Edit tour

Windows Analysis Report
https://147.45.47.87

Overview

General Information

Sample URL:	https://147.45.47.87
Analysis ID:	1428730
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://147.45.47.87/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1948,i,12371524971379940788,13046372564779161318,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://147.45.47.87/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 147.45.47.87Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Host: 147.45.47.87Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://147.45.47.87/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Host: 147.45.47.87Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 147.45.47.87Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://147.45.47.87/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=AK25oz7OP7m3lls&MD=Hl2gEEFB HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=AK25oz7OP7m3lls&MD=Hl2gEEFB HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 Apr 2024 12:16:06 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 275Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_60.1.dr	String found in binary or memory: http://httpd.apache.org/docs/2.4/mod/mod_userdir.html
Source: chromecache_60.1.dr	String found in binary or memory: https://bugs.launchpad.net/ubuntu/
Source: chromecache_60.1.dr	String found in binary or memory: https://launchpad.net/bugs/1966004

Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/13@2/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://147.45.47.87/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1948,i,12371524971379940788,13046372564779161318,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1948,i,12371524971379940788,13046372564779161318,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	74.125.136.99	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://147.45.47.87/icons/ubuntu-logo.png	false	unknown
https://147.45.47.87/favicon.ico	false	unknown
https://147.45.47.87/	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://bugs.launchpad.net/ubuntu/	chromecache_60.1.dr	false	high
https://launchpad.net/bugs/1966004	chromecache_60.1.dr	false	high
http://httpd.apache.org/docs/2.4/mod/mod_userdir.html	chromecache_60.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
147.45.47.87	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.125.136.99	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428730
Start date and time:	2024-04-19 14:15:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://147.45.47.87
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/13@2/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.185.94, 64.233.176.102, 64.233.176.139, 64.233.176.138, 64.233.176.100, 64.233.176.101, 64.233.176.113, 64.233.177.84, 34.104.35.123, 172.217.215.94, 142.250.105.139, 142.250.105.101, 142.250.105.100, 142.250.105.102, 142.250.105.113, 142.250.105.138
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://147.45.47.87

