Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://gtp1.izatcloud.net

Overview

General Information

Sample URL:http://gtp1.izatcloud.net
Analysis ID:1427119
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2000,i,3336942844402798259,13436804117575012582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://gtp1.izatcloud.net" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: unknownDNS traffic detected: queries for: gtp1.izatcloud.net
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: classification engineClassification label: unknown0.win@18/0@4/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2000,i,3336942844402798259,13436804117575012582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://gtp1.izatcloud.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2000,i,3336942844402798259,13436804117575012582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://gtp1.izatcloud.net0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    gtp1_weighted.gtp.izatcloud.net
    		35.163.44.72
    		truefalse
      		unknown
      www.google.com
      		64.233.176.103
      		truefalse
        		high
        fp2e7a.wpc.phicdn.net
        		192.229.211.108
        		truefalse
          		unknown
          gtp1.izatcloud.net
          		unknown
          		unknownfalse
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            35.163.44.72
            		gtp1_weighted.gtp.izatcloud.netUnited States
            		16509AMAZON-02USfalse
            64.233.176.103
            		www.google.comUnited States
            		15169GOOGLEUSfalse
            44.236.159.61
            		unknownUnited States
            		16509AMAZON-02USfalse

            Private

            IP
            192.168.2.4

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1427119
            Start date and time:2024-04-17 02:40:43 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 2m 36s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:http://gtp1.izatcloud.net
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:UNKNOWN
            Classification:unknown0.win@18/0@4/5
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            Cookbook Comments:
            • URL browsing timeout or error

            Errors

            • URL not reachable

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 64.233.185.94, 172.217.215.139, 172.217.215.138, 172.217.215.102, 172.217.215.101, 172.217.215.100, 172.217.215.113, 74.125.138.84, 34.104.35.123, 52.165.165.26, 199.232.214.172, 192.229.211.108, 13.85.23.206, 20.242.39.171
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            No static file info

