Windows Analysis Report
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901

Overview

General Information

Sample URL:	http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901
Analysis ID:	1417449
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Uses known network protocols on non-standard ports

HTML body with high number of embedded SVGs detected

Classification

Signatures

HTML body with high number of embedded SVGs detected

Source: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901	HTTP Parser: Total embedded SVG size: 117147
Source: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index	HTTP Parser: Total embedded SVG size: 117147

Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49744 version: TLS 1.2

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/index?fileIndex=1316901 HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/css/chunk-libs.ea078ece.css HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/css/app.31397f89.css HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/js/chunk-elementUI.64aa4b88.js HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/js/chunk-libs.dab5b76b.js HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/js/app.8205f3ab.js HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/byd-logo.e783d38f.png HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/avatar.66caf070.png HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/dark.412ca67e.svg HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/light.4183aad0.svg HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/fonts/element-icons.535877f5.woff HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveOrigin: http://wetalk.bydauto.com.cn:8010User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/css/app.31397f89.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/favicon.ico HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/light.4183aad0.svg HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /VehicleDiagnoseAPI/api/VehicleDiagnose/PostAllFileContent HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/dark.412ca67e.svg HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/byd-logo.e783d38f.png HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/avatar.66caf070.png HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/favicon.ico HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/ HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/index HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: wetalk.bydauto.com.cn

Source: unknown

HTTP traffic detected: POST /VehicleDiagnoseAPI/api/VehicleDiagnose/PostAllFileContent HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveContent-Length: 11Content-Type: application/json;charset=UTF-8Accept: application/json, text/plain, */*Authorization: Basic TmNtQVBJVXNlcjpOY21fUTF3MmUzcjQ=User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Language: zh_CNOrigin: http://wetalk.bydauto.com.cn:8010Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 5b 22 31 33 31 36 39 30 31 22 5d Data Ascii: ["1316901"]

Source: chromecache_80.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_80.1.dr	String found in binary or memory: http://ricostacruz.com/nprogress
Source: chromecache_80.1.dr	String found in binary or memory: https://clipboardjs.com/
Source: chromecache_80.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_80.1.dr	String found in binary or memory: https://github.com/facebook/regenerator/blob/main/LICENSE
Source: chromecache_72.1.dr, chromecache_80.1.dr	String found in binary or memory: https://quilljs.com/
Source: chromecache_75.1.dr	String found in binary or memory: https://unpkg.com/element-ui

