Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://client.log?ch=com_hippogames_ludosaga&gp=0&packageName=com.hippogames.ludosaga&versionName=2.4&appVersionName=3.5.4&appVersionCode=93&platform=Android&versionCode=27&appChannel=down&sid=00009043f204-5d27-4336-b134-af075bcb25431713860528877

Overview

General Information

Sample URL:http://client.log?ch=com_hippogames_ludosaga&gp=0&packageName=com.hippogames.ludosaga&versionName=2.4&appVersionName=3.5.4&appVersionCode=93&platform=Android&versionCode=27&appChannel=down&sid=0000904
Analysis ID:1430319
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2008,i,7602318062496808928,1908817332561963094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://client.log?ch=com_hippogames_ludosaga&gp=0&packageName=com.hippogames.ludosaga&versionName=2.4&appVersionName=3.5.4&appVersionCode=93&platform=Android&versionCode=27&appChannel=down&sid=00009043f204-5d27-4336-b134-af075bcb25431713860528877" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 23.210.0.112:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.210.0.112:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.107
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.107
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.107
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.107
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: unknownDNS traffic detected: queries for: client.log
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 23.210.0.112:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.210.0.112:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: classification engineClassification label: clean0.win@20/0@17/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2008,i,7602318062496808928,1908817332561963094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://client.log?ch=com_hippogames_ludosaga&gp=0&packageName=com.hippogames.ludosaga&versionName=2.4&appVersionName=3.5.4&appVersionCode=93&platform=Android&versionCode=27&appChannel=down&sid=00009043f204-5d27-4336-b134-af075bcb25431713860528877"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2008,i,7602318062496808928,1908817332561963094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://client.log?ch=com_hippogames_ludosaga&gp=0&packageName=com.hippogames.ludosaga&versionName=2.4&appVersionName=3.5.4&appVersionCode=93&platform=Android&versionCode=27&appChannel=down&sid=00009043f204-5d27-4336-b134-af075bcb254317138605288770%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
108.177.122.139
truefalse
    		high
    www.google.com
    		74.125.136.105
    		truefalse
      		high
      fp2e7a.wpc.phicdn.net
      		192.229.211.108
      		truefalse
        		unknown
        client.log
        		unknown
        		unknownfalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          74.125.136.105
          		www.google.comUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.4

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1430319
          Start date and time:2024-04-23 14:15:27 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 8s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://client.log?ch=com_hippogames_ludosaga&gp=0&packageName=com.hippogames.ludosaga&versionName=2.4&appVersionName=3.5.4&appVersionCode=93&platform=Android&versionCode=27&appChannel=down&sid=00009043f204-5d27-4336-b134-af075bcb25431713860528877
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:8
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean0.win@20/0@17/3
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 74.125.138.94, 172.253.124.84, 64.233.185.101, 64.233.185.138, 64.233.185.113, 64.233.185.139, 64.233.185.102, 64.233.185.100, 34.104.35.123, 52.165.165.26, 23.207.202.17, 23.207.202.15, 23.207.202.20, 23.207.202.13, 23.207.202.21, 23.207.202.16, 23.207.202.23, 23.207.202.22, 23.207.202.14, 192.229.211.108, 20.242.39.171, 20.3.187.198, 64.233.176.94
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: http://client.log?ch=com_hippogames_ludosaga&gp=0&packageName=com.hippogames.ludosaga&versionName=2.4&appVersionName=3.5.4&appVersionCode=93&platform=Android&versionCode=27&appChannel=down&sid=00009043f204-5d27-4336-b134-af075bcb25431713860528877