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Apr 17, 2024 02:41:26.299956083 CEST49678443192.168.2.4104.46.162.224
            Apr 17, 2024 02:41:27.393673897 CEST49675443192.168.2.4173.222.162.32
            Apr 17, 2024 02:41:36.098042965 CEST4973580192.168.2.435.163.44.72
            Apr 17, 2024 02:41:36.098594904 CEST4973680192.168.2.435.163.44.72
            Apr 17, 2024 02:41:36.228677988 CEST4973780192.168.2.435.163.44.72
            Apr 17, 2024 02:41:36.996474981 CEST49675443192.168.2.4173.222.162.32
            Apr 17, 2024 02:41:37.105712891 CEST4973580192.168.2.435.163.44.72
            Apr 17, 2024 02:41:37.105855942 CEST4973680192.168.2.435.163.44.72
            Apr 17, 2024 02:41:37.235296965 CEST4973780192.168.2.435.163.44.72
            Apr 17, 2024 02:41:38.954617977 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:38.954643965 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:38.954714060 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:38.958277941 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:38.958292961 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:39.110049009 CEST4973680192.168.2.435.163.44.72
            Apr 17, 2024 02:41:39.110186100 CEST4973580192.168.2.435.163.44.72
            Apr 17, 2024 02:41:39.184982061 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:39.185585022 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:39.185594082 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:39.187232018 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:39.187426090 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:39.193279028 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:39.193377972 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:39.235721111 CEST4973780192.168.2.435.163.44.72
            Apr 17, 2024 02:41:39.238230944 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:39.238241911 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:39.282886982 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:39.352946043 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.353025913 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.353271961 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.356033087 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.356137037 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.583951950 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.584045887 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.587173939 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.587224007 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.587656021 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.627274990 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.664232969 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.708167076 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.782484055 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.782644987 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.782864094 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.782864094 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.782864094 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.782944918 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.817956924 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.817996025 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:39.818072081 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.818433046 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:39.818445921 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.038369894 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.038441896 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:40.039562941 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:40.039570093 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.039900064 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.041030884 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:40.084120989 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.084228992 CEST49741443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:40.084287882 CEST4434974123.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.245069027 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.245249033 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.245311022 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:40.247169018 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:40.247188091 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:40.247201920 CEST49742443192.168.2.423.63.206.91
            Apr 17, 2024 02:41:40.247205973 CEST4434974223.63.206.91192.168.2.4
            Apr 17, 2024 02:41:43.114087105 CEST4973580192.168.2.435.163.44.72
            Apr 17, 2024 02:41:43.114123106 CEST4973680192.168.2.435.163.44.72
            Apr 17, 2024 02:41:43.239789009 CEST4973780192.168.2.435.163.44.72
            Apr 17, 2024 02:41:49.170140982 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:49.170310020 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:49.170356989 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:50.937128067 CEST49740443192.168.2.464.233.176.103
            Apr 17, 2024 02:41:50.937146902 CEST4434974064.233.176.103192.168.2.4
            Apr 17, 2024 02:41:51.126235008 CEST4973580192.168.2.435.163.44.72
            Apr 17, 2024 02:41:51.126286030 CEST4973680192.168.2.435.163.44.72
            Apr 17, 2024 02:41:51.251399994 CEST4973780192.168.2.435.163.44.72
            Apr 17, 2024 02:41:57.132224083 CEST4974980192.168.2.444.236.159.61
            Apr 17, 2024 02:41:57.132229090 CEST4975080192.168.2.444.236.159.61
            Apr 17, 2024 02:41:57.260575056 CEST4975180192.168.2.444.236.159.61
            Apr 17, 2024 02:41:58.143029928 CEST4974980192.168.2.444.236.159.61
            Apr 17, 2024 02:41:58.143151045 CEST4975080192.168.2.444.236.159.61
            Apr 17, 2024 02:41:58.269247055 CEST4975180192.168.2.444.236.159.61
            Apr 17, 2024 02:42:00.144365072 CEST4974980192.168.2.444.236.159.61
            Apr 17, 2024 02:42:00.144490004 CEST4975080192.168.2.444.236.159.61
            Apr 17, 2024 02:42:00.269505978 CEST4975180192.168.2.444.236.159.61
            Apr 17, 2024 02:42:04.157803059 CEST4974980192.168.2.444.236.159.61
            Apr 17, 2024 02:42:04.158026934 CEST4975080192.168.2.444.236.159.61
            Apr 17, 2024 02:42:04.269865990 CEST4975180192.168.2.444.236.159.61
            Apr 17, 2024 02:42:12.173918962 CEST4974980192.168.2.444.236.159.61
            Apr 17, 2024 02:42:12.174523115 CEST4975080192.168.2.444.236.159.61
            Apr 17, 2024 02:42:12.283397913 CEST4975180192.168.2.444.236.159.61
            Apr 17, 2024 02:42:19.221136093 CEST4975280192.168.2.435.163.44.72
            Apr 17, 2024 02:42:19.221694946 CEST4975380192.168.2.435.163.44.72
            Apr 17, 2024 02:42:19.483295918 CEST4975480192.168.2.435.163.44.72
            Apr 17, 2024 02:42:20.225107908 CEST4975380192.168.2.435.163.44.72
            Apr 17, 2024 02:42:20.225121975 CEST4975280192.168.2.435.163.44.72
            Apr 17, 2024 02:42:20.485534906 CEST4975480192.168.2.435.163.44.72
            Apr 17, 2024 02:42:22.235443115 CEST4975280192.168.2.435.163.44.72
            Apr 17, 2024 02:42:22.235567093 CEST4975380192.168.2.435.163.44.72
            Apr 17, 2024 02:42:22.485857964 CEST4975480192.168.2.435.163.44.72
            Apr 17, 2024 02:42:26.235131025 CEST4975280192.168.2.435.163.44.72
            Apr 17, 2024 02:42:26.235136032 CEST4975380192.168.2.435.163.44.72
            Apr 17, 2024 02:42:26.486186028 CEST4975480192.168.2.435.163.44.72

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Apr 17, 2024 02:41:34.561832905 CEST53498331.1.1.1192.168.2.4
            Apr 17, 2024 02:41:34.704679012 CEST53523881.1.1.1192.168.2.4
            Apr 17, 2024 02:41:35.306420088 CEST53515121.1.1.1192.168.2.4
            Apr 17, 2024 02:41:35.961458921 CEST5829353192.168.2.41.1.1.1
            Apr 17, 2024 02:41:35.961750031 CEST5451453192.168.2.41.1.1.1
            Apr 17, 2024 02:41:36.068455935 CEST53582931.1.1.1192.168.2.4
            Apr 17, 2024 02:41:36.110956907 CEST53545141.1.1.1192.168.2.4
            Apr 17, 2024 02:41:38.847484112 CEST5132153192.168.2.41.1.1.1
            Apr 17, 2024 02:41:38.847908020 CEST4935453192.168.2.41.1.1.1
            Apr 17, 2024 02:41:38.952272892 CEST53513211.1.1.1192.168.2.4
            Apr 17, 2024 02:41:38.953015089 CEST53493541.1.1.1192.168.2.4
            Apr 17, 2024 02:41:52.500289917 CEST53494221.1.1.1192.168.2.4
            Apr 17, 2024 02:41:56.823981047 CEST138138192.168.2.4192.168.2.255
            Apr 17, 2024 02:42:11.437498093 CEST53586561.1.1.1192.168.2.4

