Edit tour

Windows Analysis Report
https://player.tavoos.net

Overview

General Information

Sample URL:	https://player.tavoos.net
Analysis ID:	1428862
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1616,i,2014383878655072585,3553885529192217202,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://player.tavoos.net" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: player.tavoos.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/favicon.ico HTTP/1.1Host: player.tavoos.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://player.tavoos.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/favicon.ico HTTP/1.1Host: player.tavoos.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: player.tavoos.net

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/5@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1616,i,2014383878655072585,3553885529192217202,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://player.tavoos.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1616,i,2014383878655072585,3553885529192217202,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
player.tavoos.net	185.143.234.120	true	false	unknown
www.google.com	64.233.176.106	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://player.tavoos.net/	false		unknown
https://player.tavoos.net/assets/favicon.ico	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.143.234.120	player.tavoos.net	Iran (ISLAMIC Republic Of)	202468	ABRARVAN-ASAbrArvanCDNandIaaSIR	false
64.233.176.106	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428862
Start date and time:	2024-04-19 18:33:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://player.tavoos.net
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/5@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.105.94, 142.250.105.100, 142.250.105.113, 142.250.105.101, 142.250.105.139, 142.250.105.102, 142.250.105.138, 74.125.136.84, 34.104.35.123, 13.85.23.86, 199.232.210.172, 20.242.39.171, 192.229.211.108, 23.40.205.18, 23.40.205.49, 23.40.205.59, 23.40.205.9, 23.40.205.57, 23.40.205.26, 23.40.205.81, 20.166.126.56, 23.40.205.48, 23.40.205.75, 23.40.205.58, 23.40.205.74, 23.40.205.34, 172.217.215.94, 23.47.204.58, 23.47.204.53, 23.47.204.59, 23.47.204.72, 23.47.204.67, 23.47.204.74, 23.47.204.75, 23.47.204.65, 23.47.204.54
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://player.tavoos.net

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Category:	dropped
Size (bytes):	118504
Entropy (8bit):	3.821013089456105
Encrypted:	false
SSDEEP:	768:MJ9U50U4PTbu2xXjNhv3MDB6nZ3vabDjDAHKvXZbJcJI+5K/:4qeUgu2xXjv6knZ3veDjDAq/ZVKIh/
MD5:	7A292B09E57889ED1C70D5B99B987925
SHA1:	7C615D0C3B5D253382D4495B6344C5207DA91F71
SHA-256:	0E0DD7BCB14B5F93C815A185A7BB25FA51A87A83DB1E24816B58B86CBAC8290E
SHA-512:	9F902CE8B8538DBB4446983C27BD7BD0529542D2C9CBC89EE4478C7DD888DFE9E6E64E43C6824C10B8E6F8144292B1EB4B4DB888520423E78875C7EC68F9CCEF
Malicious:	false
Reputation:	low
Preview:	............ .zI..f......... .(....I..@@.... .(B...R..00.... ..%..0... .... .............. .h........PNG........IHDR.............\r.f..IAIDATx...s\W.....E...'.F$E.H.l.u......TWOll....D.>.^&./,.......;...0..;..rP]U]RIU%S..I.=.z..&.......\...nf.L.oDF...s.....A@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@......P<tp...q.j.......r@..5s_.k.(....0tp..\k".e@.{-w.....w...{e.a`.}l......P[.....UH.....F`...X.>_.....S.9`...^ ...w.G.k..'H...1..P.pf}...v......t.....jt.W.C_......Y....0..{.~.......w.....-.z...A..!..F.....].>t...{.....77..~5...........0..."!p....w_..(...B..\..D5..#H....@X...... ...E......:.Dn@.p...\.>C.....#X.e...V#...8...O.._..}....B".1.F.`........@70..\..0.Y...`8F..X...........D&..d..W.........^.._..a ...]f.T...P8?....[......m..[Eq..\|0.. \......#k .L.!.... ..Cf.k.1..d....xID..\|....\...._D..'....$i.%.H...D...>.^B..<1W...."...c....Y.c..(.E.e..&Z.p..........F...,.....K..8....A.,@p.....$......k$.....9..hX.....3...{.G........o.........S.Z.y.....o./...x.`....

