Edit tour

Windows Analysis Report
http://141.8.192.169

Overview

General Information

Sample URL:http://141.8.192.169
Analysis ID:1592079
Infos:

Detection

Score:20
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

AI detected suspicious URL
Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2032,i,11569269191890836372,7136015587659939751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://141.8.192.169" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: URLJoe Sandbox AI: AI detected IP in URL: http://141.8.192.169
Source: http://141.8.192.169/HTTP Parser: No favicon
Source: global trafficTCP traffic: 192.168.2.4:53611 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 141.8.192.169
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 141.8.192.169Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 141.8.192.169Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://141.8.192.169/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: cp.sprinthost.ru
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Wed, 15 Jan 2025 17:24:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 33 61 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 9d 6d 8f 64 c7 75 98 bf eb 57 b4 47 30 24 c5 9a de ee be f7 76 df de 17 22 c6 c8 06 03 0c 11 03 52 16 30 bf 10 b3 33 bd bb 6d cd ce 4c 66 7a b9 4b 13 02 24 25 76 02 38 81 82 44 48 02 04 b1 69 07 f9 e4 2f 8c 64 46 b4 25 51 00 7f c1 ec 5f f0 2f c9 f3 9c 7a e9 9e d9 d9 17 3a 06 82 00 4d 41 1c 9e be 75 eb 56 9d 3a 75 de ab ce dd df fa ce 3f df fb de 1f fe c1 ef 0d 1e af 9e 1c bf f3 b5 bb fe 19 1c 1f 9c 3c ba b7 b3 38 d9 f1 87 c5 c1 d1 3b 5f 1b f0 cf dd 27 8b d5 c1 e0 f0 f1 c1 f9 c5 62 75 6f e7 5f 7c ef f7 77 7b 5a c4 a3 d5 72 75 bc 78 e7 f2 cf 5f fc db cb cf 2f ff d7 e5 df 5d 7e 3a 68 47 ed e8 ee ad f4 60 e3 fd 93 83 27 8b 7b 3b 1f 2e 17 cf ce 4e cf 57 3b 83 c3 d3 93 d5 e2 84 fe 9e 2d 8f 56 8f ef 1d 2d 3e 5c 1e 2e 76 03 f8 f6 60 79 b2 5c 2d 0f 8e 77 2f 0e 0f 8e 17 f7 c6 c3 51 f9 de c5 ea 23 bb 7d 70 7a f4 d1 b7 1f 8f bf 7d f6 f1 d9 c1 d1 d1 f2 e4 d1 ed d1 9d 27 07 e7 8f 96 27 b7 47 3f f8 27 1f 3f a4 ef dd 87 07 4f 96 c7 1f dd fe dd 73 3a fa f6 c5 c1 c9 c5 ee c5 e2 7c f9 f0 4e 3c 8c 7e 6e 9f 9c 9e 3f 39 38 4e bf 3c 5b 2c 1f 3d 5e dd 6e 47 a3 1f 0c 9f 9d 1f 9c 9d 2d ce bf 5d fe 63 30 cc a3 fd 38 c6 77 7b 3c 1a fd f6 9d a3 e5 c5 d9 f1 c1 47 b7 79 f3 c1 f7 97 ab dd 07 a7 cf 5f fa ed e1 f1 62 e3 c7 27 a7 7f 7c b5 d5 93 8b 5d 5b 6c be 19 6f 6c 74 b9 7b 76 70 f8 fd db 87 60 6a 71 5e 7f ff a3 a7 17 ab e5 c3 8f 76 f3 a8 ea e3 fc 81 ab ef e4 8f 5c f9 f1 e6 0e ea c4 af cf 77 79 f2 18 d4 ad 40 f1 f3 b4 42 60 a0 99 9c 3d bf f3 38 21 2d