Edit tour

Windows Analysis Report
http://t.co/Q3ZDSzUQDT

Overview

General Information

Sample URL:	http://t.co/Q3ZDSzUQDT
Analysis ID:	1538186
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1980,i,16187690316660696430,2340721681187228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t.co/Q3ZDSzUQDT" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49725 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /Q3ZDSzUQDT HTTP/1.1Host: t.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow
Source: global traffic	HTTP traffic detected: GET /Q3ZDSzUQDT HTTP/1.1Host: t.coConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Q3ZDSzUQDT HTTP/1.1Host: t.coConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow
Source: global traffic	HTTP traffic detected: GET /Q3ZDSzUQDT HTTP/1.1Host: t.coConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Q3ZDSzUQDT HTTP/1.1Host: t.coConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow
Source: global traffic	HTTP traffic detected: GET /Q3ZDSzUQDT HTTP/1.1Host: t.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49725 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@20/6@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1980,i,16187690316660696430,2340721681187228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t.co/Q3ZDSzUQDT"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1980,i,16187690316660696430,2340721681187228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
t.co	162.159.140.229	true	false		unknown
www.google.com	172.217.18.4	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://t.co/Q3ZDSzUQDT	false		unknown
http://t.co/Q3ZDSzUQDT	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.140.229	t.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
172.66.0.227	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538186
Start date and time:	2024-10-20 19:07:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://t.co/Q3ZDSzUQDT
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@20/6@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 66.102.1.84, 142.250.185.238, 87.248.205.0, 34.104.35.123
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://t.co/Q3ZDSzUQDT

