Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://amzaon.co.jp.luqizhubao.com/660ebca95ab13

Overview

General Information

Sample URL:https://amzaon.co.jp.luqizhubao.com/660ebca95ab13
Analysis ID:1433038
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2080,i,17146080646938076273,6779086513089962324,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://amzaon.co.jp.luqizhubao.com/660ebca95ab13" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://amzaon.co.jp.luqizhubao.com/660ebca95ab13Avira URL Cloud: detection malicious, Label: phishing
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /660ebca95ab13 HTTP/1.1Host: amzaon.co.jp.luqizhubao.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: amzaon.co.jp.luqizhubao.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: classification engineClassification label: mal48.win@20/0@8/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2080,i,17146080646938076273,6779086513089962324,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://amzaon.co.jp.luqizhubao.com/660ebca95ab13"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2080,i,17146080646938076273,6779086513089962324,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://amzaon.co.jp.luqizhubao.com/660ebca95ab13100%Avira URL Cloudphishing
https://amzaon.co.jp.luqizhubao.com/660ebca95ab134%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    amzaon.co.jp.luqizhubao.com
    		43.130.244.80
    		truefalse
      		unknown
      www.google.com
      		142.250.191.196
      		truefalse
        		high
        fp2e7a.wpc.phicdn.net
        		192.229.211.108
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://amzaon.co.jp.luqizhubao.com/660ebca95ab13true
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            43.130.244.80
            		amzaon.co.jp.luqizhubao.comJapan4249LILLY-ASUSfalse
            142.250.191.196
            		www.google.comUnited States
            		15169GOOGLEUSfalse

            Private

            IP
            192.168.2.4
            127.0.0.1

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1433038
            Start date and time:2024-04-29 01:25:22 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 7s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:https://amzaon.co.jp.luqizhubao.com/660ebca95ab13
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:9
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal48.win@20/0@8/5
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 172.217.2.35, 142.250.191.206, 142.251.166.84, 34.104.35.123, 23.11.208.106, 69.192.208.109, 40.127.169.103, 199.232.214.172, 192.229.211.108, 20.3.187.198, 13.95.31.18, 172.217.1.99
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            No static file info

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Apr 29, 2024 01:26:04.550837994 CEST49678443192.168.2.4104.46.162.224
            Apr 29, 2024 01:26:05.082004070 CEST49675443192.168.2.4173.222.162.32
            Apr 29, 2024 01:26:14.689817905 CEST49675443192.168.2.4173.222.162.32
            Apr 29, 2024 01:26:17.227993011 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.228039026 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.228118896 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.258924007 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.258960962 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.259015083 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.259862900 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:17.259871960 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:17.259928942 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:17.263876915 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:17.263895035 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:17.264359951 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.264374971 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.264902115 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.264925957 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.515785933 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:17.516519070 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:17.516534090 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:17.518467903 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:17.518536091 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:17.522479057 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:17.522643089 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:17.566299915 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:17.566317081 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:17.614814997 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:17.799335957 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.799869061 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.799897909 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.801356077 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.801425934 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.803914070 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.803997040 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.804192066 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.804199934 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.805959940 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.806215048 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.806230068 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.807682037 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:17.807760000 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.808198929 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:17.808278084 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:18.000468969 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:18.000551939 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:18.000571966 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:18.204610109 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:18.590724945 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:18.590912104 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:18.591115952 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:18.644792080 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:18.644824982 CEST4434973743.130.244.80192.168.2.4
            Apr 29, 2024 01:26:18.644850016 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:18.644866943 CEST49737443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:27.500745058 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:27.500798941 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:27.500938892 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:30.329631090 CEST49739443192.168.2.4142.250.191.196
            Apr 29, 2024 01:26:30.329657078 CEST44349739142.250.191.196192.168.2.4
            Apr 29, 2024 01:26:38.090676069 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:38.090756893 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:26:38.090898991 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:39.923970938 CEST49738443192.168.2.443.130.244.80
            Apr 29, 2024 01:26:39.923998117 CEST4434973843.130.244.80192.168.2.4
            Apr 29, 2024 01:27:15.135854959 CEST49772443192.168.2.4142.250.191.196
            Apr 29, 2024 01:27:15.135895014 CEST44349772142.250.191.196192.168.2.4
            Apr 29, 2024 01:27:15.136029959 CEST49772443192.168.2.4142.250.191.196
            Apr 29, 2024 01:27:15.136836052 CEST49772443192.168.2.4142.250.191.196
            Apr 29, 2024 01:27:15.136856079 CEST44349772142.250.191.196192.168.2.4
            Apr 29, 2024 01:27:15.376400948 CEST44349772142.250.191.196192.168.2.4
            Apr 29, 2024 01:27:15.376750946 CEST49772443192.168.2.4142.250.191.196
            Apr 29, 2024 01:27:15.376774073 CEST44349772142.250.191.196192.168.2.4
            Apr 29, 2024 01:27:15.377871037 CEST44349772142.250.191.196192.168.2.4
            Apr 29, 2024 01:27:15.378230095 CEST49772443192.168.2.4142.250.191.196
            Apr 29, 2024 01:27:15.378370047 CEST44349772142.250.191.196192.168.2.4
            Apr 29, 2024 01:27:15.517877102 CEST49772443192.168.2.4142.250.191.196
            Apr 29, 2024 01:27:23.503315926 CEST4972380192.168.2.4199.232.210.172
            Apr 29, 2024 01:27:23.503473043 CEST4972480192.168.2.4199.232.210.172
            Apr 29, 2024 01:27:23.612816095 CEST8049723199.232.210.172192.168.2.4
            Apr 29, 2024 01:27:23.612831116 CEST8049723199.232.210.172192.168.2.4
            Apr 29, 2024 01:27:23.612842083 CEST8049724199.232.210.172192.168.2.4
            Apr 29, 2024 01:27:23.612852097 CEST8049724199.232.210.172192.168.2.4
            Apr 29, 2024 01:27:23.612870932 CEST4972380192.168.2.4199.232.210.172
            Apr 29, 2024 01:27:23.612915993 CEST4972480192.168.2.4199.232.210.172
            Apr 29, 2024 01:27:25.362165928 CEST44349772142.250.191.196192.168.2.4
            Apr 29, 2024 01:27:25.362323999 CEST44349772142.250.191.196192.168.2.4
            Apr 29, 2024 01:27:25.362396955 CEST49772443192.168.2.4142.250.191.196
            Apr 29, 2024 01:27:27.036151886 CEST49772443192.168.2.4142.250.191.196
            Apr 29, 2024 01:27:27.036209106 CEST44349772142.250.191.196192.168.2.4