f0 b1 39 e8 d3 f3 25 23 be fd 98 bf 7f 0c 72 c1 f1 e6 d3 a3 e5 f9 e2 70 b5 3c 3d 29 0b 50 1e 3a f9 dd f5 d3 f3 d3 67 77 76 cb 9c 6e e8 b2 3c 7a b9 bf 32 e7 ab 7d dd d0 7d 21 9f f1 a4 3f 7b 3e 18 4f f9 17 94 b4 3c d9 cd 33 8b cf 43 84 87 df 64 8e 1f 3e 1e ec 0e a2 e5 b7 36 db dc f4 78 73 ba 17 cb 3f 96 42 f3 62 05 05 d4 59 dd f0 8c e7 bb 37 bd b2 26 b3 b4 94 79 0d 5f 49 14 17 b4 5a ec 3e 58 ac 9e 2d 16 27 eb 2f 5e 7d f7 0a 71 94 1e af 53 c7 d5 9e ce 4e 2f d8 9c 2c de f9 e2 f8 60 b5 fc 70 f1 32 d9 0c 86 c7 8b 87 6c b2 e5 d1 e2 e3 b2 4d 56 07 0f 8e 17 85 60 da 6e 74 f6 fc b5 ef 0d 86 8b f3 f3 d3 f3 dd 07 c7 a7 87 df af 9d 14 b4 2e 4f 8e 97 27 4c ee 86 2d 97 1f bd bc f3 6e 7a 87 e9 6f b4 df ec 6e b3 9b 1b 28 fb c3 c5 f9 6a c9 c2 ff 83 e8 fa f0 f4 f8 e9 93 8d 25 c9 a4 bd ee f3 ab 10 76 ee ec 1a 6d a7 5f df 1e c3 1f 7c 20 7f 4e 8c 13 e2 5b dc 9e b0 40 77 02 c9 65 8f 37 fd 6f df a1 db d3 f3 db 5f 1f 8d 46 77 4e 21 a4 e5 ea a3 db c3 59 e6 bc ac c6 6a 75 fa e4 36 db e3 ce b3 c7 cb d5 62 37 e8 e6 f6 d9 f9 62 d7 8e be ea 60 06 0f d2 70 32 63 9e 6d 7c 73 fc 55 fa 5a 9c 6c 4c 6b dc 5e 9f d6 7c 18 9c ec a6 99 b5 d7 66 d6 fe 63 4c 6d 71 f2 9a 89 0d e7 5f 65 66 47 8b 8b c3 7f d0 92 f5 37 2e d0 06 7b ef e6 e0 e4 ab 0e 65 70 f0 f1 06 16 57 8b e7 ab dd a3 c5 e1 e9 39 4c 22 58 fd c9 e2 ce 83
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Wed, 15 Jan 2025 17:24:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 33 61 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 9d 6d 8f 64 c7 75 98 bf eb 57 b4 47 30 24 c5 9a de ee be f7 76 df de 17 22 c6 c8 06 03 0c 11 03 52 16 30 bf 10 b3 33 bd bb 6d cd ce 4c 66 7a b9 4b 13 02 24 25 76 02 38 81 82 44 48 02 04 b1 69 07 f9 e4 2f 8c 64 46 b4 25 51 00 7f c1 ec 5f f0 2f c9 f3 9c 7a e9 9e d9 d9 17 3a 06 82 00 4d 41 1c 9e be 75 eb 56 9d 3a 75 de ab ce dd df fa ce 3f df fb de 1f fe c1 ef 0d 1e af 9e 1c bf f3 b5 bb fe 19 1c 1f 9c 3c ba b7 b3 38 d9 f1 87 c5 c1 d1 3b 5f 1b f0 cf dd 27 8b d5 c1 e0 f0 f1 c1 f9 c5 62 75 6f e7 5f 7c ef f7 77 7b 5a c4 a3 d5 72 75 bc 78 e7 f2 cf 5f fc db cb cf 2f ff d7 e5 df 5d 7e 3a 68 47 ed e8 ee ad f4 60 e3 fd 93 83 27 8b 7b 3b 1f 2e 17 cf ce 4e cf 57 3b 83 c3 d3 93 d5 e2 84 fe 9e 2d 8f 56 8f ef 1d 2d 3e 5c 1e 2e 76 03 f8 f6 60 79 b2 5c 2d 0f 8e 77 2f 0e 0f 8e 17 f7 c6 c3 51 f9 de c5 ea 23 bb 7d 70 7a f4 d1 b7 1f 8f bf 7d f6 f1 d9 c1 d1 d1 f2 e4 d1 ed d1 9d 27 07 e7 8f 96 27 b7 47 3f f8 27 1f 3f a4 ef dd 87 07 4f 96 c7 1f dd fe dd 73 3a fa f6 c5 c1 c9 c5 ee c5 e2 7c f9 f0 4e 3c 8c 7e 6e 9f 9c 9e 3f 39 38 4e bf 3c 5b 2c 1f 3d 5e dd 6e 47 a3 1f 0c 9f 9d 1f 9c 9d 2d ce bf 5d fe 63 30 cc a3 fd 38 c6 77 7b 3c 1a fd f6 9d a3 e5 