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 16:07:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9890073809774695
Encrypted:	false
SSDEEP:	48:8x8daTm2aHjidAKZdA1FehwiZUklqeh0y+3:8rvyry
MD5:	15E4A413746FF75A4BA348C4FF0DB246
SHA1:	E989E0A48045FCBCF6F014E1D32F1F050FAD1D2B
SHA-256:	5091DE540A6450CBC012C19531C6A0A5073A9776225548614D47D0089B5FCE9E
SHA-512:	E5009B81955FF18231C45A24A96B8881903B2CF8F94A873B9A203A93D12D35C37A2C7EFF00F7738E75C285CAB386CBE08B3003A683C905D77890B1450AB9C6B6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....s.Q..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ITY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 16:07:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.000133148130151
Encrypted:	false
SSDEEP:	48:8L8daTm2aHjidAKZdA1seh/iZUkAQkqehby+2:8hvs9QKy
MD5:	2FA0CB088076F5079E460E746FBEFEAA
SHA1:	00E737FB293B259BD0562288CB10AD9F86846B40
SHA-256:	83130CC6FA2B1A7144AA4DC0EE53A93E52E570B8F10DB7491596CF985AB849AA
SHA-512:	A064E235F65C75E7D1B7647772546ABCD6AC11F738C39480C14C5183D4C54560E0CA847EF0F1FD5A226D21D717CFA8EB87F3F155C06F660B2C46497582ED009E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......F..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ITY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.010315621844867
Encrypted:	false
SSDEEP:	48:8Q8daTm2AHjidAKZdA14meh7sFiZUkmgqeh7sBy+BX:80vCn/y
MD5:	1320204EE4714CF9065644607AC82081
SHA1:	746F4645E2193B88270032C4C9100F6FD08EC738
SHA-256:	BFA4ACD4A0ABB3043733600212E063C68D5E5A41DF04A3E06DC1EA8673666ACC
SHA-512:	111A41613581BB1D5F21EC8ED96636D64497D71CE5DEAB50A58EC656A99F3992A5CED116D882B8B850D06BC622F2B4031A82D9CE53614ABCA254E04E42A411BE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ITY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 16:07:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.002592304727234
Encrypted:	false
SSDEEP:	48:8T8daTm2aHjidAKZdA1TehDiZUkwqehny+R:8Jvnpy
MD5:	8E21723B168F26562AA191916EDC0250
SHA1:	2D396D1BEF122BD12BA6DB50EE4D601A45C50151
SHA-256:	EA5F46F9373422A75046AA69D2099FDCCFA3B4B1D54CE0C2F8086F1DC75B8514
SHA-512:	A8A420B64A2AEA96E093A415106C4959E49D9B1A275D1B8435832F0A7CB38026A795B9AB3DABFC491FAA840524F359F16A7902395A662B187C60FA165CE7E38E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......>..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ITY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 16:07:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9912176628972684
Encrypted:	false
SSDEEP:	48:8M8daTm2aHjidAKZdA1dehBiZUk1W1qehVy+C:8wv391y
MD5:	50197D9B42600EEB5A0823A7C1C7D77D
SHA1:	6E9FA7B32B47F8DDB182195D021A76191BBDF3CA
SHA-256:	A3AEBC00B9A82A45FC3A2BDFA8E6B574913770D86E6065E7A46DBBA5545A4322
SHA-512:	6F6C5AA4531C5BEE63351487F60F936A2DFB9B330BF784B8E1139153376729B513CA0EC48AC5A17A1BDD0A5DFB9F21B1A2FBB0781E92833F4B02EF52D6CF0003
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....<BL..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ITY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 16:07:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9971981147210864
Encrypted:	false
SSDEEP:	48:818daTm2aHjidAKZdA1duTeehOuTbbiZUk5OjqehOuTb/y+yT+:8Pv7TfTbxWOvTb/y7T
MD5:	44B4CB20D08F94D8FABEB4085D2913D2
SHA1:	C0FDA9520015E0354042425FAE42AA46DA5AA658
SHA-256:	9057D3AD7A8CA9AF54488C25CD308FC9D3EEA333736A7662E903AB67D10D8433
SHA-512:	475F386EEE385A92A2157797D4AE20C3BF5ADD304432D79302735AD289B4BED23D47F3788BE0F731DF8FFE46056C9450D6882CEC9DFD25F5CABE1283B9F64C43
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....@I6..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ITY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 19:07:50.979479074 CEST	49699	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:07:50.979940891 CEST	49700	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:07:50.986565113 CEST	80	49699	162.159.140.229	192.168.2.16
Oct 20, 2024 19:07:50.986578941 CEST	80	49700	162.159.140.229	192.168.2.16
Oct 20, 2024 19:07:50.986649036 CEST	49699	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:07:50.986675024 CEST	49700	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:07:50.986892939 CEST	49699	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:07:50.991766930 CEST	80	49699	162.159.140.229	192.168.2.16
Oct 20, 2024 19:07:51.935635090 CEST	80	49699	162.159.140.229	192.168.2.16
Oct 20, 2024 19:07:51.945945024 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:51.946000099 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:51.946089983 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:51.946286917 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:51.946321011 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:51.981857061 CEST	49699	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:07:52.430298090 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 20, 2024 19:07:52.731496096 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 20, 2024 19:07:53.337886095 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 20, 2024 19:07:54.534761906 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:07:54.534800053 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:07:54.534899950 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:07:54.535154104 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:07:54.535171032 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:07:54.545887947 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 20, 2024 19:07:54.849989891 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:54.850403070 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:54.850477934 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:54.851457119 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:54.851538897 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:54.852724075 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:54.852794886 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:54.852916956 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:54.852935076 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:54.896846056 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:55.140748978 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:55.140825987 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:55.140894890 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:55.141321898 CEST	49701	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:55.141341925 CEST	443	49701	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:55.948565006 CEST	49689	80	192.168.2.16	192.229.211.108
Oct 20, 2024 19:07:56.177736998 CEST	49708	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:56.177791119 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:56.177881002 CEST	49708	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:56.178215027 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:56.178246975 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:56.178540945 CEST	49708	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:56.178560019 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:56.178580046 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:56.178778887 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:56.178792000 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:56.666220903 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:07:56.666495085 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:07:56.666517019 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:07:56.668185949 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:07:56.668265104 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:07:56.669269085 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:07:56.669351101 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:07:56.713938951 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:07:56.713952065 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:07:56.761861086 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:07:56.953980923 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 20, 2024 19:07:57.425085068 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.425497055 CEST	49708	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:57.425582886 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.425601006 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.425823927 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:57.425844908 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.425945997 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.426250935 CEST	49708	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:57.426302910 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.426317930 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.426462889 CEST	49708	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:57.426644087 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:57.426728964 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.471400976 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:57.480902910 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:58.149576902 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:58.149653912 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:58.149760008 CEST	49708	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:58.150105000 CEST	49708	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:07:58.150130987 CEST	443	49708	172.66.0.227	192.168.2.16
