Date: Sun, 01 Sep 2024 22:20:12 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	190.123.45.35	443	2188	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:20:13 UTC	593	OUT	GET /favicon.ico HTTP/1.1 Host: codes-connect.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://codes-connect.net/x0/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:20:13 UTC	389	IN	HTTP/1.1 404 Not Found content-type: text/html cache-control: private, no-cache, max-age=0 pragma: no-cache content-length: 1249 date: Sun, 01 Sep 2024 22:20:13 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" connection: close
2024-09-01 22:20:13 UTC	1249	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:20:14 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-01 22:20:14 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=152726 Date: Sun, 01 Sep 2024 22:20:14 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-01 22:20:14 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2000, Parent PID: 3568

General

Target ID:	0
Start time:	18:20:02
Start date:	01/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2188, Parent PID: 2000

General

Target ID:	2
Start time:	18:20:05
Start date:	01/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2488,i,693788804534267809,8532715652070118870,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6432, Parent PID: 3568

General

Target ID:	3
Start time:	18:20:08
Start date:	01/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://codes-connect.net/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: codes-connect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /x0/ HTTP/1.1Host: codes-connect.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js HTTP/1.1Host: codes-connect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://codes-connect.net/x0/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: codes-connect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://codes-connect.net/x0/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: codes-connect.net
Source: global traffic	DNS traffic detected: DNS query: web3diagnostic1.xyz
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: web3diagnostic1.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: web3diagnostic1.xyz
Source:	DNS query: web3diagnostic1.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://codes-connect.net/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2000, Parent PID: 3568

General

Chronological Activities

Analysis Process: chrome.exePID: 2188, Parent PID: 2000

General

Chronological Activities

Analysis Process: chrome.exePID: 6432, Parent PID: 3568

General

Chronological Activities

Windows Analysis Report
https://codes-connect.net/