Edit tour

Windows Analysis Report
https://dansseda.net/.wp/

Overview

General Information

Sample URL:	https://dansseda.net/.wp/
Analysis ID:	1544125
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3764 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1924,i,4318523860277121523,314623669857902668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dansseda.net/.wp/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://dansseda.net/.wp/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:50732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:50733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.158:443 -> 192.168.2.18:50734 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.158
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /.wp/ HTTP/1.1Host: dansseda.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dansseda.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dansseda.net/.wp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=z6RVOkPOYDsHzvd&MD=fZez6us4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=z6RVOkPOYDsHzvd&MD=fZez6us4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZD6%2BsjpH3z0SA66otNCRtSK5CRsmk8E1lCrBQ1JkDZadph/5XdmfMbB3887fuyOyyaCCyo1VrZKGCMoE0aHcNhxw/Hrj6XDZ/k4igdMvKpDXxlZCmRmTWMYYAU2Ql9mYFmRczccKJY9lERyzPu/cPpAhFWlHoROy7bX%2BHbYCkWX7bv1ELdkngdRMphPguIFXwFZGMAL6nV30d/yHyy2m%2BCuc7pSXuSuIlGWJM%2B2mMhv3nOQ8m9fsb8s9kTOxlpBjRdq1JPlJ9ivIXy1g/QP%2BytYx9Lr22Xij1dEFavV6jUrhH3XcjMXc/QBJfzFHZcVlfQ5sXTcLaX2A/HcRXh/85sQZgAAEMVAikMkHxxpXU7MTVNYtyqwAVmuerBnIdCzF7t%2BEoay3SbAC6DFkk14MMXZsVhL1%2BcWZ0eOEXpRzaQrFOs%2Bj17DtGdRdgyMAszSZrHmFXjbzZ4uEA2kBrtQzjJgJJtwb%2BANueZaAhxY9pds37fTX9d%2BsKGstBGDFBPcbl%2BUDdeKsihllIOnK4zrviIbCkFtFZlYaDe16VjJJI17Urh/I/wxa2JvRhbrzux5BzLh6KKw9OCmKayzWl%2BBZos%2BO4hUPXMiWZpcP4TwMoVlwPVpl/qRMUFbjyBdb5kzWeaLd7xeAAktzvqqYyQdkWpEkqhk4L4mx%2BmRwqOImwE/Mw3WdJIDWweqEPkOutE4A9DRqh7s8UuDQhjxWORCq4P/jjeJanG9eWpPGBcRrvesywgFwjwxKqYdDW4vYvwvjsLa352vE3e14wEqnoU4pnf%2B3f2I6euyOWZhmvkyK7N4UYLQKeitrAPN1fGkMVhu2KDba%2BMzzhwYsrBFPZavm1XBgL6i9w8hu28KBzXaTDIkuePSKn4EP4ZhRGPEZ1A77gjq2VCUnXyS9u%2BjL4O9e7SiLc6uJrGpE/mI/WdGF1C8qYg089pFYdoB%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1730147746User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 5B42FA2790EE4F588EE166A314242BD3X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C

Source: global traffic	DNS traffic detected: DNS query: dansseda.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Oct 2024 20:35:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Oct 2024 20:35:05 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50732
Source: unknown	Network traffic detected: HTTP traffic on port 50720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50736
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50731
Source: unknown	Network traffic detected: HTTP traffic on port 50728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50719
Source: unknown	Network traffic detected: HTTP traffic on port 50733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 50727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50720
Source: unknown	Network traffic detected: HTTP traffic on port 50732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50736 -> 443