            ICMP Packets

            TimestampSource IPDest IPChecksumCodeType
            Apr 17, 2024 02:41:36.112432003 CEST192.168.2.41.1.1.1c277(Port unreachable)Destination Unreachable

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Apr 17, 2024 02:41:35.961458921 CEST192.168.2.41.1.1.10xc7beStandard query (0)gtp1.izatcloud.netA (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:35.961750031 CEST192.168.2.41.1.1.10xc304Standard query (0)gtp1.izatcloud.net65IN (0x0001)false
            Apr 17, 2024 02:41:38.847484112 CEST192.168.2.41.1.1.10x3734Standard query (0)www.google.comA (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:38.847908020 CEST192.168.2.41.1.1.10xdbd7Standard query (0)www.google.com65IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Apr 17, 2024 02:41:36.068455935 CEST1.1.1.1192.168.2.40xc7beNo error (0)gtp1.izatcloud.netgtp1.gtpgeo.comCNAME (Canonical name)IN (0x0001)false
            Apr 17, 2024 02:41:36.068455935 CEST1.1.1.1192.168.2.40xc7beNo error (0)gtp1.gtpgeo.comgtp1_weighted.gtp.izatcloud.netCNAME (Canonical name)IN (0x0001)false
            Apr 17, 2024 02:41:36.068455935 CEST1.1.1.1192.168.2.40xc7beNo error (0)gtp1_weighted.gtp.izatcloud.net35.163.44.72A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:36.068455935 CEST1.1.1.1192.168.2.40xc7beNo error (0)gtp1_weighted.gtp.izatcloud.net44.236.159.61A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:36.110956907 CEST1.1.1.1192.168.2.40xc304No error (0)gtp1.izatcloud.netgtp1.gtpgeo.comCNAME (Canonical name)IN (0x0001)false
            Apr 17, 2024 02:41:36.110956907 CEST1.1.1.1192.168.2.40xc304No error (0)gtp1.gtpgeo.comgtp1_weighted.gtp.izatcloud.netCNAME (Canonical name)IN (0x0001)false
            Apr 17, 2024 02:41:38.952272892 CEST1.1.1.1192.168.2.40x3734No error (0)www.google.com64.233.176.103A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:38.952272892 CEST1.1.1.1192.168.2.40x3734No error (0)www.google.com64.233.176.147A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:38.952272892 CEST1.1.1.1192.168.2.40x3734No error (0)www.google.com64.233.176.105A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:38.952272892 CEST1.1.1.1192.168.2.40x3734No error (0)www.google.com64.233.176.99A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:38.952272892 CEST1.1.1.1192.168.2.40x3734No error (0)www.google.com64.233.176.104A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:38.952272892 CEST1.1.1.1192.168.2.40x3734No error (0)www.google.com64.233.176.106A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:38.953015089 CEST1.1.1.1192.168.2.40xdbd7No error (0)www.google.com65IN (0x0001)false
            Apr 17, 2024 02:41:50.493521929 CEST1.1.1.1192.168.2.40x2e96No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:50.493521929 CEST1.1.1.1192.168.2.40x2e96No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
            Apr 17, 2024 02:41:51.040848970 CEST1.1.1.1192.168.2.40x97e0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Apr 17, 2024 02:41:51.040848970 CEST1.1.1.1192.168.2.40x97e0No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
            Apr 17, 2024 02:42:03.722423077 CEST1.1.1.1192.168.2.40x9314No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Apr 17, 2024 02:42:03.722423077 CEST1.1.1.1192.168.2.40x9314No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
            Apr 17, 2024 02:42:26.590989113 CEST1.1.1.1192.168.2.40xf0e0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Apr 17, 2024 02:42:26.590989113 CEST1.1.1.1192.168.2.40xf0e0No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • fs.microsoft.com

            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.44974123.63.206.91443
            TimestampBytes transferredDirectionData
            2024-04-17 00:41:39 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-04-17 00:41:39 UTC468INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (chd/079C)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-eus2-z1
            Cache-Control: public, max-age=109319
            Date: Wed, 17 Apr 2024 00:41:39 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.44974223.63.206.91443
            TimestampBytes transferredDirectionData
            2024-04-17 00:41:40 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-04-17 00:41:40 UTC531INHTTP/1.1 200 OK
            Content-Type: application/octet-stream
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
            Cache-Control: public, max-age=109328
            Date: Wed, 17 Apr 2024 00:41:40 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-04-17 00:41:40 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:02:41:30
            Start date:17/04/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:02:41:32
            Start date:17/04/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2000,i,3336942844402798259,13436804117575012582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:02:41:34
            Start date:17/04/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://gtp1.izatcloud.net"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            No disassembly