c5 d9 f1 c1 47 b7 79 f3 c1 f7 97 ab dd 07 a7 cf 5f fa ed e1 f1 62 e3 c7 27 a7 7f 7c b5 d5 93 8b 5d 5b 6c be 19 6f 6c 74 b9 7b 76 70 f8 fd db 87 60 6a 71 5e 7f ff a3 a7 17 ab e5 c3 8f 76 f3 a8 ea e3 fc 81 ab ef e4 8f 5c f9 f1 e6 0e ea c4 af cf 77 79 f2 18 d4 ad 40 f1 f3 b4 42 60 a0 99 9c 3d bf f3 38 21 2d f0 b1 39 e8 d3 f3 25 23 be fd 98 bf 7f 0c 72 c1 f1 e6 d3 a3 e5 f9 e2 70 b5 3c 3d 29 0b 50 1e 3a f9 dd f5 d3 f3 d3 67 77 76 cb 9c 6e e8 b2 3c 7a b9 bf 32 e7 ab 7d dd d0 7d 21 9f f1 a4 3f 7b 3e 18 4f f9 17 94 b4 3c d9 cd 33 8b cf 43 84 87 df 64 8e 1f 3e 1e ec 0e a2 e5 b7 36 db dc f4 78 73 ba 17 cb 3f 96 42 f3 62 05 05 d4 59 dd f0 8c e7 bb 37 bd b2 26 b3 b4 94 79 0d 5f 49 14 17 b4 5a ec 3e 58 ac 9e 2d 16 27 eb 2f 5e 7d f7 0a 71 94 1e af 53 c7 d5 9e ce 4e 2f d8 9c 2c de f9 e2 f8 60 b5 fc 70 f1 32 d9 0c 86 c7 8b 87 6c b2 e5 d1 e2 e3 b2 4d 56 07 0f 8e 17 85 60 da 6e 74 f6 fc b5 ef 0d 86 8b f3 f3 d3 f3 dd 07 c7 a7 87 df af 9d 14 b4 2e 4f 8e 97 27 4c ee 86 2d 97 1f bd bc f3 6e 7a 87 e9 6f b4 df ec 6e b3 9b 1b 28 fb c3 c5 f9 6a c9 c2 ff 83 e8 fa f0 f4 f8 e9 93 8d 25 c9 a4 bd ee f3 ab 10 76 ee ec 1a 6d a7 5f df 1e c3 1f 7c 20 7f 4e 8c 13 e2 5b dc 9e b0 40 77 02 c9 65 8f 37 fd 6f df a1 db d3 f3 db 5f 1f 8d 46 77 4e 21 a4 e5 ea a3 db c3 59 e6 bc ac c6 6a 75 fa e4 36 db e3 ce b3 c7 cb d5 62 37 e8 e6 f6 d9 f9 62 d7 8e be ea 60 06 0f d2 70 32 63 9e 6d 7c 73 fc 55 fa 5a 9c 6c 4c 6b dc 5e 9f d6 7c 18 9c ec a6 99 b5 d7 66 d6 fe 63 4c 6d 71 f2 9a 89 0d e7 5f 65 66 47 8b 8b c3 7f d0 92 f5 37 2e d0 06 7b ef e6 e0 e4 ab 0e 65 70 f0 f1 06 16 57 8b e7 ab dd a3 c5 e1 e9 39 4c 22 58 fd c9 e2 ce 83
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53714
Source: unknownNetwork traffic detected: HTTP traffic on port 53714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: classification engineClassification label: sus20.win@16/4@4/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2032,i,11569269191890836372,7136015587659939751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://141.8.192.169"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2032,i,11569269191890836372,7136015587659939751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1592079 URL: http://141.8.192.169 Startdate: 15/01/2025 Architecture: WINDOWS Score: 20 26 AI detected suspicious URL 2->26 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49420 unknown unknown 6->14 16 192.168.2.5 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 141.8.192.169, 53612, 53613, 80 SPRINTHOSTRU Russian Federation 11->20 22 www.google.com 142.250.181.228, 443, 49738, 53714 GOOGLEUS United States 11->22 24 cp.sprinthost.ru 11->24