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443

Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: sus20.troj.win@23/36@9/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2096,i,14762403124369285603,17355134853304909254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2096,i,14762403124369285603,17355134853304909254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
116.6.195.84	wetalk.sfmoa.bydauto.com.cn	China	4809	CHINATELECOM-CORE-WAN-CN2ChinaTelecomNextGenerationCarr	false
142.251.163.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
wetalk.sfmoa.bydauto.com.cn	116.6.195.84	true
www.google.com	142.251.163.147	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
windowsupdatebg.s.llnwi.net	69.164.0.0	true
_8010._https.wetalk.bydauto.com.cn	unknown	unknown
wetalk.bydauto.com.cn	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/fonts/element-icons.535877f5.woff	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/js/chunk-libs.dab5b76b.js	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/js/chunk-elementUI.64aa4b88.js	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/js/app.8205f3ab.js	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/img/avatar.66caf070.png	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index	false		unknown
http://wetalk.bydauto.com.cn:8010/VehicleDiagnoseAPI/api/VehicleDiagnose/PostAllFileContent	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/img/light.4183aad0.svg	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/img/dark.412ca67e.svg	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/css/chunk-libs.ea078ece.css	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/favicon.ico	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901	false		unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/css/app.31397f89.css	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/	false	Avira URL Cloud: safe	unknown
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/img/byd-logo.e783d38f.png	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 60	SVG Scalable Vector Graphics image	4183AAD0F450979539478F153B816DB0	9FD005C207518961CD3231DF2F885E22DD4C3CF3	A053CE48A3FD7123D10D747A9616C564CD2B3CD431BA1F13D0C277062B2F612C
Chrome Cache Entry: 61	JSON data	92682E253E25F98203692604986536DD	BC2888484F66EFC8C2C0D8D573D6467775DE37AE	410A6AA1EA26406C45D60454AA2A1442C53CAE14AF6D7F1208E54FBA9B19CCBC
Chrome Cache Entry: 62	HTML document, Unicode text, UTF-8 text, with very long lines (1916), with CRLF, LF line terminators	CC6D4B28A238FB0DBD33C5AF997CC068	D6403FDF1B7DF5C5643813AE22757F7701385818	8CD149BECB904217944B24275657BD4BEE497C96D54D586302563338DBD80898
Chrome Cache Entry: 63	PNG image data, 1135 x 681, 8-bit/color RGBA, non-interlaced	E783D38F646ACF34FBC8940BE6FA9CFB	AB225F39440C283C580D7BAACCB720A48B301186	3262B5910029895A5B8888B7A7104668B3BCF02A2F1AECA9C9F1CD9E859EA923
Chrome Cache Entry: 64	Unicode text, UTF-8 text, with very long lines (64974), with no line terminators	E7C3FDD7DBA1412968479F601FF8B8C7	3832AF16D4904F32751F7947377F403C905E51D5	962DD6702635455A913B0FC22CCD55EF60FC99F2D8C8A51485E6018A670AB077
Chrome Cache Entry: 65	HTML document, Unicode text, UTF-8 text, with very long lines (1916), with CRLF, LF line terminators	CC6D4B28A238FB0DBD33C5AF997CC068	D6403FDF1B7DF5C5643813AE22757F7701385818	8CD149BECB904217944B24275657BD4BEE497C96D54D586302563338DBD80898
Chrome Cache Entry: 66	SVG Scalable Vector Graphics image	412CA67EE39F5966EA6F33BB8261B46D	FBCE6F5F2D14D0483CB0166F99F3EADAA646AF26	78BA5F5304D8AC06F37DBCB8248123537349FF8580C5A28FEB01D888E7D2EA8C
Chrome Cache Entry: 67	PNG image data, 215 x 215, 8-bit colormap, non-interlaced	66CAF070A729D6FFA055538A1CA95F79	FA772ED110E7EA98F927884BC61C118FC3FD77A8	E916C5B50814689DD22EFC39D617036BE62B5D6B64C0F7AE1AF5EE8BE09AC180
Chrome Cache Entry: 68	PNG image data, 64 x 64, 8-bit colormap, non-interlaced	DB8DA358B75F74FAE4DDD19084D60318	D143F82381A782DBB00428D26119EF5ED4A0E271	D323789BC44AE4A018D34E287E875F6F278E98FB680C2E7F1017B6A4340EC2C2
Chrome Cache Entry: 69	PNG image data, 1135 x 681, 8-bit/color RGBA, non-interlaced	E783D38F646ACF34FBC8940BE6FA9CFB	AB225F39440C283C580D7BAACCB720A48B301186	3262B5910029895A5B8888B7A7104668B3BCF02A2F1AECA9C9F1CD9E859EA923
Chrome Cache Entry: 70	PNG image data, 215 x 215, 8-bit colormap, non-interlaced	66CAF070A729D6FFA055538A1CA95F79	FA772ED110E7EA98F927884BC61C118FC3FD77A8	E916C5B50814689DD22EFC39D617036BE62B5D6B64C0F7AE1AF5EE8BE09AC180
Chrome Cache Entry: 71	SVG Scalable Vector Graphics image	412CA67EE39F5966EA6F33BB8261B46D	FBCE6F5F2D14D0483CB0166F99F3EADAA646AF26	78BA5F5304D8AC06F37DBCB8248123537349FF8580C5A28FEB01D888E7D2EA8C
Chrome Cache Entry: 72	ASCII text, with very long lines (22707)	09087AC11E8CF31DBCCF1A43B34F7541	D998DE0A4682F7DC96FCE2B0516AF6E5DD0746BA	58791D5EA3DE6ECEC9490D54CC6DFDE017D8BD3EE7D0AF94A6DC816BC6E8901A
Chrome Cache Entry: 73	HTML document, Unicode text, UTF-8 text, with very long lines (1916), with CRLF, LF line terminators	CC6D4B28A238FB0DBD33C5AF997CC068	D6403FDF1B7DF5C5643813AE22757F7701385818	8CD149BECB904217944B24275657BD4BEE497C96D54D586302563338DBD80898
Chrome Cache Entry: 74	ASCII text, with very long lines (65536), with no line terminators	D3CBD049DD5EA1D87A198B5A31FA31C7	7997436E325BE81B808F76AB28AB7F2AEE942D12	BE23728E0B066DB19B2F1314CB9826AE492BF6A3E94DBB5DDEC0D15A7D6BDA07
Chrome Cache Entry: 75	HTML document, Unicode text, UTF-8 text, with very long lines (65296), with no line terminators	197734867EF594B8D5480AB9183912D5	C1618DC4658C2704E54BDA5DF91C7D054C2C17C0	1C597FAB30628DFF0C1E77537638AFAD77CA313EC1EC5B58366CAAC4E10883FD
Chrome Cache Entry: 76	Web Open Font Format, TrueType, length 28200, version 1.0	535877F50039C0CB49A6196A5B7517CD	0000C4E27D38F9F8BBE4E58B5CE2477E589507A7	AB40A58972BE2CEAB32E7E35DAB3131B959AAE63835D7BDA1A79AE51F9A73C17
Chrome Cache Entry: 77	ASCII text, with no line terminators	46DF3E5E2D15256CA16616EBFDA5427F	BE8F9B307E458075DA0D43585A05F1D451469182	AF3248D0B278571EFF9A22F8ED1CEB54B70D202B44FD70ECA4CA13A5771CECC3
Chrome Cache Entry: 78	PNG image data, 64 x 64, 8-bit colormap, non-interlaced	DB8DA358B75F74FAE4DDD19084D60318	D143F82381A782DBB00428D26119EF5ED4A0E271	D323789BC44AE4A018D34E287E875F6F278E98FB680C2E7F1017B6A4340EC2C2
Chrome Cache Entry: 79	SVG Scalable Vector Graphics image	4183AAD0F450979539478F153B816DB0	9FD005C207518961CD3231DF2F885E22DD4C3CF3	A053CE48A3FD7123D10D747A9616C564CD2B3CD431BA1F13D0C277062B2F612C
Chrome Cache Entry: 80	Unicode text, UTF-8 text, with very long lines (48097)	2D0D57798FFB454707C1BBA3113AC84C	27624B71E541D2099F73323E7D68B4029C6793F4	B41A12089FDE02BA85002888E104A1D8D01330E3870262D457388741BC02E41C