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3925
Entropy (8bit):	3.9777504757279236
Encrypted:	false
SSDEEP:	48:YSBu6cvPZYwClyzl08781yJZNP9hCGS6e5YY0tcXzSOU0T:luxhYwClyzl087kyJz2yY0tcXzS6
MD5:	B402D2F4F8EFB3F6A19906530591F6DD
SHA1:	19CD1EF9DA00E670472E1B816ABA045F7D654FA2
SHA-256:	68F161B0C91BCA15FB38566E1525E47B2F214D1EC5F069B4D00C993566DD79F8
SHA-512:	921410C4B81755E7DB65DBF357E307CE4D6C537013074552F9B04299804F539C9D94CA6BCBE2CA64AC016D378885C7DBAC798EC87C20EE217A51F7F37B4EA140
Malicious:	false
Reputation:	low
URL:	https://player.tavoos.net/
Preview:	.<!doctype html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport". content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">. <meta http-equiv="X-UA-Compatible" content="ie=edge">. <title>Tavoos Player</title>. <meta name="robots" content="noindex" />. <link rel="icon" type="image/png" sizes="180x180" href="/assets/favicon.ico">. <style>. html, body {. height: 100%;. }. body {. margin: 0;. padding: 0;. width: 100%;. display: table;. font-weight: 100;. }. .container {. text-align: center;. display: table-cell;. vertical-align: middle;. background: #000000e6;. }. .content {. text-align: center;. display: inline-block;. }. .title {. font-size: 15px;. color: #00bcd4;. }.

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Category:	downloaded
Size (bytes):	118504
Entropy (8bit):	3.821013089456105
Encrypted:	false
SSDEEP:	768:MJ9U50U4PTbu2xXjNhv3MDB6nZ3vabDjDAHKvXZbJcJI+5K/:4qeUgu2xXjv6knZ3veDjDAq/ZVKIh/
MD5:	7A292B09E57889ED1C70D5B99B987925
SHA1:	7C615D0C3B5D253382D4495B6344C5207DA91F71
SHA-256:	0E0DD7BCB14B5F93C815A185A7BB25FA51A87A83DB1E24816B58B86CBAC8290E
SHA-512:	9F902CE8B8538DBB4446983C27BD7BD0529542D2C9CBC89EE4478C7DD888DFE9E6E64E43C6824C10B8E6F8144292B1EB4B4DB888520423E78875C7EC68F9CCEF
Malicious:	false
Reputation:	low
URL:	https://player.tavoos.net/assets/favicon.ico
Preview:	............ .zI..f......... .(....I..@@.... .(B...R..00.... ..%..0... .... .............. .h........PNG........IHDR.............\r.f..IAIDATx...s\W.....E...'.F$E.H.l.u......TWOll....D.>.^&./,.......;...0..;..rP]U]RIU%S..I.=.z..&.......\...nf.L.oDF...s.....A@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@......P<tp...q.j.......r@..5s_.k.(....0tp..\k".e@.{-w.....w...{e.a`.}l......P[.....UH.....F`...X.>_.....S.9`...^ ...w.G.k..'H...1..P.pf}...v......t.....jt.W.C_......Y....0..{.~.......w.....-.z...A..!..F.....].>t...{.....77..~5...........0..."!p....w_..(...B..\..D5..#H....@X...... ...E......:.Dn@.p...\.>C.....#X.e...V#...8...O.._..}....B".1.F.`........@70..\..0.Y...`8F..X...........D&..d..W.........^.._..a ...]f.T...P8?....[......m..[Eq..\|0.. \......#k .L.!.... ..Cf.k.1..d....xID..\|....\...._D..'....$i.%.H...D...>.^B..<1W...."...c....Y.c..(.E.e..&Z.p..........F...,.....K..8....A.,@p.....$......k$.....9..hX.....3...{.G........o.........S.Z.y.....o./...x.`....