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:50732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:50733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.158:443 -> 192.168.2.18:50734 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/10@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1924,i,4318523860277121523,314623669857902668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dansseda.net/.wp/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1924,i,4318523860277121523,314623669857902668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dansseda.net	50.6.194.42	true	false		unknown
www.google.com	142.250.185.164	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dansseda.net/favicon.ico	false		unknown
https://dansseda.net/.wp/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
50.6.194.42	dansseda.net	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544125
Start date and time:	2024-10-28 21:34:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://dansseda.net/.wp/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/10@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 216.58.212.174, 64.233.184.84, 34.104.35.123, 142.250.186.163
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://dansseda.net/.wp/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:35:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9662574401853394
Encrypted:	false
SSDEEP:	48:8H9CWdFT5n27HPidAKZdA1rehwiZUklqeh2y+3:8H9lVn2fZy
MD5:	B39CD229B3085CA602F87C84D456384A
SHA1:	2A54639B749837A052264408BFC9CF4EBC7029CF
SHA-256:	A51CE7213438CA16025EDE0B0CBABD8F45679DFD4E4C5E24ACE3B236B001A3CF
SHA-512:	D29BA848CF57B67E3EE8E0CBA5BD3FDEC3A132369910563335FF17EB06FC17396263121C9CBB8FC47BC9197EB52E379FBBE715E50E6FF320E0948E0BD74C170D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....&6..x)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I\YT.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Ya.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V\Ya.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V\Ya............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Yc......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:35:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.980758512543956
Encrypted:	false
SSDEEP:	48:8WCWdFT5n27HPidAKZdA1ceh/iZUkAQkqehJy+2:8WlVn2L9Q0y
MD5:	8B4A01B182B3C035EE432B4DB36EA0C3
SHA1:	55AD6137C298C9C585284D5AAFCA46653033701A
SHA-256:	EE838F8EE2D9F4C4765C0E24E38578547175F20B786A006236586A29345E54B5
SHA-512:	99F32E98AF049D5BFCC8EC56BB83A58835C7496B61A6A4821D46364B2957051198E904F95A171DC0882AAD27B54D4B267BFA02FFA8936CE14730F1F67ACF4848
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....2...x)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I\YT.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Ya.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V\Ya.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V\Ya............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Yc......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	3.9937211347672035
Encrypted:	false
SSDEEP:	48:8XRCWdFT5n2SHPidAKZdA14Aeh7sFiZUkmgqeh7sny+BX:8hlVn2+nVy
MD5:	D42A770BAD1030EB57D35B0B7388935D
SHA1:	5945982ECB40DAC1FFEB7E8A6FEB9D377DD3E288
SHA-256:	D52AC4CD99E1641A7505D62C3714D158285E9C9AEF56E95D47FF529AA11F4083
SHA-512:	691624F7496EF0FAF4FF72809244FAF55A2A9D985821A84327CE0927F365D586096B906A907C92195F00A65995350EC69F9C11B7FC7669D07077BBB3A4152ECD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I\YT.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Ya.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V\Ya.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V\Ya............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:35:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9788607291766738
Encrypted:	false
SSDEEP:	48:8G9CWdFT5n27HPidAKZdA1JehDiZUkwqeh9y+R:8G9lVn22vy
MD5:	E09AA15310421AE727505D6AF243EA8A
SHA1:	9998BF8CB30AC76798460848B0568EDD92F090CB
SHA-256:	723DE5B2CF6D69CA4B664BEB59F6193987B53415C4A762007E0A7EF50E0000E2
SHA-512:	449D5CAC2C988B6975BD35BB5B2A18A121A4D0A59050C7E462CCB659B06CB08773D16320997363AA3C156B32AF7CBF8057B9F36E6E6FF9D84DD1DBA3B6225A1B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....-...x)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I\YT.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Ya.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V\Ya.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V\Ya............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Yc......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:35:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.96998544177605
Encrypted:	false
SSDEEP:	48:8aCWdFT5n27HPidAKZdA1XehBiZUk1W1qehjy+C:8alVn2m9Dy
MD5:	91C5FB70C14054A881678F1F8098CC6A
SHA1:	BA7A97C9AF6C6DA64A09AE61BE190BE78D863939
SHA-256:	39AFA5BB2D01AEBCFE9797A827A260212EDA9F9EC9104E4ECE9A4D8F5F1B1F3B
SHA-512:	73F812F09E25BAE1133F95F570B5A73253B8E2005A014BF1A37BF03AE94D4B4450F01113F1BB19CB8747BAD7D69FDE2776B94166208C2B71342EB607FEDE4EEA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........x)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I\YT.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Ya.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V\Ya.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V\Ya............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Yc......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:35:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.977984790723749
Encrypted:	false
SSDEEP:	48:8kCWdFT5n27HPidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbVy+yT+:8klVn2qT/TbxWOvTbVy7T
MD5:	DABF4D1F9DB307CFBF1112A3C78A2813
SHA1:	D418938AF4C3969F62B87A92A8167F76E77F9C5E
SHA-256:	10430C4E8DB7E633F9008CC250955AC2C4D16A1ADA917DBC162037D13721E4D6
SHA-512:	11A60C5DDE88BBA11C6B7A1AD2648C6E705A975CF3C4E0B865D7B5D460DABCC96D00BCEAF13DF8F9B2B37135A399BEEB7936FB7A6C549DA516B479434CF8371D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....A...x)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I\YT.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Ya.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V\Ya.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V\Ya............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Yc......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://dansseda.net/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://dansseda.net/.wp/
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 21:34:59.593139887 CET	49673	443	192.168.2.18	204.79.197.203
Oct 28, 2024 21:35:02.196799040 CET	49679	443	192.168.2.18	52.182.141.63
Oct 28, 2024 21:35:02.497966051 CET	49679	443	192.168.2.18	52.182.141.63
Oct 28, 2024 21:35:03.102005959 CET	49679	443	192.168.2.18	52.182.141.63