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://141.8.192.1690%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://141.8.192.169/favicon.ico0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
cp.sprinthost.ru
141.8.197.7
truefalse
    unknown
    www.google.com
    142.250.181.228
    truefalse
      high
      NameMaliciousAntivirus DetectionReputation
      http://141.8.192.169/false
        unknown
        http://141.8.192.169/favicon.icotrue
        • Avira URL Cloud: safe
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        unknownReserved
        unknownunknownfalse
        142.250.181.228
        www.google.comUnited States
        15169GOOGLEUSfalse
        141.8.192.169
        unknownRussian Federation
        35278SPRINTHOSTRUtrue
        IP
        192.168.2.4
        192.168.2.5
        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1592079
        Start date and time:2025-01-15 18:23:13 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 3m 1s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:http://141.8.192.169
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:8
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:SUS
        Classification:sus20.win@16/4@4/5
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.186.142, 108.177.15.84, 142.250.181.238, 142.250.186.174, 142.250.80.46, 74.125.0.102, 199.232.214.172, 2.23.77.188, 142.250.185.99, 2.23.242.162, 20.109.210.53, 13.107.246.45
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, r1.sn-t0aekn7e.gvt1.com, clients.l.google.com, r1---sn-t0aekn7e.gvt1.com
        • Not all processes where analyzed, report is missing behavior information
        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
        • VT rate limit hit for: http://141.8.192.169
        No simulations
        No context
        No context
        No context
        No context
        No context
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:gzip compressed data, from Unix, original size modulo 2^32 57492
        Category:downloaded
        Size (bytes):15034
        Entropy (8bit):7.973696275748976
        Encrypted:false
        SSDEEP:384:0UILFEPpv09YTZvHWg1Uuqbe5dhhnb6JW6/X5VpQhCNDl8:f6EPpvgYTZPguqbOn206/JfQwK
        MD5:B88F2C839AE61EAFA135801B4A694CCE
        SHA1:82886354CF0E6C0FF1858EDD82B6BF6C3E049C02
        SHA-256:A122532B77DE01382285D15EE6ECD5768284BC6F5690341582F2765E68AE9BA7
        SHA-512:085AD6ACDD23EB0B1D9E1FCD719D90ADA6046441EBD5E0380B974754CA9427A20708B536F7EC80A6B14238C87749B1EF4239B0D30EF0D2218723E662EFE4F650
        Malicious:false
        Reputation:low
        URL:http://141.8.192.169/
        Preview:...........m.d.u...W.G0$....v...".......R.0...3..m..Lfz.K..$%v.8..DH...i.../.dF.%Q...._./..z....:...MA...u.V.:u......?...................<...8.....;_....'.........buo._|..w{Z..ru.x..._..../....]~:hG....`....'.{;.....N.W;.......-.V...->\..v...`y.\-..w/.......Q....#.}pz.....}...........'..'.G?.'.?....O......s:.........|..N<.~n...?98N.<[,.=^.nG........-.].c0..8.w{<..........G.y........._....b..'..|...][l..olt.{vp...`jq^........v........\.......wy...@..B`...=..8!-.9...%#......r.......p.<=).P.:......gwv.n.<z..2.}..}!..?{>.O....<..3..C...d..>.....6...xs...?.B.b...Y....7..&...y._I...Z.>X..-.'./^}..q...S...N/.,....`..p.2.....l.....MV.....`.nt....................O..'L.-.....nz..o...n...(....j..........%.....v...m._....| .N...[..@w..e.7.o....._..FwN!.....Y..ju..6......b7.....b...`...p2c.m|s.U.Z.lLk.^..|.....f..cLmq..._efG......7...{.....ep....W......9L"X........:Q...\../..AQ.O./......|=.......p._.........i+...P..$xk*>W....n....S&
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:gzip compressed data, from Unix, original size modulo 2^32 57492
        Category:downloaded
        Size (bytes):15034
        Entropy (8bit):7.973696275748976
        Encrypted:false
        SSDEEP:384:0UILFEPpv09YTZvHWg1Uuqbe5dhhnb6JW6/X5VpQhCNDl8:f6EPpvgYTZPguqbOn206/JfQwK
        MD5:B88F2C839AE61EAFA135801B4A694CCE
        SHA1:82886354CF0E6C0FF1858EDD82B6BF6C3E049C02
        SHA-256:A122532B77DE01382285D15EE6ECD5768284BC6F5690341582F2765E68AE9BA7
        SHA-512:085AD6ACDD23EB0B1D9E1FCD719D90ADA6046441EBD5E0380B974754CA9427A20708B536F7EC80A6B14238C87749B1EF4239B0D30EF0D2218723E662EFE4F650
        Malicious:false
        Reputation:low
        URL:http://141.8.192.169/favicon.ico
        Preview:...........m.d.u...W.G0$....v...".......R.0...3..m..Lfz.K..$%v.8..DH...i.../.dF.%Q...._./..z....:...MA...u.V.:u......?...................<...8.....;_....'.........buo._|..w{Z..ru.x..._..../....]~:hG....`....'.{;.....N.W;.......-.V...->\..v...`y.\-..w/.......Q....#.}pz.....}...........'..'.G?.'.?....O......s:.........|..N<.~n...?98N.<[,.=^.nG........-.].c0..8.w{<..........G.y........._....b..'..|...][l..olt.{vp...`jq^........v........\.......wy...@..B`...=..8!-.9...%#......r.......p.<=).P.:......gwv.n.<z..2.}..}!..?{>.O....<..3..C...d..>.....6...xs...?.B.b...Y....7..&...y._I...Z.>X..-.'./^}..q...S...N/.,....`..p.2.....l.....MV.....`.nt....................O..'L.-.....nz..o...n...(....j..........%.....v...m._....| .N...[..@w..e.7.o....._..FwN!.....Y..ju..6......b7.....b...`...p2c.m|s.U.Z.lLk.^..|.....f..cLmq..._efG......7...{.....ep....W......9L"X........:Q...\../..AQ.O./......|=.......p._.........i+...P..$xk*>W....n....S&
        No static file info