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 18:34:17.237153053 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 19, 2024 18:34:26.295151949 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.295207024 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.295298100 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.295485973 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.295506954 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.325242996 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.325289011 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.325356960 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.327384949 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.327403069 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.697876930 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.698169947 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.698199987 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.699805021 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.699899912 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.700987101 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.701083899 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.701193094 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.701210022 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.725615025 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.725903034 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.725925922 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.729450941 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.729541063 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.729912996 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.730083942 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.751528025 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.782133102 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.782174110 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:26.823379993 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:26.839445114 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 19, 2024 18:34:27.507875919 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:27.507922888 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:27.507987022 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:27.508464098 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:27.508485079 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:27.561731100 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:27.561758041 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:27.561850071 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:27.562016964 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:27.562016964 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:27.563194036 CEST	49735	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:27.563256025 CEST	443	49735	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:27.647114992 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:27.692137003 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:27.731149912 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:27.731429100 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:27.731446028 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:27.733093023 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:27.733190060 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:27.734729052 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:27.734817028 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:27.782867908 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:27.782887936 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:27.834928989 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:28.034696102 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.034751892 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.034774065 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.034790993 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.034820080 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.034828901 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.034847975 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.034852982 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.034874916 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.034878969 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.034895897 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.034920931 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.108992100 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.109038115 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.109107971 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.109122992 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.109134912 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.109157085 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.227833033 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.227880001 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.227983952 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.228003025 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.228015900 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.228041887 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.284708977 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.284754992 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.284792900 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.284807920 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.284841061 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.284852982 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.345431089 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.345479012 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.345519066 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.345532894 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.345580101 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.345580101 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.407870054 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.407933950 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.407938004 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.407958984 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.407982111 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.408003092 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.454760075 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.454804897 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.454833984 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.454849958 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.454878092 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.454894066 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.460005045 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.460078955 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.460087061 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.460196018 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:28.460298061 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.550995111 CEST	49736	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:28.551023960 CEST	443	49736	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:29.513010025 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.513087988 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.513170004 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.515425920 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.515455961 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.736567020 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.736752033 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.741533995 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.741564035 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.742008924 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.782620907 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.818382025 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.860120058 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.860168934 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:29.860249996 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:29.863034964 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:29.890284061 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:29.890326977 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:29.937355042 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.937500000 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.937772989 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.937825918 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.937855959 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.937855959 CEST	49740	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:29.937871933 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:29.937891006 CEST	443	49740	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.032166004 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.032237053 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.032455921 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.032938957 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.032989025 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.253782034 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.254043102 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.258815050 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.258841991 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.259219885 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.262132883 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.286747932 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.287663937 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.287755966 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.291587114 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.292064905 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.292700052 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.292793989 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.293095112 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.304116964 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.336169004 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.345231056 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.345288038 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.394539118 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.459619999 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.459764004 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.460410118 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.461582899 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.461621046 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.461666107 CEST	49742	443	192.168.2.4	104.123.200.136