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Apr 29, 2024 01:26:10.987848043 CEST53619861.1.1.1192.168.2.4
            Apr 29, 2024 01:26:11.004057884 CEST53592571.1.1.1192.168.2.4
            Apr 29, 2024 01:26:12.999383926 CEST53654551.1.1.1192.168.2.4
            Apr 29, 2024 01:26:15.517829895 CEST5560653192.168.2.41.1.1.1
            Apr 29, 2024 01:26:15.518193960 CEST5958353192.168.2.41.1.1.1
            Apr 29, 2024 01:26:15.542164087 CEST6054253192.168.2.41.1.1.1
            Apr 29, 2024 01:26:15.542892933 CEST5836653192.168.2.41.1.1.1
            Apr 29, 2024 01:26:15.628412962 CEST53556061.1.1.1192.168.2.4
            Apr 29, 2024 01:26:15.628719091 CEST53595831.1.1.1192.168.2.4
            Apr 29, 2024 01:26:15.668524981 CEST53605421.1.1.1192.168.2.4
            Apr 29, 2024 01:26:15.705209970 CEST53583661.1.1.1192.168.2.4
            Apr 29, 2024 01:26:17.046195030 CEST5097453192.168.2.41.1.1.1
            Apr 29, 2024 01:26:17.048634052 CEST6166753192.168.2.41.1.1.1
            Apr 29, 2024 01:26:17.048780918 CEST6270553192.168.2.41.1.1.1
            Apr 29, 2024 01:26:17.048892021 CEST5592153192.168.2.41.1.1.1
            Apr 29, 2024 01:26:17.156900883 CEST53509741.1.1.1192.168.2.4
            Apr 29, 2024 01:26:17.163503885 CEST53616671.1.1.1192.168.2.4
            Apr 29, 2024 01:26:17.187539101 CEST53627051.1.1.1192.168.2.4
            Apr 29, 2024 01:26:17.187854052 CEST53559211.1.1.1192.168.2.4
            Apr 29, 2024 01:26:32.041944981 CEST53545431.1.1.1192.168.2.4
            Apr 29, 2024 01:26:36.647130013 CEST138138192.168.2.4192.168.2.255
            Apr 29, 2024 01:26:52.892462969 CEST53652581.1.1.1192.168.2.4
            Apr 29, 2024 01:27:10.876332998 CEST53632051.1.1.1192.168.2.4
            Apr 29, 2024 01:27:17.443167925 CEST53647241.1.1.1192.168.2.4

            ICMP Packets

            TimestampSource IPDest IPChecksumCodeType
            Apr 29, 2024 01:26:17.157088995 CEST192.168.2.41.1.1.1c1f4(Port unreachable)Destination Unreachable
            Apr 29, 2024 01:27:10.895127058 CEST192.168.2.41.1.1.1c250(Port unreachable)Destination Unreachable