        Download Network PCAP: filteredfull

        • Total Packets: 31
        • 443 (HTTPS)
        • 80 (HTTP)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Jan 15, 2025 18:24:18.339247942 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:18.339322090 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:18.339409113 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:18.339603901 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:18.339620113 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:19.134263992 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:19.134670973 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:19.134681940 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:19.136156082 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:19.136249065 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:19.137438059 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:19.137528896 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:19.167233944 CET5361153192.168.2.41.1.1.1
        Jan 15, 2025 18:24:19.172492981 CET53536111.1.1.1192.168.2.4
        Jan 15, 2025 18:24:19.172575951 CET5361153192.168.2.41.1.1.1
        Jan 15, 2025 18:24:19.172615051 CET5361153192.168.2.41.1.1.1
        Jan 15, 2025 18:24:19.177386999 CET53536111.1.1.1192.168.2.4
        Jan 15, 2025 18:24:19.189824104 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:19.189831972 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:19.236646891 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:19.316067934 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:19.316374063 CET5361380192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:19.320874929 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.321397066 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:19.321465015 CET8053613141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.321532965 CET5361380192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:19.322299004 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:19.327399015 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.640698910 CET53536111.1.1.1192.168.2.4
        Jan 15, 2025 18:24:19.682385921 CET5361153192.168.2.41.1.1.1
        Jan 15, 2025 18:24:19.687351942 CET53536111.1.1.1192.168.2.4
        Jan 15, 2025 18:24:19.687417030 CET5361153192.168.2.41.1.1.1
        Jan 15, 2025 18:24:19.998281002 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998297930 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998384953 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:19.998888016 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998899937 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998910904 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998922110 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998931885 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998943090 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998949051 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:19.998954058 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.998965025 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:19.999015093 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:19.999015093 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:20.003252983 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:20.003273010 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:20.003283978 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:20.003393888 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:20.112829924 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:20.158905029 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:20.163125992 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:20.167977095 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020309925 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020338058 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020354986 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020395994 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:21.020405054 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020416021 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020426989 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020435095 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:21.020437002 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020448923 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020457983 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:21.020459890 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.020498991 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:21.021347046 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.021358967 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.021369934 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.021380901 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.021393061 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:21.021413088 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:21.137304068 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:21.188554049 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:28.257062912 CET4972380192.168.2.42.22.50.131