Oct 20, 2024 19:07:58.978518009 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:07:58.978559971 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:07:58.978638887 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:07:58.980638981 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:07:58.980658054 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.099555969 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.099631071 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.103868008 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.103878021 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.104103088 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.140014887 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.187411070 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.454127073 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.454199076 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.454309940 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.454430103 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.454451084 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.454461098 CEST	49712	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.454467058 CEST	443	49712	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.496073961 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.496155024 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.498116016 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.498502016 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:00.498526096 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:00.508029938 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:00.508112907 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:00.508239031 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:00.509282112 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:00.509316921 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:00.603317022 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 20, 2024 19:08:00.906874895 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 20, 2024 19:08:01.512917995 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 20, 2024 19:08:01.560115099 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:01.560235977 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:01.562901020 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:01.562935114 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:01.563621998 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:01.571932077 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:01.572048903 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:01.573584080 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:01.573597908 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:01.573834896 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:01.574806929 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:01.607901096 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:01.619406939 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:01.629482031 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:01.675400972 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:01.764936924 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 20, 2024 19:08:02.724917889 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 20, 2024 19:08:02.903070927 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:02.903120041 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:02.903194904 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:02.903310061 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:02.903326035 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:02.903426886 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:02.903500080 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:02.903580904 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:02.904202938 CEST	49714	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:02.904239893 CEST	443	49714	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:02.938419104 CEST	49715	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:02.938452959 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:02.938570976 CEST	49715	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:02.938914061 CEST	49715	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:02.938929081 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:02.951589108 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:02.951631069 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:02.951818943 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:02.952053070 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:02.952065945 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:03.162806034 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:03.163377047 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:03.163484097 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:03.163584948 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:03.163949966 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:03.163975954 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:03.207402945 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:03.534065008 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:03.534214020 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:03.534292936 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:03.534327984 CEST	49709	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:03.534347057 CEST	443	49709	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.363811970 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.364198923 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:04.364264011 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.364751101 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.365067005 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:04.365160942 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.365211010 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:04.372731924 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:04.372826099 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.374023914 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.374032974 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:04.374265909 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:04.375416040 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.411403894 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.415898085 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:04.419450045 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:04.443717957 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.443794966 CEST	49715	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:04.445055962 CEST	49715	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:04.445066929 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.445300102 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.446659088 CEST	49715	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:04.491405010 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.662806988 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.662883997 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.662946939 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:04.663274050 CEST	49717	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:04.663319111 CEST	443	49717	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:04.686789989 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:04.686845064 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:04.686965942 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.686965942 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.731189013 CEST	49718	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.731228113 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:04.731376886 CEST	49718	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.731601000 CEST	49718	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.731607914 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:04.791908026 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.791968107 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.792041063 CEST	49715	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:04.792109966 CEST	49715	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:04.792124987 CEST	443	49715	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.842662096 CEST	49719	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:04.842767000 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.842894077 CEST	49719	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:04.843218088 CEST	49719	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:04.843249083 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:04.991024017 CEST	49716	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:04.991058111 CEST	443	49716	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:05.071326971 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 20, 2024 19:08:05.135127068 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 20, 2024 19:08:05.374058962 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 20, 2024 19:08:05.838161945 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:05.839545012 CEST	49718	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:05.839545012 CEST	49718	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:05.839570999 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:05.839905977 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:05.841141939 CEST	49718	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:05.853642941 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:05.854990005 CEST	49719	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:05.854990005 CEST	49719	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:05.855060101 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:05.855314970 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:05.856913090 CEST	49719	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:05.887404919 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:05.899445057 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:05.981029034 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 20, 2024 19:08:06.161634922 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:06.161751032 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:06.161813974 CEST	49718	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:06.161962032 CEST	49718	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:06.161976099 CEST	443	49718	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:06.196207047 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:06.196255922 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:06.196322918 CEST	49719	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:06.196382999 CEST	49719	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:06.196419001 CEST	443	49719	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:06.205764055 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:06.205826998 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:06.205934048 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:06.206265926 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:06.206295967 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:06.236032009 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:06.236056089 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:06.236150026 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:06.236480951 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:06.236495018 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:06.729746103 CEST	80	49700	162.159.140.229	192.168.2.16
Oct 20, 2024 19:08:06.729861975 CEST	49700	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:08:06.730042934 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:08:06.730209112 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:08:06.730272055 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:08:07.192018032 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 20, 2024 19:08:07.291574955 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:07.291778088 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:07.292848110 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:07.292867899 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:07.293114901 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:07.294157028 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:07.335407019 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:07.977562904 CEST	49706	443	192.168.2.16	172.217.18.4
Oct 20, 2024 19:08:07.977564096 CEST	49700	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:08:07.977586985 CEST	443	49706	172.217.18.4	192.168.2.16
Oct 20, 2024 19:08:08.279953957 CEST	49700	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:08:08.391443014 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:08.391582012 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:08.391710997 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:08.391710997 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 20, 2024 19:08:08.391777039 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 20, 2024 19:08:08.395584106 CEST	80	49700	162.159.140.229	192.168.2.16
Oct 20, 2024 19:08:08.395606041 CEST	80	49700	162.159.140.229	192.168.2.16
Oct 20, 2024 19:08:08.395669937 CEST	49700	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:08:08.810522079 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:08.810755014 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:08.811974049 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:08.811985970 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:08.812382936 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:08.813415051 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:08.855412006 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:09.309885025 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:09.310024023 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:09.310199976 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:09.310199976 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:09.360526085 CEST	49722	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:09.360577106 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:09.360667944 CEST	49722	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:09.361013889 CEST	49722	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:09.361027002 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:09.606957912 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 20, 2024 19:08:09.622916937 CEST	49721	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:09.622950077 CEST	443	49721	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:09.942924976 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 20, 2024 19:08:11.075546980 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:11.075726032 CEST	49722	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:11.076797009 CEST	49722	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:11.076807976 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:11.077029943 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:11.077970028 CEST	49722	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:11.119446993 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:11.364974022 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 20, 2024 19:08:11.947792053 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:11.947858095 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:11.947918892 CEST	49722	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:11.947973013 CEST	49722	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:11.947993040 CEST	443	49722	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:11.990333080 CEST	49723	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:11.990396976 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:11.990478039 CEST	49723	