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Apr 29, 2024 01:26:15.517829895 CEST192.168.2.41.1.1.10x1948Standard query (0)www.google.comA (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:15.518193960 CEST192.168.2.41.1.1.10x9bacStandard query (0)www.google.com65IN (0x0001)false
            Apr 29, 2024 01:26:15.542164087 CEST192.168.2.41.1.1.10x53f7Standard query (0)amzaon.co.jp.luqizhubao.comA (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:15.542892933 CEST192.168.2.41.1.1.10x48dbStandard query (0)amzaon.co.jp.luqizhubao.com65IN (0x0001)false
            Apr 29, 2024 01:26:17.046195030 CEST192.168.2.41.1.1.10x8dffStandard query (0)www.google.comA (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:17.048634052 CEST192.168.2.41.1.1.10xc5baStandard query (0)www.google.com65IN (0x0001)false
            Apr 29, 2024 01:26:17.048780918 CEST192.168.2.41.1.1.10xd6bStandard query (0)amzaon.co.jp.luqizhubao.comA (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:17.048892021 CEST192.168.2.41.1.1.10xd722Standard query (0)amzaon.co.jp.luqizhubao.com65IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Apr 29, 2024 01:26:15.628412962 CEST1.1.1.1192.168.2.40x1948No error (0)www.google.com142.250.191.196A (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:15.628719091 CEST1.1.1.1192.168.2.40x9bacNo error (0)www.google.com65IN (0x0001)false
            Apr 29, 2024 01:26:15.668524981 CEST1.1.1.1192.168.2.40x53f7No error (0)amzaon.co.jp.luqizhubao.com43.130.244.80A (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:17.156900883 CEST1.1.1.1192.168.2.40x8dffNo error (0)www.google.com172.217.4.196A (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:17.163503885 CEST1.1.1.1192.168.2.40xc5baNo error (0)www.google.com65IN (0x0001)false
            Apr 29, 2024 01:26:17.187539101 CEST1.1.1.1192.168.2.40xd6bNo error (0)amzaon.co.jp.luqizhubao.com43.130.244.80A (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:27.470963001 CEST1.1.1.1192.168.2.40x56f7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:27.470963001 CEST1.1.1.1192.168.2.40x56f7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:27.846904993 CEST1.1.1.1192.168.2.40xf282No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Apr 29, 2024 01:26:27.846904993 CEST1.1.1.1192.168.2.40xf282No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
            Apr 29, 2024 01:26:44.711405993 CEST1.1.1.1192.168.2.40x43a9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Apr 29, 2024 01:26:44.711405993 CEST1.1.1.1192.168.2.40x43a9No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
            Apr 29, 2024 01:27:10.876581907 CEST1.1.1.1192.168.2.40x6162No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Apr 29, 2024 01:27:10.876581907 CEST1.1.1.1192.168.2.40x6162No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
            Apr 29, 2024 01:27:10.895076036 CEST1.1.1.1192.168.2.40x6162No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Apr 29, 2024 01:27:10.895076036 CEST1.1.1.1192.168.2.40x6162No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
            Apr 29, 2024 01:27:26.474097967 CEST1.1.1.1192.168.2.40x368dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Apr 29, 2024 01:27:26.474097967 CEST1.1.1.1192.168.2.40x368dNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • amzaon.co.jp.luqizhubao.com

            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.44973743.130.244.804434908C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-04-28 23:26:17 UTC683OUTGET /660ebca95ab13 HTTP/1.1
            Host: amzaon.co.jp.luqizhubao.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-04-28 23:26:18 UTC665INHTTP/1.1 302 Found
            Date: Sun, 28 Apr 2024 23:26:18 GMT
            Server: Apache
            Expires: Thu, 19 Nov 1981 08:52:00 GMT
            Cache-Control: no-store, no-cache, must-revalidate
            Pragma: no-cache
            Set-Cookie: PHPSESSID=qttll2i77pf946i3udbiaepakl; path=/
            Access-Control-Allow-Origin: *
            Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE
            Content-Security-Policy: frame-ancestors 'none'
            X-Content-Type-Options: nosniff
            X-Dns-Prefetch-Control: off
            X-Frame-Options: SAMEORIGIN
            x-xss-protection: 1; mode=block
            Upgrade-Insecure-Requests: 1
            Upgrade: h2
            Connection: Upgrade, close
            Location: http://localhost
            Content-Length: 0
            Content-Type: text/html; charset=UTF-8


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:01:26:07
            Start date:29/04/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:01:26:09
            Start date:29/04/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2080,i,17146080646938076273,6779086513089962324,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:01:26:14
            Start date:29/04/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://amzaon.co.jp.luqizhubao.com/660ebca95ab13"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            No disassembly