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 23, 2024 14:16:09.879224062 CEST49678443192.168.2.4104.46.162.224
          Apr 23, 2024 14:16:11.379175901 CEST49675443192.168.2.4173.222.162.32
          Apr 23, 2024 14:16:20.987245083 CEST49675443192.168.2.4173.222.162.32
          Apr 23, 2024 14:16:23.361248970 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:23.361299038 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:23.361371994 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:23.363735914 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:23.363749981 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:23.581126928 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:23.586587906 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:23.586677074 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:23.587975025 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:23.588118076 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:23.591078997 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:23.591196060 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:23.643790960 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:23.643874884 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:23.690635920 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:23.900460958 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:23.900516033 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:23.900834084 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:23.905111074 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:23.905142069 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.155047894 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.155148983 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.160181046 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.160211086 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.160471916 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.206461906 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.249562979 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.296129942 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.391248941 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.391376972 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.391452074 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.391978025 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.392018080 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.392054081 CEST49738443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.392070055 CEST4434973823.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.429745913 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.429827929 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.429897070 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.430166960 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.430197001 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.670164108 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.670252085 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.671422005 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.671437979 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.671642065 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.673038006 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.716147900 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.909410954 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.909501076 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.909693003 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.911803961 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.911837101 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:24.911865950 CEST49739443192.168.2.423.210.0.112
          Apr 23, 2024 14:16:24.911881924 CEST4434973923.210.0.112192.168.2.4
          Apr 23, 2024 14:16:33.580533981 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:33.580620050 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:16:33.580763102 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:35.279560089 CEST49737443192.168.2.474.125.136.105
          Apr 23, 2024 14:16:35.279630899 CEST4434973774.125.136.105192.168.2.4
          Apr 23, 2024 14:17:23.292654991 CEST49748443192.168.2.474.125.136.105
          Apr 23, 2024 14:17:23.292684078 CEST4434974874.125.136.105192.168.2.4
          Apr 23, 2024 14:17:23.293308973 CEST49748443192.168.2.474.125.136.105
          Apr 23, 2024 14:17:23.293752909 CEST49748443192.168.2.474.125.136.105
          Apr 23, 2024 14:17:23.293767929 CEST4434974874.125.136.105192.168.2.4
          Apr 23, 2024 14:17:23.506772995 CEST4434974874.125.136.105192.168.2.4
          Apr 23, 2024 14:17:23.507072926 CEST49748443192.168.2.474.125.136.105
          Apr 23, 2024 14:17:23.507088900 CEST4434974874.125.136.105192.168.2.4
          Apr 23, 2024 14:17:23.507380009 CEST4434974874.125.136.105192.168.2.4
          Apr 23, 2024 14:17:23.507817030 CEST49748443192.168.2.474.125.136.105
          Apr 23, 2024 14:17:23.507880926 CEST4434974874.125.136.105192.168.2.4
          Apr 23, 2024 14:17:23.552999973 CEST49748443192.168.2.474.125.136.105
          Apr 23, 2024 14:17:28.831720114 CEST4972480192.168.2.423.45.182.107
          Apr 23, 2024 14:17:28.831795931 CEST4972380192.168.2.423.45.182.107
          Apr 23, 2024 14:17:28.951709032 CEST804972323.45.182.107192.168.2.4
          Apr 23, 2024 14:17:28.951798916 CEST4972380192.168.2.423.45.182.107
          Apr 23, 2024 14:17:28.952186108 CEST804972423.45.182.107192.168.2.4
          Apr 23, 2024 14:17:28.952261925 CEST4972480192.168.2.423.45.182.107
          Apr 23, 2024 14:17:33.585834026 CEST4434974874.125.136.105192.168.2.4
          Apr 23, 2024 14:17:33.585944891 CEST4434974874.125.136.105192.168.2.4
          Apr 23, 2024 14:17:33.586108923 CEST49748443192.168.2.474.125.136.105
          Apr 23, 2024 14:17:35.259428024 CEST49748443192.168.2.474.125.136.105
          Apr 23, 2024 14:17:35.259453058 CEST4434974874.125.136.105192.168.2.4