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:11.990854979 CEST	49723	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:11.990873098 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:12.997241020 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:12.997339010 CEST	49723	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:12.998583078 CEST	49723	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:12.998594999 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:12.998821974 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:13.000046968 CEST	49723	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:13.043427944 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:13.336960077 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:13.337019920 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:13.337080002 CEST	49723	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:13.337162018 CEST	49723	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:13.337182045 CEST	443	49723	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:13.386807919 CEST	49724	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:13.386857033 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:13.386950970 CEST	49724	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:13.387264967 CEST	49724	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:13.387276888 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.415986061 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 20, 2024 19:08:14.417972088 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.418098927 CEST	49724	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:14.419461966 CEST	49724	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:14.419471979 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.419720888 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.421014071 CEST	49724	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:14.463445902 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.784892082 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.784946918 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.785034895 CEST	49724	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:14.785072088 CEST	49724	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:14.785089970 CEST	443	49724	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.829329967 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:14.829363108 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:14.829444885 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:14.829894066 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:14.829910040 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:15.844146013 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:15.844238043 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:15.845592022 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:15.845599890 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:15.845854044 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:15.846873045 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:15.887434959 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:16.178320885 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:16.178373098 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:16.178533077 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:16.178533077 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:16.488075972 CEST	49725	443	192.168.2.16	172.202.163.200
Oct 20, 2024 19:08:16.488111019 CEST	443	49725	172.202.163.200	192.168.2.16
Oct 20, 2024 19:08:19.557085037 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 20, 2024 19:08:24.016146898 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 20, 2024 19:08:34.684892893 CEST	49726	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:34.684943914 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:34.685055971 CEST	49726	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:34.685233116 CEST	49727	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:34.685338974 CEST	443	49727	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:34.685410976 CEST	49727	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:34.685476065 CEST	49726	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:34.685487986 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:34.685673952 CEST	49727	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:34.685713053 CEST	443	49727	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.460999012 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.461357117 CEST	49726	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:35.461380005 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.461879969 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.462275028 CEST	49726	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:35.462357998 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.462460995 CEST	49726	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:35.507412910 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.715204954 CEST	443	49727	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.715548992 CEST	49727	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:35.715626001 CEST	443	49727	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.716764927 CEST	443	49727	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.717118025 CEST	49727	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:35.717309952 CEST	443	49727	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.730690956 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.730788946 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.730854034 CEST	49726	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:35.731060028 CEST	49726	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:35.731076956 CEST	443	49726	172.66.0.227	192.168.2.16
Oct 20, 2024 19:08:35.764091015 CEST	49727	443	192.168.2.16	172.66.0.227
Oct 20, 2024 19:08:36.941180944 CEST	49699	80	192.168.2.16	162.159.140.229
Oct 20, 2024 19:08:36.946093082 CEST	80	49699	162.159.140.229	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 19:07:49.698267937 CEST	53	50444	1.1.1.1	192.168.2.16
Oct 20, 2024 19:07:49.770555973 CEST	53	63822	1.1.1.1	192.168.2.16
Oct 20, 2024 19:07:50.600708961 CEST	54175	53	192.168.2.16	1.1.1.1
Oct 20, 2024 19:07:50.600967884 CEST	53728	53	192.168.2.16	1.1.1.1
Oct 20, 2024 19:07:50.978532076 CEST	53	54175	1.1.1.1	192.168.2.16
Oct 20, 2024 19:07:50.978549957 CEST	53	53728	1.1.1.1	192.168.2.16
Oct 20, 2024 19:07:51.938496113 CEST	57698	53	192.168.2.16	1.1.1.1
Oct 20, 2024 19:07:51.938652039 CEST	58145	53	192.168.2.16	1.1.1.1
Oct 20, 2024 19:07:51.945377111 CEST	53	58145	1.1.1.1	192.168.2.16
Oct 20, 2024 19:07:51.945547104 CEST	53	57698	1.1.1.1	192.168.2.16
Oct 20, 2024 19:07:54.526226044 CEST	62138	53	192.168.2.16	1.1.1.1
Oct 20, 2024 19:07:54.526395082 CEST	58521	53	192.168.2.16	1.1.1.1
Oct 20, 2024 19:07:54.533484936 CEST	53	62138	1.1.1.1	192.168.2.16
Oct 20, 2024 19:07:54.533853054 CEST	53	58521	1.1.1.1	192.168.2.16
Oct 20, 2024 19:07:56.893913984 CEST	53	63735	1.1.1.1	192.168.2.16
Oct 20, 2024 19:08:13.898303032 CEST	53	54528	1.1.1.1	192.168.2.16
Oct 20, 2024 19:08:32.690140009 CEST	53	52306	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 20, 2024 19:07:50.600708961 CEST	192.168.2.16	1.1.1.1	0xa52d	Standard query (0)	t.co	A (IP address)	IN (0x0001)	false
Oct 20, 2024 19:07:50.600967884 CEST	192.168.2.16	1.1.1.1	0x7605	Standard query (0)	t.co	65	IN (0x0001)	false
Oct 20, 2024 19:07:51.938496113 CEST	192.168.2.16	1.1.1.1	0x14ba	Standard query (0)	t.co	A (IP address)	IN (0x0001)	false
Oct 20, 2024 19:07:51.938652039 CEST	192.168.2.16	1.1.1.1	0xa76d	Standard query (0)	t.co	65	IN (0x0001)	false
Oct 20, 2024 19:07:54.526226044 CEST	192.168.2.16	1.1.1.1	0x2478	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 20, 2024 19:07:54.526395082 CEST	192.168.2.16	1.1.1.1	0xee1e	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 20, 2024 19:07:50.978532076 CEST	1.1.1.1	192.168.2.16	0xa52d	No error (0)	t.co	162.159.140.229	A (IP address)	IN (0x0001)	false
Oct 20, 2024 19:07:51.945547104 CEST	1.1.1.1	192.168.2.16	0x14ba	No error (0)	t.co	172.66.0.227	A (IP address)	IN (0x0001)	false
Oct 20, 2024 19:07:54.533484936 CEST	1.1.1.1	192.168.2.16	0x2478	No error (0)	www.google.com	172.217.18.4	A (IP address)	IN (0x0001)	false
Oct 20, 2024 19:07:54.533853054 CEST	1.1.1.1	192.168.2.16	0xee1e	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