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 11:16:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9810165914959033
Encrypted:	false
SSDEEP:	48:8kOdzT7frHDidAKZdA1FehwiZUklqehey+3:8kaXRty
MD5:	43FD3005F744BE0C55C3824E0859435F
SHA1:	6974D919449F0D85427825DF2B5EAD1A33F62664
SHA-256:	98F312160F6E5FD9BD8D8B8A1D022ECED36E7E6F9E67567C05BA1613D7F5DC7C
SHA-512:	787DD57AC00CA3EE8978AA7C7AB68B8C4391CCFF21A5CA1C71182CD5547036FF14782AA528FFCE1E2DFA24576599C91B74B0B26B39CA0CB45B2AA256DA16B1D6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....&..YS...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............3.'.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 11:16:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.996719465608169
Encrypted:	false
SSDEEP:	48:8uOdzT7frHDidAKZdA1seh/iZUkAQkqehdy+2:8uaXH9Q0y
MD5:	59A796AED9F76A43F06FF18E8A3D27FE
SHA1:	DDAE60A49F26A7BE9C068D303886CA0284E9B8A7
SHA-256:	D7F2013349C4EA74496476205BA5C45ABF0C975B05B2E967C8E5071146DB432F
SHA-512:	74750271ECED73C8CE6958F5A7914CDA303F59C891711E30DCE7555BC391A3C97B46D21AAFDBA3FE8683536CA1D17D7E51FC2523AA76DFABFCAE6235FB39E822
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....w#.YS...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............3.'.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.004908867524889
Encrypted:	false
SSDEEP:	48:8IOdzT7fAHDidAKZdA14meh7sFiZUkmgqeh7s7y+BX:8IaXinRy
MD5:	5E99A7F6A81FE26AD41C7BE4D02A8842
SHA1:	DBD2C40C224154A8C342170A95832E204E032B6B
SHA-256:	220EC9C6F151FDA922453C25F267B394F603E36294789F770DF4D98EED4AAF73
SHA-512:	03864B8EABDEA25D96E7BC5AABCD68F23F1D7AE5FB3BAD86F6FFA7A5F35842BC3F65289FD1FAB687BD226BBBFEAB764218B1E9D14E3CE92D08FF96684307D844
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............3.'.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 11:16:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9960784135368836
Encrypted:	false
SSDEEP:	48:8WOdzT7frHDidAKZdA1TehDiZUkwqehZy+R:8WaX0jy
MD5:	AAE1B360C6FA1BE747DF0F5E13ABDFA9
SHA1:	EAC8EA02E9E6C17F60B4CCAF965F566CD60259BE
SHA-256:	B83E28B64A56C52D7FED4E5DB7BB795347D02274D75780D4E788C82B3B3206B2
SHA-512:	8C2A5B9DE621A4DB1F9F0EAB782C75C6EB6B11DB28E1DD71C173DD7C71D9481431811BC096C4792DC964CB098D8C256751A5B59911E63DCC20AE59E1576555E3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......YS...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............3.'.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 11:16:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9805256704474967
Encrypted:	false
SSDEEP:	48:8fOdzT7frHDidAKZdA1dehBiZUk1W1qeh/y+C:8faX09fy
MD5:	552E5BEA714BA9E224C12B551DFE5127
SHA1:	692FB6BDCD2ADF49D4EF20E9CCCBDD3FA97872A0
SHA-256:	E7C23D1ADAE144B709EFDA079D273B259AD9D8985EF65BF8179486AE801AA18B
SHA-512:	4BDF654334B0B10A692E6BCB337A49B62BA318269221417C593A09829BCEC2351D112FB8682EF8DF8206017BB6AA4FF2A7DEF7B29821ACA9EF056DE855AD29DD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....y..YS...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............3.'.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 11:16:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.991998066597501
Encrypted:	false
SSDEEP:	48:8lOdzT7frHDidAKZdA1duTeehOuTbbiZUk5OjqehOuTbRy+yT+:8laXGTfTbxWOvTbRy7T
MD5:	E00FBFD0B33E88601F8286B6F5A8E02A
SHA1:	4B9F792A0B1A8EB5A364C2D4394243ED828BC779
SHA-256:	CD96904DF8A451DD63876D9D5487AE8ED192AFDFBE0AD19C9FE502CC6E57D210
SHA-512:	A7153854F1645273782872457E9259BF1B12D6038AE43FAA4C04C7019328FAE77E6C0D3B82F23546475D06C5A87D441EFB5C9BF0A21C692DE6CB5A7263FF18F0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....+l.YS...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............3.'.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	275