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 23, 2024 14:16:18.925530910 CEST53546261.1.1.1192.168.2.4
          Apr 23, 2024 14:16:18.957189083 CEST53551641.1.1.1192.168.2.4
          Apr 23, 2024 14:16:19.582799911 CEST53519321.1.1.1192.168.2.4
          Apr 23, 2024 14:16:20.227986097 CEST6467853192.168.2.41.1.1.1
          Apr 23, 2024 14:16:20.228127003 CEST5710153192.168.2.41.1.1.1
          Apr 23, 2024 14:16:20.346672058 CEST53646781.1.1.1192.168.2.4
          Apr 23, 2024 14:16:20.383047104 CEST5262553192.168.2.41.1.1.1
          Apr 23, 2024 14:16:20.431849957 CEST53571011.1.1.1192.168.2.4
          Apr 23, 2024 14:16:20.489212990 CEST53526251.1.1.1192.168.2.4
          Apr 23, 2024 14:16:20.517524004 CEST5324353192.168.2.48.8.8.8
          Apr 23, 2024 14:16:20.517666101 CEST4952053192.168.2.41.1.1.1
          Apr 23, 2024 14:16:20.622762918 CEST53495201.1.1.1192.168.2.4
          Apr 23, 2024 14:16:20.623027086 CEST53532438.8.8.8192.168.2.4
          Apr 23, 2024 14:16:21.523119926 CEST5229253192.168.2.41.1.1.1
          Apr 23, 2024 14:16:21.523257017 CEST5532453192.168.2.41.1.1.1
          Apr 23, 2024 14:16:21.628897905 CEST53522921.1.1.1192.168.2.4
          Apr 23, 2024 14:16:21.649826050 CEST53553241.1.1.1192.168.2.4
          Apr 23, 2024 14:16:23.242541075 CEST5376653192.168.2.41.1.1.1
          Apr 23, 2024 14:16:23.243617058 CEST6307253192.168.2.41.1.1.1
          Apr 23, 2024 14:16:23.347589970 CEST53537661.1.1.1192.168.2.4
          Apr 23, 2024 14:16:23.348644018 CEST53630721.1.1.1192.168.2.4
          Apr 23, 2024 14:16:26.709983110 CEST5777953192.168.2.41.1.1.1
          Apr 23, 2024 14:16:26.710115910 CEST6167153192.168.2.41.1.1.1
          Apr 23, 2024 14:16:26.833786011 CEST53616711.1.1.1192.168.2.4
          Apr 23, 2024 14:16:26.833901882 CEST53577791.1.1.1192.168.2.4
          Apr 23, 2024 14:16:26.836477041 CEST5307953192.168.2.41.1.1.1
          Apr 23, 2024 14:16:26.962070942 CEST53530791.1.1.1192.168.2.4
          Apr 23, 2024 14:16:36.468705893 CEST53527391.1.1.1192.168.2.4
          Apr 23, 2024 14:16:40.400731087 CEST138138192.168.2.4192.168.2.255
          Apr 23, 2024 14:16:55.391995907 CEST53655011.1.1.1192.168.2.4
          Apr 23, 2024 14:16:57.054550886 CEST5755153192.168.2.41.1.1.1
          Apr 23, 2024 14:16:57.055083990 CEST5830253192.168.2.41.1.1.1
          Apr 23, 2024 14:16:57.160358906 CEST53575511.1.1.1192.168.2.4
          Apr 23, 2024 14:16:57.179555893 CEST53583021.1.1.1192.168.2.4
          Apr 23, 2024 14:16:57.180712938 CEST6146653192.168.2.41.1.1.1
          Apr 23, 2024 14:16:57.305160046 CEST53614661.1.1.1192.168.2.4
          Apr 23, 2024 14:17:10.363384962 CEST6078053192.168.2.41.1.1.1
          Apr 23, 2024 14:17:10.488444090 CEST53607801.1.1.1192.168.2.4
          Apr 23, 2024 14:17:17.886445999 CEST53631591.1.1.1192.168.2.4
          Apr 23, 2024 14:17:18.752660036 CEST53549741.1.1.1192.168.2.4
          Apr 23, 2024 14:17:31.413048029 CEST6068653192.168.2.41.1.1.1
          Apr 23, 2024 14:17:31.518913031 CEST53606861.1.1.1192.168.2.4