Oct 28, 2024 21:35:03.945360899 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:03.945415020 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:03.945470095 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:03.945796967 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:03.945815086 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:03.946454048 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:03.946495056 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:03.946563005 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:03.946851969 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:03.946863890 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.312983036 CET	49679	443	192.168.2.18	52.182.141.63
Oct 28, 2024 21:35:04.393052101 CET	49673	443	192.168.2.18	204.79.197.203
Oct 28, 2024 21:35:04.602576971 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.602894068 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.602929115 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.604027987 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.604113102 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.605053902 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.605120897 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.605221987 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.605232000 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.608983994 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.609261036 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.609277010 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.610913992 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.610986948 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.611932039 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.612020969 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.647912979 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.663903952 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.663922071 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.711899042 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.744648933 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.744761944 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.744810104 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.745476961 CET	50727	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.745502949 CET	443	50727	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:04.934952021 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:04.975338936 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:05.079705954 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:05.079833031 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:05.079902887 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:05.080637932 CET	50728	443	192.168.2.18	50.6.194.42
Oct 28, 2024 21:35:05.080662012 CET	443	50728	50.6.194.42	192.168.2.18
Oct 28, 2024 21:35:06.714939117 CET	49679	443	192.168.2.18	52.182.141.63
Oct 28, 2024 21:35:08.028461933 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:08.028506994 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:08.028588057 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:08.028817892 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:08.028830051 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:08.338521004 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:08.338593960 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:08.338692904 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:08.340459108 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:08.340476990 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:08.912206888 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:08.912489891 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:08.912513018 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:08.913949013 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:08.914021969 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:08.915186882 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:08.915277004 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:08.959907055 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:08.959924936 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:09.007924080 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:09.114077091 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.114197969 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.122236967 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.122268915 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.122618914 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.167897940 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.190593004 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.231334925 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.454431057 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.454490900 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.454511881 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.454552889 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.454587936 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.454632044 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.454687119 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.454689026 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.454689026 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.454710007 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.454757929 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.454803944 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.454835892 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.456649065 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.456722021 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.467955112 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.467998981 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:09.468025923 CET	50732	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:09.468060017 CET	443	50732	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:11.529062033 CET	49679	443	192.168.2.18	52.182.141.63
Oct 28, 2024 21:35:13.996058941 CET	49673	443	192.168.2.18	204.79.197.203
Oct 28, 2024 21:35:18.921879053 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:18.921971083 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:18.922063112 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:19.474606037 CET	50731	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:35:19.474636078 CET	443	50731	142.250.185.164	192.168.2.18
Oct 28, 2024 21:35:21.134943962 CET	49679	443	192.168.2.18	52.182.141.63