Apr 19, 2024 18:34:30.461683035 CEST	443	49742	104.123.200.136	192.168.2.4
Apr 19, 2024 18:34:30.906213045 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.906276941 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.906296968 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.906313896 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.906343937 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.906352997 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.906372070 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.906400919 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.906400919 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.906400919 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.906420946 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.906462908 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.980120897 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.980144978 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.980185032 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.980206966 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.980273008 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:30.980305910 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:30.980377913 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.099170923 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.099229097 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.099256039 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.099275112 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.099303007 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.099319935 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.162667990 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.162718058 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.162770987 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.162837982 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.162878990 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.162903070 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.231420994 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.231468916 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.231520891 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.231589079 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.231640100 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.231641054 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.293253899 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.293301105 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.293354034 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.293421984 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.293462038 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.293484926 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.333599091 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.333646059 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.333791971 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.333791971 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.333854914 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.333904982 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.339451075 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.339622021 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:31.339637995 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.339705944 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.358910084 CEST	49741	443	192.168.2.4	185.143.234.120
Apr 19, 2024 18:34:31.358973980 CEST	443	49741	185.143.234.120	192.168.2.4
Apr 19, 2024 18:34:37.720365047 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:37.720459938 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:37.720504045 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:38.825360060 CEST	49739	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:34:38.825392008 CEST	443	49739	64.233.176.106	192.168.2.4
Apr 19, 2024 18:34:47.116017103 CEST	49723	80	192.168.2.4	199.232.214.172
Apr 19, 2024 18:34:47.219710112 CEST	80	49723	199.232.214.172	192.168.2.4
Apr 19, 2024 18:34:47.219753027 CEST	80	49723	199.232.214.172	192.168.2.4
Apr 19, 2024 18:34:47.219854116 CEST	49723	80	192.168.2.4	199.232.214.172
Apr 19, 2024 18:35:27.807996035 CEST	49749	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:35:27.808041096 CEST	443	49749	64.233.176.106	192.168.2.4
Apr 19, 2024 18:35:27.808134079 CEST	49749	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:35:27.808348894 CEST	49749	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:35:27.808366060 CEST	443	49749	64.233.176.106	192.168.2.4
Apr 19, 2024 18:35:28.022963047 CEST	443	49749	64.233.176.106	192.168.2.4
Apr 19, 2024 18:35:28.032886028 CEST	49749	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:35:28.032902956 CEST	443	49749	64.233.176.106	192.168.2.4
Apr 19, 2024 18:35:28.033380032 CEST	443	49749	64.233.176.106	192.168.2.4
Apr 19, 2024 18:35:28.033911943 CEST	49749	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:35:28.033989906 CEST	443	49749	64.233.176.106	192.168.2.4
Apr 19, 2024 18:35:28.079875946 CEST	49749	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:35:34.926841021 CEST	49724	80	192.168.2.4	199.232.214.172
Apr 19, 2024 18:35:35.030529022 CEST	80	49724	199.232.214.172	192.168.2.4
Apr 19, 2024 18:35:35.030555010 CEST	80	49724	199.232.214.172	192.168.2.4
Apr 19, 2024 18:35:35.030606985 CEST	49724	80	192.168.2.4	199.232.214.172
Apr 19, 2024 18:35:38.029679060 CEST	443	49749	64.233.176.106	192.168.2.4
Apr 19, 2024 18:35:38.029841900 CEST	443	49749	64.233.176.106	192.168.2.4
Apr 19, 2024 18:35:38.029891968 CEST	49749	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:35:39.170592070 CEST	49749	443	192.168.2.4	64.233.176.106
Apr 19, 2024 18:35:39.170622110 CEST	443	49749	64.233.176.106	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 18:34:24.303421021 CEST	53	57863	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:24.491499901 CEST	53	55347	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:25.137453079 CEST	53	61742	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:26.189086914 CEST	61233	53	192.168.2.4	1.1.1.1
Apr 19, 2024 18:34:26.189219952 CEST	58481	53	192.168.2.4	1.1.1.1
Apr 19, 2024 18:34:26.294083118 CEST	53	58481	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:26.294590950 CEST	53	61233	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:27.393196106 CEST	60345	53	192.168.2.4	1.1.1.1
Apr 19, 2024 18:34:27.393357992 CEST	63951	53	192.168.2.4	1.1.1.1
Apr 19, 2024 18:34:27.497819901 CEST	53	60345	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:27.498054981 CEST	53	63951	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:29.659490108 CEST	58078	53	192.168.2.4	1.1.1.1
Apr 19, 2024 18:34:29.659490108 CEST	60978	53	192.168.2.4	1.1.1.1
Apr 19, 2024 18:34:29.764516115 CEST	53	60978	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:29.858275890 CEST	53	58078	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:42.155778885 CEST	53	65135	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:46.296016932 CEST	53	50053	1.1.1.1	192.168.2.4
Apr 19, 2024 18:34:46.311662912 CEST	138	138	192.168.2.4	192.168.2.255
Apr 19, 2024 18:35:08.322498083 CEST	53	57224	1.1.1.1	192.168.2.4
Apr 19, 2024 18:35:23.890784025 CEST	53	60471	1.1.1.1	192.168.2.4
Apr 19, 2024 18:35:39.185933113 CEST	53	55945	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 19, 2024 18:34:46.296091080 CEST	192.168.2.4	1.1.1.1	c221	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 18:34:26.189086914 CEST	192.168.2.4	1.1.1.1	0x70cb	Standard query (0)	player.tavoos.net	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:26.189219952 CEST	192.168.2.4	1.1.1.1	0xfc07	Standard query (0)	player.tavoos.net	65	IN (0x0001)	false
Apr 19, 2024 18:34:27.393196106 CEST	192.168.2.4	1.1.1.1	0x8592	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:27.393357992 CEST	192.168.2.4	1.1.1.1	0x745c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 19, 2024 18:34:29.659490108 CEST	192.168.2.4	1.1.1.1	0xc9b9	Standard query (0)	player.tavoos.net	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:29.659490108 CEST	192.168.2.4	1.1.1.1	0xebe7	Standard query (0)	player.tavoos.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 18:34:26.294590950 CEST	1.1.1.1	192.168.2.4	0x70cb	No error (0)	player.tavoos.net		185.143.234.120	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:26.294590950 CEST	1.1.1.1	192.168.2.4	0x70cb	No error (0)	player.tavoos.net		185.143.233.120	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:27.497819901 CEST	1.1.1.1	192.168.2.4	0x8592	No error (0)	www.google.com		64.233.176.106	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:27.497819901 CEST	1.1.1.1	192.168.2.4	0x8592	No error (0)	www.google.com		64.233.176.104	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:27.497819901 CEST	1.1.1.1	192.168.2.4	0x8592	No error (0)	www.google.com		64.233.176.105	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:27.497819901 CEST	1.1.1.1	192.168.2.4	0x8592	No error (0)	www.google.com		64.233.176.103	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:27.497819901 CEST	1.1.1.1	192.168.2.4	0x8592	No error (0)	www.google.com		64.233.176.147	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:27.497819901 CEST	1.1.1.1	192.168.2.4	0x8592	No error (0)	www.google.com		64.233.176.99	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:27.498054981 CEST	1.1.1.1	192.168.2.4	0x745c	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 19, 2024 18:34:29.858275890 CEST	1.1.1.1	192.168.2.4	0xc9b9	No error (0)	player.tavoos.net		185.143.234.120	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:29.858275890 CEST	1.1.1.1	192.168.2.4	0xc9b9	No error (0)	player.tavoos.net		185.143.233.120	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:40.716192007 CEST	1.1.1.1	192.168.2.4	0x69f8	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:40.716192007 CEST	1.1.1.1	192.168.2.4	0x69f8	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:34:42.117877960 CEST	1.1.1.1	192.168.2.4	0x2ac3	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 18:34:42.117877960 CEST	1.1.1.1	192.168.2.4	0x2ac3	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:35:29.810920000 CEST	1.1.1.1	192.168.2.4	0x688e	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 19, 2024 18:35:29.810920000 CEST	1.1.1.1	192.168.2.4	0x688e	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