HTML body with high number of embedded SVGs detected

Source: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901	HTTP Parser: Total embedded SVG size: 117147
Source: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index	HTTP Parser: Total embedded SVG size: 117147

Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49744 version: TLS 1.2

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/index?fileIndex=1316901 HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/css/chunk-libs.ea078ece.css HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/css/app.31397f89.css HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/js/chunk-elementUI.64aa4b88.js HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/js/chunk-libs.dab5b76b.js HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/js/app.8205f3ab.js HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/byd-logo.e783d38f.png HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/avatar.66caf070.png HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/dark.412ca67e.svg HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/light.4183aad0.svg HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/fonts/element-icons.535877f5.woff HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveOrigin: http://wetalk.bydauto.com.cn:8010User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/static/css/app.31397f89.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/favicon.ico HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/light.4183aad0.svg HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /VehicleDiagnoseAPI/api/VehicleDiagnose/PostAllFileContent HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/dark.412ca67e.svg HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/byd-logo.e783d38f.png HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/static/img/avatar.66caf070.png HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/favicon.ico HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/ HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vehiclediagnose/index HTTP/1.1Host: wetalk.bydauto.com.cn:8010Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: wetalk.bydauto.com.cn

Source: unknown

Source: chromecache_80.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_80.1.dr	String found in binary or memory: http://ricostacruz.com/nprogress
Source: chromecache_80.1.dr	String found in binary or memory: https://clipboardjs.com/
Source: chromecache_80.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_80.1.dr	String found in binary or memory: https://github.com/facebook/regenerator/blob/main/LICENSE
Source: chromecache_72.1.dr, chromecache_80.1.dr	String found in binary or memory: https://quilljs.com/
Source: chromecache_75.1.dr	String found in binary or memory: https://unpkg.com/element-ui

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443

Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: sus20.troj.win@23/36@9/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2096,i,14762403124369285603,17355134853304909254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2096,i,14762403124369285603,17355134853304909254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8010
Source: unknown	Network traffic detected: HTTP traffic on port 8010 -> 49739

ID:	1417449
Product:	CloudBasic
Start time:	10:20:51
Start date:	29.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://wetalk.bydauto.com.cn:8010/vehiclediagnose/index?fileIndex=1316901