        Jan 15, 2025 18:24:28.262465954 CET80497232.22.50.131192.168.2.4
        Jan 15, 2025 18:24:28.262527943 CET4972380192.168.2.42.22.50.131
        Jan 15, 2025 18:24:28.905627012 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:28.905793905 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:28.905869961 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:30.299252987 CET49738443192.168.2.4142.250.181.228
        Jan 15, 2025 18:24:30.299277067 CET44349738142.250.181.228192.168.2.4
        Jan 15, 2025 18:24:34.867605925 CET8053613141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:34.867809057 CET5361380192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:36.299448967 CET5361380192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:36.304299116 CET8053613141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:51.029510021 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:24:51.029592037 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:52.299380064 CET5361280192.168.2.4141.8.192.169
        Jan 15, 2025 18:24:52.307259083 CET8053612141.8.192.169192.168.2.4
        Jan 15, 2025 18:25:15.579776049 CET4972480192.168.2.42.22.50.131
        Jan 15, 2025 18:25:15.584882975 CET80497242.22.50.131192.168.2.4
        Jan 15, 2025 18:25:15.584995985 CET4972480192.168.2.42.22.50.131
        Jan 15, 2025 18:25:18.393241882 CET53714443192.168.2.4142.250.181.228
        Jan 15, 2025 18:25:18.393297911 CET44353714142.250.181.228192.168.2.4
        Jan 15, 2025 18:25:18.393387079 CET53714443192.168.2.4142.250.181.228
        Jan 15, 2025 18:25:18.393619061 CET53714443192.168.2.4142.250.181.228
        Jan 15, 2025 18:25:18.393639088 CET44353714142.250.181.228192.168.2.4
        Jan 15, 2025 18:25:19.057648897 CET44353714142.250.181.228192.168.2.4
        Jan 15, 2025 18:25:19.057946920 CET53714443192.168.2.4142.250.181.228
        Jan 15, 2025 18:25:19.057971001 CET44353714142.250.181.228192.168.2.4
        Jan 15, 2025 18:25:19.058289051 CET44353714142.250.181.228192.168.2.4
        Jan 15, 2025 18:25:19.058604002 CET53714443192.168.2.4142.250.181.228
        Jan 15, 2025 18:25:19.058664083 CET44353714142.250.181.228192.168.2.4
        Jan 15, 2025 18:25:19.110546112 CET53714443192.168.2.4142.250.181.228
        Jan 15, 2025 18:25:28.951967001 CET44353714142.250.181.228192.168.2.4
        Jan 15, 2025 18:25:28.952107906 CET44353714142.250.181.228192.168.2.4
        Jan 15, 2025 18:25:28.952168941 CET53714443192.168.2.4142.250.181.228
        Jan 15, 2025 18:25:30.300817966 CET53714443192.168.2.4142.250.181.228
        Jan 15, 2025 18:25:30.300837040 CET44353714142.250.181.228192.168.2.4
        TimestampSource PortDest PortSource IPDest IP
        Jan 15, 2025 18:24:13.930563927 CET53495401.1.1.1192.168.2.4
        Jan 15, 2025 18:24:13.968719006 CET53515971.1.1.1192.168.2.4
        Jan 15, 2025 18:24:15.123759985 CET53644861.1.1.1192.168.2.4
        Jan 15, 2025 18:24:18.331137896 CET6166753192.168.2.41.1.1.1
        Jan 15, 2025 18:24:18.331286907 CET5671953192.168.2.41.1.1.1
        Jan 15, 2025 18:24:18.338076115 CET53616671.1.1.1192.168.2.4
        Jan 15, 2025 18:24:18.338464975 CET53567191.1.1.1192.168.2.4
        Jan 15, 2025 18:24:19.166624069 CET53646061.1.1.1192.168.2.4
        Jan 15, 2025 18:24:26.648156881 CET4942053192.168.2.41.1.1.1
        Jan 15, 2025 18:24:26.648838997 CET5495153192.168.2.41.1.1.1
        Jan 15, 2025 18:24:26.658586979 CET53549511.1.1.1192.168.2.4
        Jan 15, 2025 18:24:26.660753012 CET53494201.1.1.1192.168.2.4
        Jan 15, 2025 18:24:27.086277008 CET138138192.168.2.4192.168.2.255
        Jan 15, 2025 18:25:13.854319096 CET53541471.1.1.1192.168.2.4
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 15, 2025 18:24:18.331137896 CET192.168.2.41.1.1.10x445aStandard query (0)www.google.comA (IP address)IN (0x0001)false
        Jan 15, 2025 18:24:18.331286907 CET192.168.2.41.1.1.10x69edStandard query (0)www.google.com65IN (0x0001)false
        Jan 15, 2025 18:24:26.648156881 CET192.168.2.41.1.1.10xd935Standard query (0)cp.sprinthost.ruA (IP address)IN (0x0001)false