player.tavoos.net

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	185.143.234.120	443	732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 16:34:26 UTC	660	OUT	GET / HTTP/1.1 Host: player.tavoos.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 16:34:27 UTC	701	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 16:34:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Expires: Sat, 20 Apr 2024 02:34:27 GMT Cache-Control: max-age=36000 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range x-edge-cache: HIT x-powered-by: FastClick x-fast-e-node: 1 x-fast-e-build: 2024-02-17T14:48:05Z Content-Security-Policy: upgrade-insecure-requests X-XSS-Protection: 1; mode=block Server: ArvanCloud Server-Timing: total;dur=438 X-Cache: BYPASS X-Request-ID: 425fe7444efc25b350f80394f4f719dc X-SID: 6232
2024-04-19 16:34:27 UTC	3932	IN	Data Raw: 66 35 35 0d 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 0a 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f Data Ascii: f55<!doctype html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"> <meta http-equiv="X-UA-Compatible" co
2024-04-19 16:34:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	185.143.234.120	443	732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 16:34:27 UTC	597	OUT	GET /assets/favicon.ico HTTP/1.1 Host: player.tavoos.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://player.tavoos.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 16:34:28 UTC	674	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 16:34:27 GMT Content-Type: image/x-icon Content-Length: 118504 Connection: close Vary: Accept-Encoding Last-Modified: Thu, 25 May 2023 09:30:52 GMT ETag: "646f2acc-1cee8" Expires: Sat, 20 Apr 2024 02:34:27 GMT Cache-Control: max-age=36000 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range x-edge-cache: HIT x-powered-by: FastClick x-fast-e-node: 1 x-fast-e-build: 2024-02-17T14:48:05Z X-XSS-Protection: 1; mode=block Server: ArvanCloud Server-Timing: total;dur=0 X-Cache: HIT X-Request-ID: 1c44b4667ee099b31adc61f357a50a16 X-SID: 6232 Accept-Ranges: bytes
2024-04-19 16:34:28 UTC	15710	IN	Data Raw: 00 00 01 00 06 00 00 00 00 00 01 00 20 00 7a 49 00 00 66 00 00 00 80 80 00 00 01 00 20 00 28 08 01 00 e0 49 00 00 40 40 00 00 01 00 20 00 28 42 00 00 08 52 01 00 30 30 00 00 01 00 20 00 a8 25 00 00 30 94 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 d8 b9 01 00 10 10 00 00 01 00 20 00 68 04 00 00 80 ca 01 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 49 41 49 44 41 54 78 da ed bd d7 73 5c 57 9e e7 f9 81 a3 45 92 00 bd 27 93 46 24 45 19 48 82 6c 19 75 b5 a9 96 0a ec e1 54 57 4f 6c 6c c4 ec ee c3 44 ec 3e 2e 5e 26 f8 2f 2c df f8 b0 0f bb db 11 3b 0f 13 f3 30 d3 d1 3b 83 1d 72 50 5d 55 5d 52 49 55 25 53 10 05 49 14 3d 09 7a 80 16 26 09 9f c8 9c 87 ef f9 f1 5c 80 00 e1 6e 66 de 4c 9c 6f 44 46 c2 e3 de Data Ascii: zIf (I@@ (BR00 %0 hPNGIHDR\rfIAIDATxs\WE'F$EHluTWOllD>.^&/,;0;rP]U]RIU%SI=z&\nfLoDF
2024-04-19 16:34:28 UTC	16384	IN	Data Raw: 0b fc 3f 6b f0 4d 7d cf 00 1f a7 da 5a ae 67 8e 9d 9e a4 28 cc dc 1f 41 a4 52 0f 4a 4e 29 66 3b 30 6b 4f 5d 0e e3 c6 8a 0a c7 f2 4f 38 a2 d0 5a 5c 5b f9 76 2d 32 29 1f b1 74 b9 93 72 81 29 39 4b 7b 7e 48 e1 05 00 48 99 af 47 d6 e2 65 e0 71 aa ad e5 01 78 17 a5 b6 f6 c3 de 7c b6 bd 71 04 3f 6c e2 70 91 17 a7 1a 69 33 13 02 01 53 e0 04 c1 08 1a 59 f6 08 27 2c 4b d5 23 21 60 7e b0 8c c1 54 5b 8b 55 37 de 43 79 01 85 86 55 2b be 82 12 cb 2c f4 fc d4 d2 8e 5a 00 0f 51 41 c3 ab 28 ce 5b ac be 00 b5 28 86 b9 9a d2 77 22 4a 3c 22 69 c6 01 e5 87 47 88 b4 bd 8c 5c b9 62 58 bd cb 50 45 e6 3b 88 03 b8 83 ef 99 f8 54 e3 1a 11 77 15 a5 14 3e 2e e2 a2 58 12 43 8a 64 4e 20 0a 08 88 0b 96 05 6a 84 7b 31 04 b9 65 0a ee 41 9c 80 4d f7 86 c8 07 96 0c 74 1b 09 80 07 14 8f 90 Data Ascii: ?kM}Zg(ARJN)f;0kO]O8Z\[v-2)tr)9K{~HHGeqx\|q?lpi3SY',K#!`~T[U7CyU+,ZQA([(w"J<"iG\bXPE;Tw>.XCdN j{1eAMt
2024-04-19 16:34:28 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4b b1 0d 02 4b b1 0d 53 4b b1 0d f2 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d c5 4b b1 0d 22 4b b1 0d 01 11 b7 fc 02 11 b7 fc 36 11 b7 fc d8 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc d6 11 b7 fc 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: KKSKKKKKKKKKKKKKKKK"K6.
2024-04-19 16:34:28 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 89 00 01 d0 89 00 2f d0 89 00 e2 d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 e9 d0 89 00 53 d0 89 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 70 f3 09 21 70 f3 57 21 70 f3 c7 21 70 f3 fb 21 70 f3 ff 21 70 f3 ff 21 70 f3 ff 21 70 f3 ff 21 70 f3 eb 21 70 f3 69 21 70 f3 04 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: /S!p!pW!p!p!p!p!p!p!p!pi!p
2024-04-19 16:34:28 UTC	16384	IN	Data Raw: cc ef 4c 00 cc 42 4c 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 70 f3 02 21 70 f3 12 21 70 f3 33 21 70 f3 67 21 70 f3 91 21 70 f3 b7 21 70 f3 cb 21 70 f3 d8 21 70 f3 dc 21 Data Ascii: LBL!p!p!p3!pg!p!p!p!p!p!
2024-04-19 16:34:28 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-04-19 16:34:28 UTC	16384	IN	Data Raw: f3 ff 21 70 f3 ff 21 70 f3 ff 21 70 f3 ff 21 70 f3 dc 21 70 f3 42 21 70 f3 01 00 00 00 00 00 00 00 00 00 00 00 00 4c 00 cc 05 4c 00 cc b6 4c 00 cc 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 00 cc 0e 4c 00 cc d3 4c 00 cc ff 4c 00 cc ff 4c 00 cc ff 4c 00 cc c7 4c 00 cc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 89 00 00 d0 89 00 01 d0 89 00 04 d0 89 00 05 d0 89 00 05 d0 89 00 02 d0 89 00 00 d0 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 70 f3 02 21 70 f3 36 21 70 f3 aa 21 70 f3 eb 21 70 f3 fd 21 70 f3 ff 21 70 f3 ff 21 Data Ascii: !p!p!p!p!pB!pLLL)LLLLLLL!p!p6!p!p!p!p!p!
2024-04-19 16:34:28 UTC	4490	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4b b1 0d 5a 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d 6b 11 b7 fc b8 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 b7 fc 06 11 b7 fc 51 11 b7 fc 57 11 b7 fc 03 00 00 00 00 00 00 00 00 d0 89 00 1c d0 89 00 34 d0 89 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4b b1 0d 05 4b b1 0d bc 4b b1 0d ff 4b b1 0d ff 4b b1 0d c8 4b b1 0d 0c 11 b7 fc af 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ab 11 b7 fc 03 00 00 00 00 00 00 00 00 00 00 00 00 11 b7 fc 0e 11 b7 fc 5b 11 b7 fc 6e 11 b7 fc 1b 00 00 00 00 21 70 f3 01 4c 00 cc 00 4c 00 cc 06 d0 89 00 04 d0 89 00 48 d0 89 00 80 d0 89 00 6c d0 89 00 1c d0 89 00 00 00 Data Ascii: KZKKKKkEQW4KKKKKK[n!pLLHl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	104.123.200.136	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 16:34:29 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 16:34:29 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=84923 Date: Fri, 19 Apr 2024 16:34:29 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	104.123.200.136	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 16:34:30 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 16:34:30 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=84884 Date: Fri, 19 Apr 2024 16:34:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 16:34:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	185.143.234.120	443	732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 16:34:30 UTC	359	OUT	GET /assets/favicon.ico HTTP/1.1 Host: player.tavoos.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 16:34:30 UTC	674	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 16:34:30 GMT Content-Type: image/x-icon Content-Length: 118504 Connection: close Vary: Accept-Encoding Last-Modified: Thu, 25 May 2023 09:30:52 GMT ETag: "646f2acc-1cee8" Expires: Sat, 20 Apr 2024 02:34:30 GMT Cache-Control: max-age=36000 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Server,range,Content-Length,Content-Range x-edge-cache: HIT x-powered-by: FastClick x-fast-e-node: 1 x-fast-e-build: 2024-02-17T14:48:05Z X-XSS-Protection: 1; mode=block Server: ArvanCloud Server-Timing: total;dur=0 X-Cache: HIT X-Request-ID: 54ae7fe4439fe999a37be8bee1c153b4 X-SID: 6232 Accept-Ranges: bytes
2024-04-19 16:34:30 UTC	15710	IN	Data Raw: 00 00 01 00 06 00 00 00 00 00 01 00 20 00 7a 49 00 00 66 00 00 00 80 80 00 00 01 00 20 00 28 08 01 00 e0 49 00 00 40 40 00 00 01 00 20 00 28 42 00 00 08 52 01 00 30 30 00 00 01 00 20 00 a8 25 00 00 30 94 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 d8 b9 01 00 10 10 00 00 01 00 20 00 68 04 00 00 80 ca 01 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 49 41 49 44 41 54 78 da ed bd d7 73 5c 57 9e e7 f9 81 a3 45 92 00 bd 27 93 46 24 45 19 48 82 6c 19 75 b5 a9 96 0a ec e1 54 57 4f 6c 6c c4 ec ee c3 44 ec 3e 2e 5e 26 f8 2f 2c df f8 b0 0f bb db 11 3b 0f 13 f3 30 d3 d1 3b 83 1d 72 50 5d 55 5d 52 49 55 25 53 10 05 49 14 3d 09 7a 80 16 26 09 9f c8 9c 87 ef f9 f1 5c 80 00 e1 6e 66 de 4c 9c 6f 44 46 c2 e3 de Data Ascii: zIf (I@@ (BR00 %0 hPNGIHDR\rfIAIDATxs\WE'F$EHluTWOllD>.^&/,;0;rP]U]RIU%SI=z&\nfLoDF
2024-04-19 16:34:30 UTC	16384	IN	Data Raw: 0b fc 3f 6b f0 4d 7d cf 00 1f a7 da 5a ae 67 8e 9d 9e a4 28 cc dc 1f 41 a4 52 0f 4a 4e 29 66 3b 30 6b 4f 5d 0e e3 c6 8a 0a c7 f2 4f 38 a2 d0 5a 5c 5b f9 76 2d 32 29 1f b1 74 b9 93 72 81 29 39 4b 7b 7e 48 e1 05 00 48 99 af 47 d6 e2 65 e0 71 aa ad e5 01 78 17 a5 b6 f6 c3 de 7c b6 bd 71 04 3f 6c e2 70 91 17 a7 1a 69 33 13 02 01 53 e0 04 c1 08 1a 59 f6 08 27 2c 4b d5 23 21 60 7e b0 8c c1 54 5b 8b 55 37 de 43 79 01 85 86 55 2b be 82 12 cb 2c f4 fc d4 d2 8e 5a 00 0f 51 41 c3 ab 28 ce 5b ac be 00 b5 28 86 b9 9a d2 77 22 4a 3c 22 69 c6 01 e5 87 47 88 b4 bd 8c 5c b9 62 58 bd cb 50 45 e6 3b 88 03 b8 83 ef 99 f8 54 e3 1a 11 77 15 a5 14 3e 2e e2 a2 58 12 43 8a 64 4e 20 0a 08 88 0b 96 05 6a 84 7b 31 04 b9 65 0a ee 41 9c 80 4d f7 86 c8 07 96 0c 74 1b 09 80 07 14 8f 90 Data Ascii: ?kM}Zg(ARJN)f;0kO]O8Z\[v-2)tr)9K{~HHGeqx\|q?lpi3SY',K#!`~T[U7CyU+,ZQA([(w"J<"iG\bXPE;Tw>.XCdN j{1eAMt
2024-04-19 16:34:31 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4b b1 0d 02 4b b1 0d 53 4b b1 0d f2 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d c5 4b b1 0d 22 4b b1 0d 01 11 b7 fc 02 11 b7 fc 36 11 b7 fc d8 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc d6 11 b7 fc 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: KKSKKKKKKKKKKKKKKKK"K6.
2024-04-19 16:34:31 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 89 00 01 d0 89 00 2f d0 89 00 e2 d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 ff d0 89 00 e9 d0 89 00 53 d0 89 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 70 f3 09 21 70 f3 57 21 70 f3 c7 21 70 f3 fb 21 70 f3 ff 21 70 f3 ff 21 70 f3 ff 21 70 f3 ff 21 70 f3 eb 21 70 f3 69 21 70 f3 04 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: /S!p!pW!p!p!p!p!p!p!p!pi!p
2024-04-19 16:34:31 UTC	16384	IN	Data Raw: cc ef 4c 00 cc 42 4c 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 70 f3 02 21 70 f3 12 21 70 f3 33 21 70 f3 67 21 70 f3 91 21 70 f3 b7 21 70 f3 cb 21 70 f3 d8 21 70 f3 dc 21 Data Ascii: LBL!p!p!p3!pg!p!p!p!p!p!
2024-04-19 16:34:31 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-04-19 16:34:31 UTC	16384	IN	Data Raw: f3 ff 21 70 f3 ff 21 70 f3 ff 21 70 f3 ff 21 70 f3 dc 21 70 f3 42 21 70 f3 01 00 00 00 00 00 00 00 00 00 00 00 00 4c 00 cc 05 4c 00 cc b6 4c 00 cc 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 00 cc 0e 4c 00 cc d3 4c 00 cc ff 4c 00 cc ff 4c 00 cc ff 4c 00 cc c7 4c 00 cc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 89 00 00 d0 89 00 01 d0 89 00 04 d0 89 00 05 d0 89 00 05 d0 89 00 02 d0 89 00 00 d0 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 70 f3 02 21 70 f3 36 21 70 f3 aa 21 70 f3 eb 21 70 f3 fd 21 70 f3 ff 21 70 f3 ff 21 Data Ascii: !p!p!p!p!pB!pLLL)LLLLLLL!p!p6!p!p!p!p!p!
2024-04-19 16:34:31 UTC	4490	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4b b1 0d 5a 4b b1 0d ff 4b b1 0d ff 4b b1 0d ff 4b b1 0d 6b 11 b7 fc b8 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 b7 fc 06 11 b7 fc 51 11 b7 fc 57 11 b7 fc 03 00 00 00 00 00 00 00 00 d0 89 00 1c d0 89 00 34 d0 89 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4b b1 0d 05 4b b1 0d bc 4b b1 0d ff 4b b1 0d ff 4b b1 0d c8 4b b1 0d 0c 11 b7 fc af 11 b7 fc ff 11 b7 fc ff 11 b7 fc ff 11 b7 fc ab 11 b7 fc 03 00 00 00 00 00 00 00 00 00 00 00 00 11 b7 fc 0e 11 b7 fc 5b 11 b7 fc 6e 11 b7 fc 1b 00 00 00 00 21 70 f3 01 4c 00 cc 00 4c 00 cc 06 d0 89 00 04 d0 89 00 48 d0 89 00 80 d0 89 00 6c d0 89 00 1c d0 89 00 00 00 Data Ascii: KZKKKKkEQW4KKKKKK[n!pLLHl

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5304, Parent PID: 5696

General

Target ID:	0
Start time:	18:34:19
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 732, Parent PID: 5304

General

Target ID:	2
Start time:	18:34:21
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1616,i,2014383878655072585,3553885529192217202,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6464, Parent PID: 5696

General

Target ID:	3
Start time:	18:34:25
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://player.tavoos.net"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://player.tavoos.net

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5304, Parent PID: 5696

General

Chronological Activities

Analysis Process: chrome.exePID: 732, Parent PID: 5304

General

Chronological Activities

Analysis Process: chrome.exePID: 6464, Parent PID: 5696

General

Chronological Activities

Disassembly

Windows Analysis Report
https://player.tavoos.net