Oct 28, 2024 21:35:46.069220066 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:46.069257975 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:46.069379091 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:46.069854021 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:46.069865942 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:46.888493061 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:46.888587952 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:46.892657995 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:46.892668962 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:46.893116951 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:46.894638062 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:46.935375929 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.150388002 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.150476933 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.150520086 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.150607109 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:47.150626898 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.150717020 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:47.151626110 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:47.152271986 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.152359009 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:47.152357101 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.152401924 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.152424097 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:47.152528048 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.152589083 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:47.154552937 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:47.154572010 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.154597998 CET	50733	443	192.168.2.18	20.109.210.53
Oct 28, 2024 21:35:47.154603004 CET	443	50733	20.109.210.53	192.168.2.18
Oct 28, 2024 21:35:47.745148897 CET	50720	443	192.168.2.18	40.126.31.67
Oct 28, 2024 21:35:47.745208979 CET	50720	443	192.168.2.18	40.126.31.67
Oct 28, 2024 21:35:47.750670910 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:47.750685930 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:47.750698090 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:47.750709057 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:47.750718117 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126835108 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126854897 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126861095 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126866102 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126872063 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126877069 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126892090 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126898050 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126940012 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126952887 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126964092 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.126974106 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.127038956 CET	50720	443	192.168.2.18	40.126.31.67
Oct 28, 2024 21:35:49.127118111 CET	50720	443	192.168.2.18	40.126.31.67
Oct 28, 2024 21:35:49.127415895 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.127465963 CET	50720	443	192.168.2.18	40.126.31.67
Oct 28, 2024 21:35:49.128197908 CET	443	50720	40.126.31.67	192.168.2.18
Oct 28, 2024 21:35:49.128253937 CET	50720	443	192.168.2.18	40.126.31.67
Oct 28, 2024 21:35:49.216876030 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:49.216902018 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:49.217000961 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:49.219566107 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:49.219577074 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:49.317203999 CET	50716	80	192.168.2.18	93.184.221.240
Oct 28, 2024 21:35:49.323052883 CET	80	50716	93.184.221.240	192.168.2.18
Oct 28, 2024 21:35:49.323163986 CET	50716	80	192.168.2.18	93.184.221.240
Oct 28, 2024 21:35:50.070271015 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.070373058 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.078777075 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.078814983 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.079247952 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.079304934 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.081480980 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.081532001 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.381354094 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.381467104 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.381536961 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.381536961 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.381557941 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.381607056 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.381666899 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.381720066 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.381789923 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.381844997 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.385289907 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.385308027 CET	443	50734	2.23.209.158	192.168.2.18
Oct 28, 2024 21:35:50.385317087 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:35:50.385360003 CET	50734	443	192.168.2.18	2.23.209.158
Oct 28, 2024 21:36:08.085274935 CET	50736	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:36:08.085325003 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:08.085398912 CET	50736	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:36:08.085659027 CET	50736	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:36:08.085673094 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:08.964766026 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:08.965298891 CET	50736	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:36:08.965337992 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:08.965986967 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:08.966388941 CET	50736	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:36:08.966481924 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:09.010008097 CET	50736	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:36:18.956564903 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:18.956736088 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:18.956825018 CET	50736	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:36:19.476994038 CET	50736	443	192.168.2.18	142.250.185.164
Oct 28, 2024 21:36:19.477024078 CET	443	50736	142.250.185.164	192.168.2.18
Oct 28, 2024 21:36:37.072215080 CET	49694	80	192.168.2.18	192.229.221.95
Oct 28, 2024 21:36:37.072231054 CET	49691	443	192.168.2.18	40.126.31.67
Oct 28, 2024 21:36:37.078185081 CET	80	49694	192.229.221.95	192.168.2.18
Oct 28, 2024 21:36:37.078310013 CET	49694	80	192.168.2.18	192.229.221.95
Oct 28, 2024 21:36:37.078738928 CET	443	49691	40.126.31.67	192.168.2.18
Oct 28, 2024 21:36:37.078820944 CET	49691	443	192.168.2.18	40.126.31.67
Oct 28, 2024 21:36:38.207334995 CET	49695	443	192.168.2.18	184.28.90.27
Oct 28, 2024 21:36:38.213793993 CET	443	49695	184.28.90.27	192.168.2.18
Oct 28, 2024 21:36:38.213870049 CET	49695	443	192.168.2.18	184.28.90.27
Oct 28, 2024 21:36:39.676348925 CET	50719	443	192.168.2.18	184.28.90.27
Oct 28, 2024 21:36:39.796225071 CET	443	50719	184.28.90.27	192.168.2.18
Oct 28, 2024 21:36:39.796351910 CET	50719	443	192.168.2.18	184.28.90.27