        Jan 15, 2025 18:24:26.648838997 CET192.168.2.41.1.1.10x53bbStandard query (0)cp.sprinthost.ru65IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 15, 2025 18:24:18.338076115 CET1.1.1.1192.168.2.40x445aNo error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false
        Jan 15, 2025 18:24:18.338464975 CET1.1.1.1192.168.2.40x69edNo error (0)www.google.com65IN (0x0001)false
        Jan 15, 2025 18:24:26.660753012 CET1.1.1.1192.168.2.40xd935No error (0)cp.sprinthost.ru141.8.197.7A (IP address)IN (0x0001)false
        • 141.8.192.169
        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.453612141.8.192.169805016C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        Jan 15, 2025 18:24:19.322299004 CET428OUTGET / HTTP/1.1
        Host: 141.8.192.169
        Connection: keep-alive
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Jan 15, 2025 18:24:19.998281002 CET1236INHTTP/1.1 404 Not Found
        Server: openresty
        Date: Wed, 15 Jan 2025 17:24:19 GMT
        Content-Type: text/html
        Transfer-Encoding: chunked
        Connection: keep-alive
        Vary: Accept-Encoding
        Content-Encoding: gzip
        Data Raw: 33 61 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 9d 6d 8f 64 c7 75 98 bf eb 57 b4 47 30 24 c5 9a de ee be f7 76 df de 17 22 c6 c8 06 03 0c 11 03 52 16 30 bf 10 b3 33 bd bb 6d cd ce 4c 66 7a b9 4b 13 02 24 25 76 02 38 81 82 44 48 02 04 b1 69 07 f9 e4 2f 8c 64 46 b4 25 51 00 7f c1 ec 5f f0 2f c9 f3 9c 7a e9 9e d9 d9 17 3a 06 82 00 4d 41 1c 9e be 75 eb 56 9d 3a 75 de ab ce dd df fa ce 3f df fb de 1f fe c1 ef 0d 1e af 9e 1c bf f3 b5 bb fe 19 1c 1f 9c 3c ba b7 b3 38 d9 f1 87 c5 c1 d1 3b 5f 1b f0 cf dd 27 8b d5 c1 e0 f0 f1 c1 f9 c5 62 75 6f e7 5f 7c ef f7 77 7b 5a c4 a3 d5 72 75 bc 78 e7 f2 cf 5f fc db cb cf 2f ff d7 e5 df 5d 7e 3a 68 47 ed e8 ee ad f4 60 e3 fd 93 83 27 8b 7b 3b 1f 2e 17 cf ce 4e cf 57 3b 83 c3 d3 93 d5 e2 84 fe 9e 2d 8f 56 8f ef 1d 2d 3e 5c 1e 2e 76 03 f8 f6 60 79 b2 5c 2d 0f 8e 77 2f 0e 0f 8e 17 f7 c6 c3 51 f9 de c5 ea 23 bb 7d 70 7a f4 d1 b7 1f 8f bf 7d f6 f1 d9 c1 d1 d1 f2 e4 d1 ed d1 9d 27 07 e7 8f 96 27 b7 47 3f f8 27 1f 3f a4 ef dd 87 07 4f 96 c7 1f dd fe dd 73 3a fa f6 c5 c1 c9 [TRUNCATED]
        Data Ascii: 3abamduWG0$v"R03mLfzK$%v8DHi/dF%Q_/z:MAuV:u?<8;_'buo_|w{Zrux_/]~:hG`'{;.NW;-V->\.v`y\-w/Q#}pz}''G?'?Os:|N<~n?98N<[,=^nG-]c08w{<Gy_b'|][lolt{vp`jq^v\wy@B`=8!-9%#rp<=)P:gwvn<z2}}!?{>O<3Cd>6xs?BbY7&y_IZ>X-'/^}qSN/,`p2lMV`nt.O'L-nzon(j%vm_| N[@we7o_FwN!Yju6b7b`p2cm|sUZlLk^|fcLmq_efG7.{epW9L"X:Q\/AQO/|=p_i+P$xk*>WnS&f1 [TRUNCATED]
        Jan 15, 2025 18:24:19.998297930 CET224INData Raw: 78 ba c6 4d 63 7c dd 48 36 14 a0 4d e1 bf d6 0c 1a e5 63 90 52 7e de f4 ee b9 ff 47 2a 4d fd ee c1 f1 f2 d1 c9 cb 0a 53 52 c0 82 3f 5d 51 90 6e 6a fe ea e5 fc e0 83 e3 d3 47 a7 83 8b 0f 1f 7d c5 85 1d 2c 9f 3c ca 3a 65 d1 b1 32 d6 32 f8 83 21 72
        Data Ascii: xMc|H6McR~G*MSR?]QnjG},<:e22!rs_l{_qwCz+T]JIiANJf<VllV2;zp6TF||1_*)8|V.Ji_u
        Jan 15, 2025 18:24:19.998888016 CET1236INData Raw: 07 ff f4 c9 e2 68 79 30 b8 38 3c 47 51 1e 1c 9c 1c 0d be b9 81 c5 f1 a8 43 df ff f8 65 53 30 9b 0e bb aa ba b7 67 b3 9b e9 65 43 34 ac 4e cf 6e 3f 3d c1 84 2e 34 d6 b9 ee 2f 53 60 bc 72 7b 3a a6 c3 b7 1a da 7a c4 99 be 66 ea 6e 37 8c 78 53 c4 5c
        Data Ascii: hy08<GQCeS0geC4Nn?=.4/S`r{:zfn7xS\eoQZ^@^#i6W"W.[fy>ry=f"9 dlf<}=_|d42M{KhS[sVrB3hQrd
        Jan 15, 2025 18:24:19.998899937 CET1236INData Raw: 5a e6 0a e9 cc 3b 48 ad 63 36 53 26 97 e0 81 70 33 a3 fb 0a 83 c3 39 d3 eb a0 ef a9 ed 21 bd 86 fe 18 65 e7 f0 3b d6 19 d2 ac d3 e7 39 ec a4 62 1e 70 3a 06 4e b3 89 ee c7 50 28 b3 67 77 09 75 30 25 a0 be 99 80 f8 3c 18 d6 15 9e c4 c2 30 d8 d9 98
        Data Ascii: Z;Hc6S&p39!e;9bp:NP(gwu0%<0ACt&g.({}YL!t^iDGy4'6Mgh>7MKlGp1z+<Po:tV3!3c>D?V2FC8YL
        Jan 15, 2025 18:24:19.998910904 CET1236INData Raw: b8 6d 35 6e 40 2f f3 e9 e6 d2 0c ca 58 0b bd 02 c3 0a 53 ff d2 35 68 1f b9 bd 3a 94 07 d8 0b 14 d2 aa f2 41 b6 f3 b4 1a 73 56 05 d1 9c 60 91 3e 72 ef 16 18 a4 76 70 e0 0a 27 ec ad db c3 0d b5 20 30 58 67 c1 6e a0 0d 91 09 3c 46 3a 40 f5 3c a6 75
        Data Ascii: m5n@/XS5h:AsV`>rvp' 0Xgn<F:@<uRlK`DVQ3:/o=+YZR5Z\w)m:N|l&fxn;.0~eYVf5LBaT<%Xut90
        Jan 15, 2025 18:24:19.998922110 CET1236INData Raw: 25 37 9d 7b bc c0 79 e5 65 9c 38 1c 60 54 5a a2 32 36 56 48 5d 0f 24 cd b1 7c 85 b1 5f c2 a8 d6 d9 2e e3 ed 61 cc 28 ad e0 5c 0b 59 f5 0d c5 5c d3 d4 4d ce 36 69 60 02 e8 8f 60 d1 e7 ec 4a 41 35 20 f9 a2 11 07 f5 79 15 58 ba 47 1b 50 51 9a e8 a2
        Data Ascii: %7{ye8`TZ26VH]$|_.a(\Y\M6i``JA5 yXGPQr,L&dMv&@F=J${=-OaS6o'1sV5P8\rX7Y<PMlqEu3MJ*6XCDQ@;Yss;+4Uim`=DuC