t.co

fs.microsoft.com

slscr.update.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49699	162.159.140.229	80	6748	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 20, 2024 19:07:50.986892939 CEST	429	OUT	GET /Q3ZDSzUQDT HTTP/1.1 Host: t.co Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 20, 2024 19:07:51.935635090 CEST	676	IN	HTTP/1.1 301 Moved Permanently Date: Sun, 20 Oct 2024 17:07:51 GMT Content-Length: 0 Connection: keep-alive perf: 7402827104 location: https://t.co/Q3ZDSzUQDT cache-control: no-cache, no-store, max-age=0 x-transaction-id: 25e2bda0e8721723 x-response-time: 1 x-connection-hash: 6b1fa9776b7f25395d7f071d81fc5ee8f5f18baf45a6743ee917600eb556f8cc CF-Cache-Status: DYNAMIC Set-Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow; path=/; expires=Sun, 20-Oct-24 17:37:51 GMT; domain=.t.co; HttpOnly Server: cloudflare tsa_b CF-RAY: 8d5a9b47fc2e7bd4-LAX
Oct 20, 2024 19:08:36.941180944 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49701	172.66.0.227	443	6748	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:07:54 UTC	824	OUT	GET /Q3ZDSzUQDT HTTP/1.1 Host: t.co Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49708	172.66.0.227	443	6748	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:07:57 UTC	850	OUT	GET /Q3ZDSzUQDT HTTP/1.1 Host: t.co Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49712	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:00 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-20 17:08:00 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=85016 Date: Sun, 20 Oct 2024 17:08:00 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49713	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:01 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49714	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:01 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49709	172.66.0.227	443	6748	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:03 UTC	850	OUT	GET /Q3ZDSzUQDT HTTP/1.1 Host: t.co Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49717	172.66.0.227	443	6748	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:04 UTC	850	OUT	GET /Q3ZDSzUQDT HTTP/1.1 Host: t.co Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:04 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49715	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:04 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49718	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:05 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49719	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:05 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49720	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:07 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49721	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:08 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.16	49722	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:11 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.16	49723	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:12 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.16	49724	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:14 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.16	49725	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:15 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cl2ek3nrv+vNvTA&MD=ArUkyp5A HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.16	49726	172.66.0.227	443	6748	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 17:08:35 UTC	850	OUT	GET /Q3ZDSzUQDT HTTP/1.1 Host: t.co Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=ico3s8EjPWzi1c6H316kKiXMQ8ENEA_kO66SS.8yKv0-1729444071-1.0.1.1-yawEBz_bA_IWhY7KM7X65hVp515_JKbSTvimFTnxhoYgACmzP7QAtIHwdbXzjmrmsukd_Md0FNT2AGnzQ5Glow

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5748, Parent PID: 4720

General

Target ID:	0
Start time:	13:07:47
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6748, Parent PID: 5748

General

Target ID:	1
Start time:	13:07:48
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1980,i,16187690316660696430,2340721681187228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6376, Parent PID: 4720

General

Target ID:	2
Start time:	13:07:49
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t.co/Q3ZDSzUQDT"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://t.co/Q3ZDSzUQDT

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5748, Parent PID: 4720

General

Chronological Activities

Analysis Process: chrome.exePID: 6748, Parent PID: 5748

General

Chronological Activities

Analysis Process: chrome.exePID: 6376, Parent PID: 4720

General

Chronological Activities

Windows Analysis Report
http://t.co/Q3ZDSzUQDT