Entropy (8bit):	5.249744178441575
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRCwpbB8oD:J0+oxBeRmR9etdzRxGezHtpbB8+
MD5:	C7B8B21B4A189773C57179676E0B96F0
SHA1:	47810DF9F1BB1BABA0997593AA524ED585919D21
SHA-256:	5AAC3A8A37A5E70CC163FB0DBA3FD3579004E7B8C7885AE3F42D27C2F88E753E
SHA-512:	339FE6E78DB7FF1FBF74FEB8EE9E7C80ACEBABA2020E71E29DA025E88812266F4D79889291BFAD2FD050C76F0C34909E28222D1AE32C258222D108FBB9ED619E
Malicious:	false
Reputation:	low
URL:	https://147.45.47.87/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.52 (Ubuntu) Server at 147.45.47.87 Port 443</address>.</body></html>.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 184 x 146, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3322
Entropy (8bit):	7.854651820755909
Encrypted:	false
SSDEEP:	96:PsQYMohEgmJxedUPZnr4u77t4lfuWGFHMt1mbVAu5dWC:PsHMYCekZr4u/mQFst1mKu5MC
MD5:	3B026DD0605E5D46688845F7CE6C2DF1
SHA1:	395C14329336735F983E16203E73F00A4E18DAC3
SHA-256:	E2E656CCE0AAF97B1C94B01592FCA89088FD771F55768FB69F95E10C0099CF25
SHA-512:	AAB3BFDE0FDAC1F3BBB055BF60C104EB3154590FAD827876A1200E04BB13083C80F37388B2E613BAAECC7A3F288904DE787888CF75444BF47C3227A65EB0C9DA
Malicious:	false
Reputation:	low
URL:	https://147.45.47.87/icons/ubuntu-logo.png
Preview:	.PNG........IHDR.....................IDATx...Q.. .D.K`7...7.....y..v..qC..5....m......p..8...p........p..8...p.....\..p..8...p.....\.....8...p.....\.........p.....\.........p.....\.....Xr...m.....<.m.m.m.6..;......i$o.3:...KR.... V...b..Bi...M..U.(.../<L........9....&.~).[...q.../...<U......k..?.G.f.......,x......]....`..'.wkLZ.Y)..)....Y........<.p....sH....(......z.i1....f..{!.......0.]wk5.....hN...Sp...9......a....{..S.m....=.3,.Tp....i.5D.+..?...up.j.zF....UX.=q.... x...:................V.g...K.&......a...7...U...Xi...9..>{.Z..rv.gXp..QHF...H._7.,...0.....d2,..b......._Y.0...\<...:...V~G..,8.y..S."td?../......r..-....,.Y...3st.h....P.r./."8.18m...9$vp.v..w.e.T....,.......c....;..k=...@.Ux.Ndn..........$.. ....._}.._...K..~.1...Lr...s...E!...Rp.././.....d..I.O..o......D.-..E..M..x\|+..^p..W.VA...$....]85..g....I..t.bYp....}...E:.......$<]...e]p....8.Sh.X.&.......H...hMp..WZ..`.,..l.S..v'(.ZfMp.......P..0.b.....gMp......+h..X.N6....B<.'.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	10671
Entropy (8bit):	4.373603057196099
Encrypted:	false
SSDEEP:	96:wAL6evwSMhQKrFih8Wdp3667KeQAm+czjJX9059OnBun3nXJgJF2Oiloet2nnSzN:wq6ywSGQKJUnpJKeOJaTE2OiLAI1R
MD5:	720999B43A3BE0674180354AC41F20B1
SHA1:	152A75D80C0BDADB382E1CAFE517159CB76A19CC
SHA-256:	6FAEF4D5D777FDCAA653766B0AC8B9ED32D0FD87F7DCD79F02FF524DD1B0EB69
SHA-512:	DABE86F15DC4273EB536F62E9C2B847C4BBB2DA9F0B87F00D0718D9E29FFDC719153504F60F46ED5FC54231E346B83ECB9D0E8AAD40CF0256ABE9E4CD6A695E6
Malicious:	false
Reputation:	low
URL:	https://147.45.47.87/
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">. . Modified from the Debian original for Ubuntu. Last updated: 2022-03-22. See: https://launchpad.net/bugs/1966004. -->. <head>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />. <title>Apache2 Ubuntu Default Page: It works</title>. <style type="text/css" media="screen">. * {. margin: 0px 0px 0px 0px;. padding: 0px 0px 0px 0px;. }.. body, html {. padding: 3px 3px 3px 3px;.. background-color: #D8DBE2;.. font-family: Ubuntu, Verdana, sans-serif;. font-size: 11pt;. text-align: center;. }.. div.main_page {. position: relative;. display: table;.. width: 800px;.. margin-bottom: 3px;. margin-left: auto;. margin-right: auto;. padding: 0px 0px 0px 0px;.. border-width: 2px;. border-color: #212738;. border-style: solid;.. backgrou

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 184 x 146, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3322
Entropy (8bit):	7.854651820755909
Encrypted:	false
SSDEEP:	96:PsQYMohEgmJxedUPZnr4u77t4lfuWGFHMt1mbVAu5dWC:PsHMYCekZr4u/mQFst1mKu5MC
MD5:	3B026DD0605E5D46688845F7CE6C2DF1
SHA1:	395C14329336735F983E16203E73F00A4E18DAC3
SHA-256:	E2E656CCE0AAF97B1C94B01592FCA89088FD771F55768FB69F95E10C0099CF25
SHA-512:	AAB3BFDE0FDAC1F3BBB055BF60C104EB3154590FAD827876A1200E04BB13083C80F37388B2E613BAAECC7A3F288904DE787888CF75444BF47C3227A65EB0C9DA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.....................IDATx...Q.. .D.K`7...7.....y..v..qC..5....m......p..8...p........p..8...p.....\..p..8...p.....\.....8...p.....\.........p.....\.........p.....\.....Xr...m.....<.m.m.m.6..;......i$o.3:...KR.... V...b..Bi...M..U.(.../<L........9....&.~).[...q.../...<U......k..?.G.f.......,x......]....`..'.wkLZ.Y)..)....Y........<.p....sH....(......z.i1....f..{!.......0.]wk5.....hN...Sp...9......a....{..S.m....=.3,.Tp....i.5D.+..?...up.j.zF....UX.=q.... x...:................V.g...K.&......a...7...U...Xi...9..>{.Z..rv.gXp..QHF...H._7.,...0.....d2,..b......._Y.0...\<...:...V~G..,8.y..S."td?../......r..-....,.Y...3st.h....P.r./."8.18m...9$vp.v..w.e.T....,.......c....;..k=...@.Ux.Ndn..........$.. ....._}.._...K..~.1...Lr...s...E!...Rp.././.....d..I.O..o......D.-..E..M..x\|+..^p..W.VA...$....]85..g....I..t.bYp....}...E:.......$<]...e]p....8.Sh.X.&.......H...hMp..WZ..`.,..l.S..v'(.ZfMp.......P..0.b.....gMp......+h..X.N6....B<.'.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 14:16:03.482415915 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:03.482507944 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:03.482587099 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:03.483088017 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:03.483127117 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:03.946676016 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:03.947082043 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:03.947141886 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:03.948786020 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:03.948890924 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:03.949733019 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:03.949966908 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:03.949975014 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:03.996121883 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.004007101 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.004041910 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.052016020 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.376588106 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.376617908 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.376629114 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.376694918 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.376709938 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.376756907 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.376769066 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.376811981 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.376844883 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.376892090 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.376945972 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.377393961 CEST	49698	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.377425909 CEST	443	49698	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.386668921 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.386698961 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.386778116 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.388091087 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.388107061 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.838737011 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.839339018 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.839363098 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.840498924 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.840874910 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.841034889 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:04.841038942 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.841056108 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:04.883030891 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.281565905 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.281599045 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.281676054 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.281683922 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.281734943 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.282840014 CEST	49702	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.282850981 CEST	443	49702	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.287772894 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.287859917 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.287954092 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.288458109 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.288494110 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.288839102 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.288919926 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.289005995 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.289906979 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.289936066 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.735367060 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.735680103 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.735717058 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.736617088 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.736706972 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.737170935 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.737227917 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.737318993 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.737327099 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.738198996 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.739258051 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.739286900 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.739769936 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.740092039 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.740185022 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.740200043 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.788116932 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:05.790035009 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:05.793181896 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:06.179388046 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:06.179450989 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:06.179552078 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:06.179608107 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:06.179646969 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:06.179670095 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:06.179717064 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:06.180541039 CEST	49703	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:06.180578947 CEST	443	49703	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:06.181533098 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:06.181714058 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:06.181777954 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:06.182776928 CEST	49704	443	192.168.2.16	147.45.47.87
Apr 19, 2024 14:16:06.182791948 CEST	443	49704	147.45.47.87	192.168.2.16
Apr 19, 2024 14:16:08.176362038 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 14:16:08.395010948 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:08.395057917 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:08.395143032 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:08.395416021 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:08.395433903 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:08.480015039 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 14:16:08.627021074 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:08.627336979 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:08.627357960 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:08.629066944 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:08.629144907 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:08.630379915 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:08.630476952 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:08.685998917 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:08.686013937 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:08.734060049 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:09.086014986 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 14:16:10.291021109 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 14:16:12.704058886 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 14:16:14.507261038 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.507313013 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.507540941 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.509751081 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.509825945 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.739794970 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.740101099 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.743592978 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.743643045 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.744060993 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.779895067 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.824119091 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.936475039 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.936619997 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.936933041 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.936933041 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.936933041 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.974690914 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.974745035 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:14.974966049 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.975192070 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:14.975219011 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.193726063 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.193844080 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:15.195024967 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:15.195053101 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.195405006 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.196682930 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:15.242746115 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:15.242784023 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.244113922 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.399755001 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.399898052 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.399974108 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:15.400630951 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:15.400631905 CEST	49712	443	192.168.2.16	23.63.206.91
Apr 19, 2024 14:16:15.400672913 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:15.400701046 CEST	443	49712	23.63.206.91	192.168.2.16
Apr 19, 2024 14:16:16.344278097 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 14:16:16.646013975 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 14:16:17.264004946 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 14:16:17.507031918 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 14:16:18.234097958 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.234194040 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.234316111 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.235316992 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.235358000 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.479017019 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 14:16:18.611793995 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.612003088 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.612582922 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:18.612704992 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:18.612787008 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:18.614418983 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.614447117 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.614857912 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.662647963 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.708117008 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955050945 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955110073 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955130100 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955168962 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955215931 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955233097 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.955312967 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955348015 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955353022 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.955353022 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.955378056 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.955391884 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955419064 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.955437899 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.955450058 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955559969 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.955621004 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.965595961 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.965636969 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:18.965662956 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:18.965677023 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:19.662456036 CEST	49707	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:16:19.662527084 CEST	443	49707	74.125.136.99	192.168.2.16
Apr 19, 2024 14:16:20.826142073 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 14:16:20.890013933 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 14:16:21.130008936 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 14:16:21.737042904 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 14:16:22.951035023 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 14:16:25.363050938 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 14:16:25.699112892 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 14:16:27.122118950 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 14:16:30.174175024 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 14:16:35.300062895 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 14:16:39.788252115 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 14:16:54.025335073 CEST	49695	80	192.168.2.16	199.232.214.172
Apr 19, 2024 14:16:54.025445938 CEST	49697	80	192.168.2.16	199.232.214.172
Apr 19, 2024 14:16:54.130016088 CEST	80	49695	199.232.214.172	192.168.2.16
Apr 19, 2024 14:16:54.130085945 CEST	80	49695	199.232.214.172	192.168.2.16
Apr 19, 2024 14:16:54.130158901 CEST	80	49697	199.232.214.172	192.168.2.16
Apr 19, 2024 14:16:54.130201101 CEST	80	49697	199.232.214.172	192.168.2.16
Apr 19, 2024 14:16:54.130337954 CEST	49695	80	192.168.2.16	199.232.214.172
Apr 19, 2024 14:16:54.130527973 CEST	49697	80	192.168.2.16	199.232.214.172
Apr 19, 2024 14:16:55.326317072 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:55.326387882 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:55.326508045 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:55.327004910 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:55.327045918 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:55.704607010 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:55.704770088 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:55.706600904 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:55.706630945 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:55.707158089 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:55.709439039 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:55.756138086 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.062036991 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.062098026 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.062160969 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.062330008 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:56.062330961 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:56.062402010 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.062446117 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.062516928 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:56.062535048 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.062587023 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.062632084 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:56.062673092 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:56.066040039 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:56.066040039 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 14:16:56.066112995 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:16:56.066148043 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 14:17:08.346306086 CEST	49716	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:17:08.346384048 CEST	443	49716	74.125.136.99	192.168.2.16
Apr 19, 2024 14:17:08.346504927 CEST	49716	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:17:08.346801043 CEST	49716	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:17:08.346836090 CEST	443	49716	74.125.136.99	192.168.2.16
Apr 19, 2024 14:17:08.565237045 CEST	443	49716	74.125.136.99	192.168.2.16
Apr 19, 2024 14:17:08.565601110 CEST	49716	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:17:08.565634012 CEST	443	49716	74.125.136.99	192.168.2.16
Apr 19, 2024 14:17:08.566725969 CEST	443	49716	74.125.136.99	192.168.2.16
Apr 19, 2024 14:17:08.567147017 CEST	49716	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:17:08.567326069 CEST	443	49716	74.125.136.99	192.168.2.16
Apr 19, 2024 14:17:08.617019892 CEST	49716	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:17:10.086067915 CEST	49688	443	192.168.2.16	13.107.21.200
Apr 19, 2024 14:17:18.576193094 CEST	443	49716	74.125.136.99	192.168.2.16
Apr 19, 2024 14:17:18.576353073 CEST	443	49716	74.125.136.99	192.168.2.16
Apr 19, 2024 14:17:18.576550007 CEST	49716	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:17:19.668451071 CEST	49716	443	192.168.2.16	74.125.136.99
Apr 19, 2024 14:17:19.668487072 CEST	443	49716	74.125.136.99	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 14:16:03.548490047 CEST	53	54981	1.1.1.1	192.168.2.16
Apr 19, 2024 14:16:03.588995934 CEST	53	59621	1.1.1.1	192.168.2.16
Apr 19, 2024 14:16:04.180053949 CEST	53	61878	1.1.1.1	192.168.2.16
Apr 19, 2024 14:16:08.289057970 CEST	60686	53	192.168.2.16	1.1.1.1
Apr 19, 2024 14:16:08.289294958 CEST	53603	53	192.168.2.16	1.1.1.1
Apr 19, 2024 14:16:08.393487930 CEST	53	60686	1.1.1.1	192.168.2.16
Apr 19, 2024 14:16:08.393568993 CEST	53	53603	1.1.1.1	192.168.2.16
Apr 19, 2024 14:16:21.060081959 CEST	53	59528	1.1.1.1	192.168.2.16
Apr 19, 2024 14:16:39.878737926 CEST	53	59520	1.1.1.1	192.168.2.16
Apr 19, 2024 14:17:02.714498043 CEST	53	51513	1.1.1.1	192.168.2.16
Apr 19, 2024 14:17:03.530313015 CEST	53	61942	1.1.1.1	192.168.2.16
Apr 19, 2024 14:17:12.529162884 CEST	138	138	192.168.2.16	192.168.2.255
Apr 19, 2024 14:17:31.778481960 CEST	53	52266	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 14:16:08.289057970 CEST	192.168.2.16	1.1.1.1	0x5963	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 14:16:08.289294958 CEST	192.168.2.16	1.1.1.1	0x35a5	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 14:16:08.393487930 CEST	1.1.1.1	192.168.2.16	0x5963	No error (0)	www.google.com	74.125.136.99	A (IP address)	IN (0x0001)	false
Apr 19, 2024 14:16:08.393487930 CEST	1.1.1.1	192.168.2.16	0x5963	No error (0)	www.google.com	74.125.136.106	A (IP address)	IN (0x0001)	false
Apr 19, 2024 14:16:08.393487930 CEST	1.1.1.1	192.168.2.16	0x5963	No error (0)	www.google.com	74.125.136.104	A (IP address)	IN (0x0001)	false
Apr 19, 2024 14:16:08.393487930 CEST	1.1.1.1	192.168.2.16	0x5963	No error (0)	www.google.com	74.125.136.105	A (IP address)	IN (0x0001)	false
Apr 19, 2024 14:16:08.393487930 CEST	1.1.1.1	192.168.2.16	0x5963	No error (0)	www.google.com	74.125.136.103	A (IP address)	IN (0x0001)	false
Apr 19, 2024 14:16:08.393487930 CEST	1.1.1.1	192.168.2.16	0x5963	No error (0)	www.google.com	74.125.136.147	A (IP address)	IN (0x0001)	false
Apr 19, 2024 14:16:08.393568993 CEST	1.1.1.1	192.168.2.16	0x35a5	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

147.45.47.87

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49698	147.45.47.87	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 12:16:03 UTC	655	OUT	GET / HTTP/1.1 Host: 147.45.47.87 Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 12:16:04 UTC	274	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 12:16:04 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Tue, 26 Mar 2024 13:48:41 GMT ETag: "29af-614908c4b9cbd" Accept-Ranges: bytes Content-Length: 10671 Vary: Accept-Encoding Connection: close Content-Type: text/html
2024-04-19 12:16:04 UTC	7918	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 21 2d 2d 0a 20 20 20 20 4d 6f 64 69 66 69 65 64 20 66 72 6f 6d 20 74 68 65 20 44 65 62 69 61 6e 20 6f 72 69 67 69 6e 61 6c 20 66 6f 72 20 55 62 75 6e 74 75 0a 20 20 20 20 4c 61 73 74 20 75 70 64 61 74 65 64 3a 20 32 30 32 32 2d 30 33 2d 32 32 0a 20 20 20 20 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> ... Modified from the Debian original for Ubuntu Last updated: 2022-03-22
2024-04-19 12:16:04 UTC	2753	IN	Data Raw: 20 20 61 6e 64 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 32 65 6e 63 6f 6e 66 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 32 64 69 73 63 6f 6e 66 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 74 3e 2e 20 53 65 65 20 74 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6d 61 6e 20 70 61 67 65 73 20 66 6f 72 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: and <tt> a2enconf, a2disconf </tt>. See their respective man pages for detailed information. </li>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49702	147.45.47.87	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 12:16:04 UTC	590	OUT	GET /icons/ubuntu-logo.png HTTP/1.1 Host: 147.45.47.87 Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://147.45.47.87/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 12:16:05 UTC	249	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 12:16:05 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Wed, 10 Apr 2024 17:45:18 GMT ETag: "cfa-615c19a11e780" Accept-Ranges: bytes Content-Length: 3322 Connection: close Content-Type: image/png
2024-04-19 12:16:05 UTC	3322	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b8 00 00 00 92 08 06 00 00 00 f6 04 00 97 00 00 0c c1 49 44 41 54 78 da ec d2 51 09 00 20 10 44 c1 4b 60 37 1b 08 a6 37 81 9f ca e5 d8 79 b0 09 76 ea cc 71 43 b6 2a 2e 35 f0 17 b2 ed 6d c0 01 17 e0 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 17 e0 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 01 17 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 01 17 e0 80 0b 70 01 0e b8 00 07 5c 80 7f f6 ce 01 58 72 ac 8b e3 9f 6d db df ee 96 d6 b6 8d 3c 8c 6d db b6 6d db b6 6d db 36 a2 b6 3b c9 7f df 9c 9a e9 9a ed 69 24 6f ba 33 3a bf aa e1 4b 52 fa e5 d6 b9 f7 20 56 7f fd 0c 62 f1 ff 42 69 9c 07 b5 4d 19 c8 55 Data Ascii: PNGIHDRIDATxQ DK`77yvqC*.5mp8pp8p\p8p\.8p\.p\.p\Xrm<mmm6;i$o3:KR VbBiMU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49703	147.45.47.87	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 12:16:05 UTC	357	OUT	GET /icons/ubuntu-logo.png HTTP/1.1 Host: 147.45.47.87 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 12:16:06 UTC	249	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 12:16:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Wed, 10 Apr 2024 17:45:18 GMT ETag: "cfa-615c19a11e780" Accept-Ranges: bytes Content-Length: 3322 Connection: close Content-Type: image/png
2024-04-19 12:16:06 UTC	3322	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b8 00 00 00 92 08 06 00 00 00 f6 04 00 97 00 00 0c c1 49 44 41 54 78 da ec d2 51 09 00 20 10 44 c1 4b 60 37 1b 08 a6 37 81 9f ca e5 d8 79 b0 09 76 ea cc 71 43 b6 2a 2e 35 f0 17 b2 ed 6d c0 01 17 e0 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 17 e0 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 01 17 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 01 17 e0 80 0b 70 01 0e b8 00 07 5c 80 7f f6 ce 01 58 72 ac 8b e3 9f 6d db df ee 96 d6 b6 8d 3c 8c 6d db b6 6d db b6 6d db 36 a2 b6 3b c9 7f df 9c 9a e9 9a ed 69 24 6f ba 33 3a bf aa e1 4b 52 fa e5 d6 b9 f7 20 56 7f fd 0c 62 f1 ff 42 69 9c 07 b5 4d 19 c8 55 Data Ascii: PNGIHDRIDATxQ DK`77yvqC*.5mp8pp8p\p8p\.8p\.p\.p\Xrm<mmm6;i$o3:KR VbBiMU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49704	147.45.47.87	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 12:16:05 UTC	580	OUT	GET /favicon.ico HTTP/1.1 Host: 147.45.47.87 Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://147.45.47.87/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 12:16:06 UTC	180	IN	HTTP/1.1 404 Not Found Date: Fri, 19 Apr 2024 12:16:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 275 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-04-19 12:16:06 UTC	275	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 34 37 2e 38 37 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 147.45.47.87 Port 443</addr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49711	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 12:16:14 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 12:16:14 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=154054 Date: Fri, 19 Apr 2024 12:16:14 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49712	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 12:16:15 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 12:16:15 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=154038 Date: Fri, 19 Apr 2024 12:16:15 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 12:16:15 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49713	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 12:16:18 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=AK25oz7OP7m3lls&MD=Hl2gEEFB HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-19 12:16:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 35e1f1fa-9e0b-4a21-9177-809df4524784 MS-RequestId: daead129-e81a-4f46-9fe9-8a1210204ae0 MS-CV: 5VSWi3nTtkCGDjiq.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 19 Apr 2024 12:16:17 GMT Connection: close Content-Length: 24490
2024-04-19 12:16:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-19 12:16:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49714	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 12:16:55 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=AK25oz7OP7m3lls&MD=Hl2gEEFB HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-19 12:16:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: a45f9fc3-54cc-4fe5-9456-615cd892d1fd MS-RequestId: dc4c34d7-037b-41a5-ae8a-b6ae5bef8518 MS-CV: /e3KigEDvUa7FWT7.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 19 Apr 2024 12:16:55 GMT Connection: close Content-Length: 25457
2024-04-19 12:16:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-19 12:16:56 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 7056, Parent PID: 5528

General

Target ID:	0
Start time:	14:16:01
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://147.45.47.87/
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6268, Parent PID: 7056

General

Target ID:	1
Start time:	14:16:02
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1948,i,12371524971379940788,13046372564779161318,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://147.45.47.87

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7056, Parent PID: 5528

General

Chronological Activities

Analysis Process: chrome.exePID: 6268, Parent PID: 7056

Windows Analysis Report
https://147.45.47.87