        Jan 15, 2025 18:24:19.998931885 CET1236INData Raw: 8d e2 df c6 0f 93 5c f9 c8 6e e4 67 c8 ee 11 ea b8 de 73 63 9c 8d ce 4d 35 bd 0a b3 2f dd df 2a 1c 30 1b 75 03 96 92 f6 0c 43 e1 a7 87 97 61 08 77 4e 57 0f 74 86 f5 ce e3 5d d6 1f 12 ed 75 ed 29 10 f4 87 e8 cd ef 83 a5 27 0d 4c d8 20 b2 8a 4d 04
        Data Ascii: \ngscM5/*0uCawNWt]u)'L M._CEE3pzTIV%<qVUg-m`(\-qh^`->WO,ON3`,T#n>TxAXOaXZ>,oc\dJoR4k >OO<JX
        Jan 15, 2025 18:24:19.998943090 CET1236INData Raw: bd e4 fa 02 f4 f3 62 b6 42 22 e1 c3 81 fc f5 4a a7 94 64 37 93 e1 b7 92 45 1c 8e 09 6d 93 9c ca 1a 8e 89 88 51 a6 f4 88 22 0e 7d 4f 14 a3 ac 3b b4 ec 20 10 ac f6 76 24 21 e8 7a 34 14 1c 61 1a 13 4a fb fb 2e 57 38 bf 72 46 87 fc 00 ef 10 ed 9c bf
        Data Ascii: bB"Jd7EmQ"}O; v$!z4aJ.W8rF&"[uU""#1!#90_CSG'!q!ZM3@4De^Z'AdkRj5Rra}3DX;PaBd0*A@#S~/}zR]rBR
        Jan 15, 2025 18:24:19.998954058 CET1236INData Raw: 2c f8 96 99 43 06 40 23 3f c9 ed 98 e2 a3 9a f7 6a 5e 9e 53 12 ee 55 aa 4d 06 30 ba 21 11 aa 6b ea 42 8e f8 2b e8 8a 14 0c ad ac 14 6f 25 a9 21 c2 c3 ee 2f 87 43 d2 f3 46 f8 d8 f3 29 5a 20 29 b8 df a0 9c 92 e7 18 f1 de 14 8e 36 3b 40 61 11 59 ed
        Data Ascii: ,C@#?j^SUM0!kB+o%!/CF)Z )6;@aY[=TS($K!":9_vD=l466B'M #m mLZ9ZCJg8HuK6-yEnPY&mJ1xM%/)PC/Y|.p[H.
        Jan 15, 2025 18:24:19.998965025 CET1236INData Raw: a5 44 d2 88 f2 c6 49 08 43 13 69 93 e0 57 a9 9a 75 d9 34 25 be 27 dd 46 50 39 27 7a d6 8c 38 cf 83 a0 52 4b b7 30 8d 8d e7 b1 2e 1b b0 f7 d2 a4 d8 84 c9 df 6b b3 af c0 c5 2c 4c f1 44 d7 79 16 87 e6 52 68 03 91 18 9c ad 58 02 9c f7 65 21 b4 2c 3c
        Data Ascii: DICiWu4%'FP9'z8RK0.k,LDyRhXe!,<6ntTB8k0pBY3|\d:(4YX=n*6upJRjvHH4{ZHL"{$ jkT'EJJ0c Dz ;k7Gw~k\"I#^[pS?~
        Jan 15, 2025 18:24:20.003252983 CET1236INData Raw: 46 e4 f7 22 0e 15 6e ad 40 76 9c 1f 4a 3e 07 5d c6 5a 29 de 17 76 4d 4d 7b ff bd 38 66 60 9c 2c 63 db 53 08 6a 9f e9 3e 16 9f 46 46 68 39 c1 ee 95 36 11 83 89 13 ed eb 1b 77 4a 4c b3 5c ee 93 69 c1 98 8f c6 65 ce 76 8a 9c ca 26 be 16 47 c8 23 26
        Data Ascii: F"n@vJ>]Z)vMM{8f`,cSj>FFh96wJL\iev&G#&iundxwS.C$#uo$#<brxhF?9eR_%o14lZ}q0Iui.z|B&BOsR`BC>6i0'zm<xw}h^C=3+
        Jan 15, 2025 18:24:20.163125992 CET370OUTGET /favicon.ico HTTP/1.1
        Host: 141.8.192.169
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
        Referer: http://141.8.192.169/
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Jan 15, 2025 18:24:21.020309925 CET1236INHTTP/1.1 404 Not Found
        Server: openresty
        Date: Wed, 15 Jan 2025 17:24:20 GMT
        Content-Type: text/html
        Transfer-Encoding: chunked
        Connection: keep-alive
        Vary: Accept-Encoding
        Content-Encoding: gzip
        Data Raw: 33 61 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 9d 6d 8f 64 c7 75 98 bf eb 57 b4 47 30 24 c5 9a de ee be f7 76 df de 17 22 c6 c8 06 03 0c 11 03 52 16 30 bf 10 b3 33 bd bb 6d cd ce 4c 66 7a b9 4b 13 02 24 25 76 02 38 81 82 44 48 02 04 b1 69 07 f9 e4 2f 8c 64 46 b4 25 51 00 7f c1 ec 5f f0 2f c9 f3 9c 7a e9 9e d9 d9 17 3a 06 82 00 4d 41 1c 9e be 75 eb 56 9d 3a 75 de ab ce dd df fa ce 3f df fb de 1f fe c1 ef 0d 1e af 9e 1c bf f3 b5 bb fe 19 1c 1f 9c 3c ba b7 b3 38 d9 f1 87 c5 c1 d1 3b 5f 1b f0 cf dd 27 8b d5 c1 e0 f0 f1 c1 f9 c5 62 75 6f e7 5f 7c ef f7 77 7b 5a c4 a3 d5 72 75 bc 78 e7 f2 cf 5f fc db cb cf 2f ff d7 e5 df 5d 7e 3a 68 47 ed e8 ee ad f4 60 e3 fd 93 83 27 8b 7b 3b 1f 2e 17 cf ce 4e cf 57 3b 83 c3 d3 93 d5 e2 84 fe 9e 2d 8f 56 8f ef 1d 2d 3e 5c 1e 2e 76 03 f8 f6 60 79 b2 5c 2d 0f 8e 77 2f 0e 0f 8e 17 f7 c6 c3 51 f9 de c5 ea 23 bb 7d 70 7a f4 d1 b7 1f 8f bf 7d f6 f1 d9 c1 d1 d1 f2 e4 d1 ed d1 9d 27 07 e7 8f 96 27 b7 47 3f f8 27 1f 3f a4 ef dd 87 07 4f 96 c7 1f dd fe dd 73 3a fa f6 c5 c1 c9 [TRUNCATED]
        Data Ascii: 3abamduWG0$v"R03mLfzK$%v8DHi/dF%Q_/z:MAuV:u?<8;_'buo_|w{Zrux_/]~:hG`'{;.NW;-V->\.v`y\-w/Q#}pz}''G?'?Os:|N<~n?98N<[,=^nG-]c08w{<Gy_b'|][lolt{vp`jq^v\wy@B`=8!-9%#rp<=)P:gwvn<z2}}!?{>O<3Cd>6xs?BbY7&y_IZ>X-'/^}qSN/,`p2lMV`nt.O'L-nzon(j%vm_| N[@we7o_FwN!Yju6b7b`p2cm|sUZlLk^|fcLmq_efG7.{epW9L"X:Q\/AQO/|=p_i+P$xk*>WnS&f1 [TRUNCATED]


        020406080s020406080100

        Click to jump to process

        020406080s0.0020406080100MB

        Click to jump to process

        Target ID:0
        Start time:12:24:10
        Start date:15/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:2
        Start time:12:24:12
        Start date:15/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2032,i,11569269191890836372,7136015587659939751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:3
        Start time:12:24:18
        Start date:15/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://141.8.192.169"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        No disassembly