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 21:35:03.200845957 CET	53	60308	1.1.1.1	192.168.2.18
Oct 28, 2024 21:35:03.228629112 CET	53	49899	1.1.1.1	192.168.2.18
Oct 28, 2024 21:35:03.908298969 CET	63827	53	192.168.2.18	1.1.1.1
Oct 28, 2024 21:35:03.908473969 CET	54464	53	192.168.2.18	1.1.1.1
Oct 28, 2024 21:35:03.943320036 CET	53	54464	1.1.1.1	192.168.2.18
Oct 28, 2024 21:35:03.944708109 CET	53	63827	1.1.1.1	192.168.2.18
Oct 28, 2024 21:35:04.473965883 CET	53	53927	1.1.1.1	192.168.2.18
Oct 28, 2024 21:35:08.019463062 CET	55864	53	192.168.2.18	1.1.1.1
Oct 28, 2024 21:35:08.019715071 CET	52678	53	192.168.2.18	1.1.1.1
Oct 28, 2024 21:35:08.026978016 CET	53	55864	1.1.1.1	192.168.2.18
Oct 28, 2024 21:35:08.027587891 CET	53	52678	1.1.1.1	192.168.2.18
Oct 28, 2024 21:35:21.680699110 CET	53	57706	1.1.1.1	192.168.2.18
Oct 28, 2024 21:35:40.288466930 CET	53	55380	1.1.1.1	192.168.2.18
Oct 28, 2024 21:36:02.389431953 CET	138	138	192.168.2.18	192.168.2.255
Oct 28, 2024 21:36:03.015441895 CET	53	54571	1.1.1.1	192.168.2.18
Oct 28, 2024 21:36:03.192337036 CET	53	54865	1.1.1.1	192.168.2.18
Oct 28, 2024 21:36:32.224004030 CET	53	51104	1.1.1.1	192.168.2.18

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 28, 2024 21:35:03.908298969 CET	192.168.2.18	1.1.1.1	0x5a7c	Standard query (0)	dansseda.net	A (IP address)	IN (0x0001)	false
Oct 28, 2024 21:35:03.908473969 CET	192.168.2.18	1.1.1.1	0xafa9	Standard query (0)	dansseda.net	65	IN (0x0001)	false
Oct 28, 2024 21:35:08.019463062 CET	192.168.2.18	1.1.1.1	0x6279	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 21:35:08.019715071 CET	192.168.2.18	1.1.1.1	0x10b7	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 28, 2024 21:35:03.944708109 CET	1.1.1.1	192.168.2.18	0x5a7c	No error (0)	dansseda.net	50.6.194.42	A (IP address)	IN (0x0001)	false
Oct 28, 2024 21:35:08.026978016 CET	1.1.1.1	192.168.2.18	0x6279	No error (0)	www.google.com	142.250.185.164	A (IP address)	IN (0x0001)	false
Oct 28, 2024 21:35:08.027587891 CET	1.1.1.1	192.168.2.18	0x10b7	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

dansseda.net

https:

slscr.update.microsoft.com

www.bing.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.18	50727	50.6.194.42	443	3764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 20:35:04 UTC	659	OUT	GET /.wp/ HTTP/1.1 Host: dansseda.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 20:35:04 UTC	164	IN	HTTP/1.1 404 Not Found Date: Mon, 28 Oct 2024 20:35:04 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-10-28 20:35:04 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.18	50728	50.6.194.42	443	3764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 20:35:04 UTC	584	OUT	GET /favicon.ico HTTP/1.1 Host: dansseda.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dansseda.net/.wp/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 20:35:05 UTC	164	IN	HTTP/1.1 404 Not Found Date: Mon, 28 Oct 2024 20:35:05 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-10-28 20:35:05 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.18	50732	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 20:35:09 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=z6RVOkPOYDsHzvd&MD=fZez6us4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-28 20:35:09 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 31ab5abe-6ca7-4648-bc2a-04222b9cb5d0 MS-RequestId: 5df68b6f-032e-45c7-a5d5-458dc43ae74e MS-CV: VYJz+iXlVUKBt2Hm.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 28 Oct 2024 20:35:08 GMT Connection: close Content-Length: 24490
2024-10-28 20:35:09 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-28 20:35:09 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.18	50733	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 20:35:46 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=z6RVOkPOYDsHzvd&MD=fZez6us4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-28 20:35:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 6abb2d82-8a8d-4f05-95d7-b29b73239bd8 MS-RequestId: 974017a4-0dd9-423d-8776-5d15009a83a8 MS-CV: vl48k6Ufs0+2a1Qo.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 28 Oct 2024 20:35:46 GMT Connection: close Content-Length: 30005
2024-10-28 20:35:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-28 20:35:47 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.18	50734	2.23.209.158	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 20:35:50 UTC	2758	OUT	GET /client/config?cc=CH&setlang=en-CH HTTP/1.1 X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-UserAgeClass: Unknown X-BM-Market: CH X-BM-DateFormat: dd/MM/yyyy X-Device-OSSKU: 48 X-BM-DTZ: -240 X-DeviceID: 01000A410900B03D X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75 X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZD6%2BsjpH3z0SA66otNCRtSK5CRsmk8E1lCrBQ1JkDZadph/5XdmfMbB3887fuyOyyaCCyo1VrZKGCMoE0aHcNhxw/Hrj6XDZ/k4igdMvKpDXxlZCmRmTWMYYAU2Ql9mYFmRczccKJY9lERyzPu/cPpAhFWlHoROy7bX%2BHbYCkWX7bv1ELdkngdRMphPguIFXwFZGMAL6nV30d/yHyy2m%2BCuc7pSXuSuIlGWJM%2B2mMhv3nOQ8m9fsb8s9kTOxlpBjRdq1JPlJ9ivIXy1g/QP%2BytYx9Lr22Xij1dEFavV6jUrhH3XcjMXc/QBJfzFHZcVlfQ5sXTcLaX2A/HcRXh/85sQZgAAEMVAikMkHxxpXU7MTVNYtyqwAVmuerBnIdCzF7t%2BEoay3SbAC6DFkk14MMXZsVhL1%2BcWZ0eOEXpRzaQrFOs%2Bj17DtGdRdgyMAszSZrHmFXjbzZ4uEA2kBrtQzjJgJJtwb%2BANueZaAhxY9pds37fTX9d%2BsKGstBGDFBPcbl%2BUDdeKsihllIOnK4zrviIbCkFtFZlYaDe16VjJJI17Urh/I/wxa2JvRhbrzux5BzLh6KKw9OCmKayzWl%2BBZos%2BO4hUPXMiWZpcP4TwMoVlwPVpl/qRMUFbjyBdb5kzWeaLd7xeAAktzvqqYyQdkWpEkqhk4L4mx%2BmRwqOImwE/Mw3WdJIDWweqEPkOutE4A9DRqh7s8UuDQhjxWORCq4P/jjeJanG9eWpPGBcRrvesywgFwjwxKqYdDW4vYvwvjsLa352vE3e14wEqnoU4pnf%2B3f2I6euyOWZhmvkyK7N4UYLQKeitrAPN1fGkMVhu2KDba%2BMzzhwYsrBFPZavm1XBgL6i9w8hu28KBzXaTDIkuePSKn4EP4ZhRGPEZ1A77gjq2VCUnXyS9u%2BjL4O9e7SiLc6uJrG [TRUNCATED] X-Agent-DeviceId: 01000A410900B03D X-BM-CBT: 1730147746 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 X-Device-isOptin: false Accept-language: en-GB, en, en-US X-Device-Touch: false X-Device-ClientSession: 5B42FA2790EE4F588EE166A314242BD3 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI Host: www.bing.com Connection: Keep-Alive Cookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C
2024-10-28 20:35:50 UTC	1196	IN	HTTP/1.1 200 OK Content-Length: 2215 Content-Type: application/json; charset=utf-8 Cache-Control: private X-EventID: 671ff5a606c049a3b269c347b56233b8 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Mon, 28 Oct 2024 20:35:50 GMT Connection: close Set-Cookie: _EDGE_S=SID=25CC4A17635F61CB25965F3162AF600C&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=en&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; domain=.bing.com; expires=Sat, 22-Nov-2025 20:35:50 GMT; path=/; secure; SameSite=None Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None Set-Cookie: _SS=SID=25CC4A17635F61CB25965F3162AF600C; domain=.bing.com; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.31d01702.1730147750.65487b5
2024-10-28 20:35:50 UTC	2215	IN	Data Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65 Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3952, Parent PID: 6980

General

Target ID:	0
Start time:	16:35:01
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff728d30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3764, Parent PID: 3952

General

Target ID:	3
Start time:	16:35:01
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1924,i,4318523860277121523,314623669857902668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff728d30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6788, Parent PID: 6980

General

Target ID:	6
Start time:	16:35:02
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dansseda.net/.wp/"
Imagebase:	0x7ff728d30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dansseda.net/.wp/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3952, Parent PID: 6980

General

Chronological Activities

Analysis Process: chrome.exePID: 3764, Parent PID: 3952

General

Chronological Activities

Windows Analysis Report
https://dansseda.net/.wp/