          ICMP Packets

          TimestampSource IPDest IPChecksumCodeType
          Apr 23, 2024 14:16:20.431921005 CEST192.168.2.41.1.1.1c22b(Port unreachable)Destination Unreachable

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Apr 23, 2024 14:16:20.227986097 CEST192.168.2.41.1.1.10x2627Standard query (0)client.logA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.228127003 CEST192.168.2.41.1.1.10xc8b9Standard query (0)client.log65IN (0x0001)false
          Apr 23, 2024 14:16:20.383047104 CEST192.168.2.41.1.1.10x10b8Standard query (0)client.logA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.517524004 CEST192.168.2.48.8.8.80xdaccStandard query (0)google.comA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.517666101 CEST192.168.2.41.1.1.10x1d0aStandard query (0)google.comA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:21.523119926 CEST192.168.2.41.1.1.10xf911Standard query (0)client.logA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:21.523257017 CEST192.168.2.41.1.1.10x22deStandard query (0)client.log65IN (0x0001)false
          Apr 23, 2024 14:16:23.242541075 CEST192.168.2.41.1.1.10x6c51Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:23.243617058 CEST192.168.2.41.1.1.10x88f8Standard query (0)www.google.com65IN (0x0001)false
          Apr 23, 2024 14:16:26.709983110 CEST192.168.2.41.1.1.10xf7a3Standard query (0)client.logA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:26.710115910 CEST192.168.2.41.1.1.10xe305Standard query (0)client.log65IN (0x0001)false
          Apr 23, 2024 14:16:26.836477041 CEST192.168.2.41.1.1.10x9d14Standard query (0)client.logA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:57.054550886 CEST192.168.2.41.1.1.10x3f1Standard query (0)client.logA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:57.055083990 CEST192.168.2.41.1.1.10xdbdStandard query (0)client.log65IN (0x0001)false
          Apr 23, 2024 14:16:57.180712938 CEST192.168.2.41.1.1.10xcf51Standard query (0)client.logA (IP address)IN (0x0001)false
          Apr 23, 2024 14:17:10.363384962 CEST192.168.2.41.1.1.10xee79Standard query (0)client.logA (IP address)IN (0x0001)false
          Apr 23, 2024 14:17:31.413048029 CEST192.168.2.41.1.1.10xd8e4Standard query (0)client.logA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Apr 23, 2024 14:16:20.346672058 CEST1.1.1.1192.168.2.40x2627Name error (3)client.lognonenoneA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.431849957 CEST1.1.1.1192.168.2.40xc8b9Name error (3)client.lognonenone65IN (0x0001)false
          Apr 23, 2024 14:16:20.489212990 CEST1.1.1.1192.168.2.40x10b8Name error (3)client.lognonenoneA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.622762918 CEST1.1.1.1192.168.2.40x1d0aNo error (0)google.com108.177.122.139A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.622762918 CEST1.1.1.1192.168.2.40x1d0aNo error (0)google.com108.177.122.102A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.622762918 CEST1.1.1.1192.168.2.40x1d0aNo error (0)google.com108.177.122.100A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.622762918 CEST1.1.1.1192.168.2.40x1d0aNo error (0)google.com108.177.122.101A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.622762918 CEST1.1.1.1192.168.2.40x1d0aNo error (0)google.com108.177.122.138A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.622762918 CEST1.1.1.1192.168.2.40x1d0aNo error (0)google.com108.177.122.113A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.623027086 CEST8.8.8.8192.168.2.40xdaccNo error (0)google.com142.250.105.139A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.623027086 CEST8.8.8.8192.168.2.40xdaccNo error (0)google.com142.250.105.100A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.623027086 CEST8.8.8.8192.168.2.40xdaccNo error (0)google.com142.250.105.138A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.623027086 CEST8.8.8.8192.168.2.40xdaccNo error (0)google.com142.250.105.113A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.623027086 CEST8.8.8.8192.168.2.40xdaccNo error (0)google.com142.250.105.102A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:20.623027086 CEST8.8.8.8192.168.2.40xdaccNo error (0)google.com142.250.105.101A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:21.628897905 CEST1.1.1.1192.168.2.40xf911Name error (3)client.lognonenoneA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:21.649826050 CEST1.1.1.1192.168.2.40x22deName error (3)client.lognonenone65IN (0x0001)false
          Apr 23, 2024 14:16:23.347589970 CEST1.1.1.1192.168.2.40x6c51No error (0)www.google.com74.125.136.105A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:23.347589970 CEST1.1.1.1192.168.2.40x6c51No error (0)www.google.com74.125.136.99A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:23.347589970 CEST1.1.1.1192.168.2.40x6c51No error (0)www.google.com74.125.136.106A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:23.347589970 CEST1.1.1.1192.168.2.40x6c51No error (0)www.google.com74.125.136.103A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:23.347589970 CEST1.1.1.1192.168.2.40x6c51No error (0)www.google.com74.125.136.147A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:23.347589970 CEST1.1.1.1192.168.2.40x6c51No error (0)www.google.com74.125.136.104A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:23.348644018 CEST1.1.1.1192.168.2.40x88f8No error (0)www.google.com65IN (0x0001)false
          Apr 23, 2024 14:16:26.833786011 CEST1.1.1.1192.168.2.40xe305Name error (3)client.lognonenone65IN (0x0001)false
          Apr 23, 2024 14:16:26.833901882 CEST1.1.1.1192.168.2.40xf7a3Name error (3)client.lognonenoneA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:26.962070942 CEST1.1.1.1192.168.2.40x9d14Name error (3)client.lognonenoneA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:34.564575911 CEST1.1.1.1192.168.2.40x12a4No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Apr 23, 2024 14:16:34.564575911 CEST1.1.1.1192.168.2.40x12a4No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:47.626053095 CEST1.1.1.1192.168.2.40xf76bNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Apr 23, 2024 14:16:47.626053095 CEST1.1.1.1192.168.2.40xf76bNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:57.160358906 CEST1.1.1.1192.168.2.40x3f1Name error (3)client.lognonenoneA (IP address)IN (0x0001)false
          Apr 23, 2024 14:16:57.179555893 CEST1.1.1.1192.168.2.40xdbdName error (3)client.lognonenone65IN (0x0001)false
          Apr 23, 2024 14:16:57.305160046 CEST1.1.1.1192.168.2.40xcf51Name error (3)client.lognonenoneA (IP address)IN (0x0001)false
          Apr 23, 2024 14:17:10.488444090 CEST1.1.1.1192.168.2.40xee79Name error (3)client.lognonenoneA (IP address)IN (0x0001)false
          Apr 23, 2024 14:17:31.518913031 CEST1.1.1.1192.168.2.40xd8e4Name error (3)client.lognonenoneA (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • fs.microsoft.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.44973823.210.0.112443
          TimestampBytes transferredDirectionData
          2024-04-23 12:16:24 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-04-23 12:16:24 UTC510INHTTP/1.1 200 OK
          Content-Type: application/octet-stream
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
          Cache-Control: public, max-age=67566
          Date: Tue, 23 Apr 2024 12:16:24 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.44973923.210.0.112443
          TimestampBytes transferredDirectionData
          2024-04-23 12:16:24 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-04-23 12:16:24 UTC530INHTTP/1.1 200 OK
          Content-Type: application/octet-stream
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
          Cache-Control: public, max-age=67566
          Date: Tue, 23 Apr 2024 12:16:24 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-04-23 12:16:24 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:14:16:13
          Start date:23/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:14:16:17
          Start date:23/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2008,i,7602318062496808928,1908817332561963094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:14:16:19
          Start date:23/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://client.log?ch=com_hippogames_ludosaga&gp=0&packageName=com.hippogames.ludosaga&versionName=2.4&appVersionName=3.5.4&appVersionCode=93&platform=Android&versionCode=27&appChannel=down&sid=00009043f204-5d27-4336-b134-af075bcb25431713860528877"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly