Edit tour

Windows Analysis Report
https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==

Overview

General Information

Sample URL:	https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==
Analysis ID:	1431899
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2000,i,4081994991064466867,11333810919001882514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /report/v4?s=51UWYJ1yzv%2BnpvLz4yiTRovIguO%2FEQs4WvKc9tJcoQd%2FNIbZT0uZodSqY3fh57OxpY0DJ%2F3UAy5tIAjMbLKfBa5L9xzSj9caKy8G%2B7wO9OZ371WOqnHDCkzAH2ymgao%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 533Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 21:53:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: public, max-age=14400, must-revalidateCache-Status: "Netlify Edge"; hitX-Nf-Request-Id: 01HWBM0B436RT45DV42HDV8B8RCF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=51UWYJ1yzv%2BnpvLz4yiTRovIguO%2FEQs4WvKc9tJcoQd%2FNIbZT0uZodSqY3fh57OxpY0DJ%2F3UAy5tIAjMbLKfBa5L9xzSj9caKy8G%2B7wO9OZ371WOqnHDCkzAH2ymgao%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87a1917e7b95456c-ATLalt-svc: h3=":443"; ma=86400

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49718 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/10@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2000,i,4081994991064466867,11333810919001882514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2000,i,4081994991064466867,11333810919001882514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://quickchart.io/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
quickchart.io	172.67.68.66	true	false	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
www.google.com	108.177.122.106	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==	false		unknown
https://quickchart.io/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
108.177.122.106	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.68.66	quickchart.io	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431899
Start date and time:	2024-04-25 23:52:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/10@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 173.194.219.94, 74.125.136.139, 74.125.136.102, 74.125.136.138, 74.125.136.101, 74.125.136.113, 74.125.136.100, 142.251.15.84, 34.104.35.123, 40.68.123.157, 23.45.13.184, 192.229.211.108, 72.21.81.240, 13.85.23.206, 20.3.187.198, 64.233.177.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==

Source	URL
Screenshot	http://(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==
Screenshot	http://(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 20:53:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9936012453982817
Encrypted:	false
SSDEEP:	48:81daTmW2HqidAKZdA19ehwiZUklqehly+3:8S7Tmy
MD5:	9E34D4A0AC4861A3C8144C9F1369E572
SHA1:	229703E0207F6EC18C88ABE2DB3795BBC3E7A7A0
SHA-256:	624B40C59A76B6E232536F987EB65F28D3933DEA192829791F6EA3437B024873
SHA-512:	70A01C4C7894DEE3FBEC84CD0A08EDF05E9CFA585BC8DF257FB31C7E434A0AF21387DECA9CCE46C34E3F23B4724556EE53718D39A81AC664F7F947ECB0F5DA06
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....,z'.[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 20:53:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.008519902870375
Encrypted:	false
SSDEEP:	48:8QdaTmW2HqidAKZdA1weh/iZUkAQkqehWy+2:8Z7h9Q/y
MD5:	426DAC19919813E735F202EC60E3B6B7
SHA1:	401F70D1810D84746C61921FFC24FB48E35D0301
SHA-256:	9784A2D93FDE54A02DE12C173445177078F8C325FFBB793A5E02A93BC1BCBFED
SHA-512:	77EEB759B8920E912A9987CAA35374A7091FC2FE1D2BD64A8EA9C64D163F059C7892C58ED638004199FB4298B0541E1E58D62609E2A6E87FECBFC8B67C493151
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....P..[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.014176783973843
Encrypted:	false
SSDEEP:	48:8xXdaTmWsHqidAKZdA14tseh7sFiZUkmgqeh7sYy+BX:8xI73niy
MD5:	BBBBDA90E366FE274D247039ECCC0690
SHA1:	F0306F64BF09D539350B55BD1E78D0CE9B6662EF
SHA-256:	F265F50FEB3C7D6BA47179AB9FDF3E3F4B38A64D3D87757AC0D2AF8AAB148B09
SHA-512:	27E4DBB29F39F0BF310A0A688DAF2B19084174746CEE0B3557901F4832A8B126514814D5FA88A8AE11440BF5892DBCF68B9561C081D32765039A65BAA8926363
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 20:53:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.008813897298973
Encrypted:	false
SSDEEP:	48:8qdaTmW2HqidAKZdA1vehDiZUkwqehKy+R:8/7CAy
MD5:	DE3DC5F07FBF330398037EFEC5C16588
SHA1:	CE3BCBC93615A580E5A6159945577CEDEF0E4DAF
SHA-256:	F0199E0FE84B74819DF6CDB1D17051449E851B6E334576C368063147F1CA6AB8
SHA-512:	C6BE0B9C59EFE8954F6813FB84DFECCF958A78BA486630F8C9E7E41ACF328949E4E26EB3717798DAC4FD556726EDBF6761DC96A60E274528FCA638D592E70A5D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 20:53:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.99695664237164
Encrypted:	false
SSDEEP:	48:88daTmW2HqidAKZdA1hehBiZUk1W1qehky+C:897y9Ey
MD5:	28FF5AD08FAA682AF1B74DD8DB25B25A
SHA1:	72628E780B7EE4B329B3933FEABD879B853F2538
SHA-256:	29D01FCC96814640B15DA7592CCB88B2422A3A1857DE3FD0CC785520F0667F5E
SHA-512:	26A705A60D736692B02F37A80C78DA79E3D768748DFD1F22D6BF234630B0BC598FD00468797BEA3EB541E6403EBDDE0AE8BF47A97E8E84286DB94DBF54CDC9CE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......!.[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 20:53:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.006325134175245
Encrypted:	false
SSDEEP:	48:8adaTmW2HqidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbiy+yT+:8P7sT/TbxWOvTbiy7T
MD5:	33EBF29803B8EF2D52C205150A634B58
SHA1:	6D122A786AAAD1DEDFDF04CE52C496D3BA604E80
SHA-256:	F69A78992D568C952D3B077E16F3DD294AE19A53A2DC990E4BE53ACC62967289
SHA-512:	8153B1CA80B0DEDB9CC2D905EF7AFF83B07283FAAC3CD13DB40B9CA889F978EA955420A69E6F7C63BD0262E186D22F8158170DB78F7F52435A519275F17A56B1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....YP..[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	606
Entropy (8bit):	7.65311321988585
Encrypted:	false
SSDEEP:	12:WbY4Z1OBHUtgYtbJaPZsTWExDdVbcJ+4L526VaDubewmDiPU:i1O6tg4aBcW0HbcM4Nta6qwFU
MD5:	F505F29AB2A01213CFE1AED2A26FED5E
SHA1:	8C70C410861C5B6900A6AA91285FDCE92E8179E2
SHA-256:	E9123C880222CAF307EEB9D7F4E37924E42EDB6DAF1668A355AA725E94CD67E2
SHA-512:	BEE570E86C5D336FA1B187B9DE1D832768127CEF5869D5028DC7112DF5829642A4175ED9C2F31A7A6C675ECE526B2666E1C0C2DA09B899347443E5BB3B5C6E7B
Malicious:	false
Reputation:	low
URL:	https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==
Preview:	RIFFV...WEBPVP8LJ.../.@%..0..?...x..l{.I.....t..^a:S'.U.\..M..j(mH.Xs..e6u..\.Jk...}..K#.?..1...D><...........>....l.....x.G ...%q.D..%....@..k%.^.~.Q...A.%....}}.o..D.......V..4+....... ..A....v.+..x$...R.ZW....5.5..].,:..G.a....>.X.V4.C.%}...`.....".4...u.l.x..M..~.a$).+:5....X.fx...K.9....]..+.~..@N<......zJ........i. .R.......C..i.p.....3..[..p..+.O..H.x ....:AvA3.j..u.....\|cuh0.a..f...R..J8l.I.....K.....D5..-._.....{.....J....@....~.Z`..c.*XN.....F.KR..F..].8......9..'Z....k$h..&..........YP}...y.].ZBO..4.W.=\..f..$)W...S....NX6.cC.b.$K......+Y.<.W....W.......^.:.N....

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	689
Entropy (8bit):	5.213713163225344
Encrypted:	false
SSDEEP:	12:qTpXzAy7deR/MmZXk+TMbuSTfJf4x5tRgKQrGUNfDz/vncdcku/QL:0pjACdeR/DUBbHfJfYforG0ff//3o
MD5:	F31AB7E3803C072CF887F77434B09E53
SHA1:	6EC388D9157329C069A0B1F3BFD29ECDB63FCF82
SHA-256:	C24FEA7BBEBDA4668A6D286CD4BA639C72DAFA56DDA3BBE3FD2FE9C0D20C0CD9
SHA-512:	90306A6D79A17610AA9E56D3CB1D33F4399EA3DB18125BBA6CD46B180CF4250F7092819E3FD31254551C58AEB7DBDC8852A26B56F71F53F77D243338AFB9AD90
Malicious:	false
Reputation:	low
URL:	https://quickchart.io/favicon.ico
Preview:	<!doctype html>.<html lang="en">.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<title>404 Not Found</title>.<style>. body { text-align: center; }. h1 { font-size: 3em; }. p { font-size: 1.25em; }. </style>.</head>.<body>.<h1>404 Not Found</h1>.<hr/>.<p>.Please <a href="#" onclick="if (!window.__cfRLUnblockHandlers) return false; window.history.back()" data-cf-modified-174cb9cf684667ed80c8b358->go back</a> or return to the <a href="/">home page</a>..</p>.<script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="174cb9cf684667ed80c8b358-\|49" defer></script></body>.</html>.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 23:53:44.102752924 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:53:44.104149103 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:53:44.212162971 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:53:51.360651016 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.360739946 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.360831976 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.361038923 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.361068010 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.369769096 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.369856119 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.369952917 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.370160103 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.370189905 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.719947100 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.720261097 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.720336914 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.721795082 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.721877098 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.722848892 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.722942114 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.723104954 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.723124981 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.727785110 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.727986097 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.728040934 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.729696989 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.729773998 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.730509043 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.730602026 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.769232988 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.784856081 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:51.784883022 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:51.832736969 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:52.298350096 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:52.298691034 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:52.298767090 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:52.300478935 CEST	49710	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:52.300520897 CEST	443	49710	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:52.338747978 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:52.380141020 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:52.900155067 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:52.900530100 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:52.900712013 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:52.907589912 CEST	49711	443	192.168.2.5	172.67.68.66
Apr 25, 2024 23:53:52.907627106 CEST	443	49711	172.67.68.66	192.168.2.5
Apr 25, 2024 23:53:53.020955086 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.020986080 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.021049023 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.021548986 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.021564960 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.253515959 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.270679951 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.270699024 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.272254944 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.272336960 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.277879000 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.277960062 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.278225899 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.278232098 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.326189995 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.494498014 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.494580030 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.494640112 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.495413065 CEST	49714	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.495428085 CEST	443	49714	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.544425964 CEST	49715	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.544455051 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.544528008 CEST	49715	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.545672894 CEST	49715	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.545687914 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.716819048 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:53:53.716941118 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:53:53.771585941 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.787798882 CEST	49715	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.787815094 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.788549900 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.789658070 CEST	49715	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.789726019 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.790292978 CEST	49715	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:53.826222897 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:53:53.832125902 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:53.951401949 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:53:53.951442957 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:53:53.951509953 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:53:53.951994896 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:53:53.952033043 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:53:54.022679090 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:54.022748947 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:54.022797108 CEST	49715	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:54.022938967 CEST	49715	443	192.168.2.5	35.190.80.1
Apr 25, 2024 23:53:54.022952080 CEST	443	49715	35.190.80.1	192.168.2.5
Apr 25, 2024 23:53:54.184779882 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:53:54.185070992 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:53:54.185108900 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:53:54.186326981 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:53:54.186603069 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:53:54.374002934 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:53:54.374164104 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:53:54.419641018 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:53:54.419677019 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:53:54.468391895 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:53:54.553452969 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.553474903 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:54.553888083 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.557209015 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.557218075 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:54.784825087 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:54.784981966 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.788516998 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.788521051 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:54.788752079 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:54.844111919 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.874651909 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.916117907 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:54.999380112 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:54.999445915 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:54.999569893 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.999571085 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.999623060 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:54.999634981 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.050064087 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.050098896 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.050251961 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.052143097 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.052160978 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.258191109 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 25, 2024 23:53:55.258299112 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:53:55.276181936 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.276247025 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.278080940 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.278090000 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.278359890 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.280500889 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.328113079 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.499674082 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.499753952 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.499800920 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.500773907 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.500792027 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:53:55.500832081 CEST	49718	443	192.168.2.5	23.220.189.216
Apr 25, 2024 23:53:55.500838041 CEST	443	49718	23.220.189.216	192.168.2.5
Apr 25, 2024 23:54:04.207313061 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:04.207468987 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:04.207541943 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:54:05.009036064 CEST	49716	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:54:05.009083986 CEST	443	49716	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:05.683415890 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:05.683830023 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:05.687500954 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:05.687534094 CEST	443	49722	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:05.687645912 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:05.690313101 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:05.690335989 CEST	443	49722	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:05.842904091 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:05.842922926 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:06.023508072 CEST	443	49722	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:06.023587942 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:06.041805983 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:06.041821957 CEST	443	49722	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:06.042855978 CEST	443	49722	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:06.042920113 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:06.043380022 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:06.043535948 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:06.043612957 CEST	443	49722	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:06.369395018 CEST	443	49722	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:06.369482994 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:06.369646072 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:06.369829893 CEST	443	49722	23.1.237.91	192.168.2.5
Apr 25, 2024 23:54:06.369898081 CEST	49722	443	192.168.2.5	23.1.237.91
Apr 25, 2024 23:54:54.272674084 CEST	49728	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:54:54.272751093 CEST	443	49728	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:54.273036957 CEST	49728	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:54:54.273036957 CEST	49728	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:54:54.273108959 CEST	443	49728	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:54.496851921 CEST	443	49728	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:54.497457027 CEST	49728	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:54:54.497503042 CEST	443	49728	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:54.497826099 CEST	443	49728	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:54.500941992 CEST	49728	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:54:54.501029015 CEST	443	49728	108.177.122.106	192.168.2.5
Apr 25, 2024 23:54:54.545126915 CEST	49728	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:55:04.536406040 CEST	443	49728	108.177.122.106	192.168.2.5
Apr 25, 2024 23:55:04.536467075 CEST	443	49728	108.177.122.106	192.168.2.5
Apr 25, 2024 23:55:04.536550045 CEST	49728	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:55:06.151815891 CEST	49728	443	192.168.2.5	108.177.122.106
Apr 25, 2024 23:55:06.151880026 CEST	443	49728	108.177.122.106	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 23:53:50.059317112 CEST	53	61341	1.1.1.1	192.168.2.5
Apr 25, 2024 23:53:50.065278053 CEST	53	57529	1.1.1.1	192.168.2.5
Apr 25, 2024 23:53:50.701829910 CEST	53	55750	1.1.1.1	192.168.2.5
Apr 25, 2024 23:53:51.246937990 CEST	62362	53	192.168.2.5	1.1.1.1
Apr 25, 2024 23:53:51.247615099 CEST	63795	53	192.168.2.5	1.1.1.1
Apr 25, 2024 23:53:51.359580040 CEST	53	63795	1.1.1.1	192.168.2.5
Apr 25, 2024 23:53:51.359940052 CEST	53	62362	1.1.1.1	192.168.2.5
Apr 25, 2024 23:53:52.902503014 CEST	58657	53	192.168.2.5	1.1.1.1
Apr 25, 2024 23:53:52.902806997 CEST	64821	53	192.168.2.5	1.1.1.1
Apr 25, 2024 23:53:53.012911081 CEST	53	58657	1.1.1.1	192.168.2.5
Apr 25, 2024 23:53:53.013420105 CEST	53	64821	1.1.1.1	192.168.2.5
Apr 25, 2024 23:53:53.838860989 CEST	50454	53	192.168.2.5	1.1.1.1
Apr 25, 2024 23:53:53.839354038 CEST	64613	53	192.168.2.5	1.1.1.1
Apr 25, 2024 23:53:53.949115992 CEST	53	50454	1.1.1.1	192.168.2.5
Apr 25, 2024 23:53:53.949480057 CEST	53	64613	1.1.1.1	192.168.2.5
Apr 25, 2024 23:54:07.954860926 CEST	53	63264	1.1.1.1	192.168.2.5
Apr 25, 2024 23:54:26.984580040 CEST	53	57600	1.1.1.1	192.168.2.5
Apr 25, 2024 23:54:49.253320932 CEST	53	52699	1.1.1.1	192.168.2.5
Apr 25, 2024 23:54:49.359735966 CEST	53	64456	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 25, 2024 23:53:51.246937990 CEST	192.168.2.5	1.1.1.1	0xfb0	Standard query (0)	quickchart.io	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:51.247615099 CEST	192.168.2.5	1.1.1.1	0xfbdd	Standard query (0)	quickchart.io	65	IN (0x0001)	false
Apr 25, 2024 23:53:52.902503014 CEST	192.168.2.5	1.1.1.1	0x42c1	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:52.902806997 CEST	192.168.2.5	1.1.1.1	0xa546	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Apr 25, 2024 23:53:53.838860989 CEST	192.168.2.5	1.1.1.1	0xd583	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.839354038 CEST	192.168.2.5	1.1.1.1	0xdd95	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 25, 2024 23:53:51.359580040 CEST	1.1.1.1	192.168.2.5	0xfbdd	No error (0)	quickchart.io			65	IN (0x0001)	false
Apr 25, 2024 23:53:51.359940052 CEST	1.1.1.1	192.168.2.5	0xfb0	No error (0)	quickchart.io		172.67.68.66	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:51.359940052 CEST	1.1.1.1	192.168.2.5	0xfb0	No error (0)	quickchart.io		104.26.5.221	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:51.359940052 CEST	1.1.1.1	192.168.2.5	0xfb0	No error (0)	quickchart.io		104.26.4.221	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.012911081 CEST	1.1.1.1	192.168.2.5	0x42c1	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.949115992 CEST	1.1.1.1	192.168.2.5	0xd583	No error (0)	www.google.com		108.177.122.106	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.949115992 CEST	1.1.1.1	192.168.2.5	0xd583	No error (0)	www.google.com		108.177.122.105	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.949115992 CEST	1.1.1.1	192.168.2.5	0xd583	No error (0)	www.google.com		108.177.122.103	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.949115992 CEST	1.1.1.1	192.168.2.5	0xd583	No error (0)	www.google.com		108.177.122.147	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.949115992 CEST	1.1.1.1	192.168.2.5	0xd583	No error (0)	www.google.com		108.177.122.104	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.949115992 CEST	1.1.1.1	192.168.2.5	0xd583	No error (0)	www.google.com		108.177.122.99	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:53:53.949480057 CEST	1.1.1.1	192.168.2.5	0xdd95	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 25, 2024 23:54:05.005938053 CEST	1.1.1.1	192.168.2.5	0x2a2	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 23:54:05.005938053 CEST	1.1.1.1	192.168.2.5	0x2a2	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:55:02.012312889 CEST	1.1.1.1	192.168.2.5	0xa7f1	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 25, 2024 23:55:02.012312889 CEST	1.1.1.1	192.168.2.5	0xa7f1	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

quickchart.io

https:

www.bing.com

a.nel.cloudflare.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	172.67.68.66	443	1164	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 21:53:51 UTC	774	OUT	GET /qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ== HTTP/1.1 Host: quickchart.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 21:53:52 UTC	876	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 21:53:52 GMT Content-Type: image/webp Content-Length: 606 Connection: close CF-Ray: 87a1917a99ca678a-ATL CF-Cache-Status: HIT Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: private, max-age=604800 Expires: Thu, 25 Apr 2024 21:52:09 GMT Last-Modified: Thu, 25 Apr 2024 21:52:10 GMT Vary: Accept access-control-allow-headers: * access-control-allow-methods: GET, POST alt-svc: h3=":443"; ma=86400 Cf-Bgj: imgq:100,h2pri Cf-Polished: origFmt=png, origSize=2461 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mlbpQobvVtec2Qi1XWZfLjf0Ob7d5iY46dBNwLNmQQc2IW1rGG%2B2%2FXwz43mf9bERegwzFkrzVKDG07mMGwX2V2pY0Bz9ElNj8ggl7r7vj7a7HELRgUGpFLMMVml9y88%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare
2024-04-25 21:53:52 UTC	493	IN	Data Raw: 52 49 46 46 56 02 00 00 57 45 42 50 56 50 38 4c 4a 02 00 00 2f 95 40 25 00 0f 30 ff f3 3f ff f3 1f 78 a0 e3 6c 7b 1b 49 fa 09 02 c3 b1 c5 74 0c 01 5e 61 3a 53 27 e2 55 c6 5c a0 84 4d 0b c5 6a 28 6d 48 17 58 73 15 ae 65 36 75 05 02 5c 93 4a 6b ff 06 08 7d a9 f0 af 4b 23 fa 3f 01 d8 31 fc 1f b1 44 3e 3c ba a0 fe 92 d4 f6 91 88 e5 cc f0 3e f4 07 a2 97 6c 8f a7 86 dd 94 d3 78 98 47 20 a9 e3 c9 25 71 f6 44 bf 84 25 be 13 97 f3 40 c4 e9 6b 25 0c 5e 87 7e 1a 51 ba 0d b1 41 90 25 aa dd 0f c3 7d 7d 99 6f a6 8f 44 82 00 d4 ac 96 19 9c c2 56 01 ec 34 2b f2 81 2e 96 0a ae c3 89 92 20 cc d5 41 1d 9b e7 f0 76 1b 2b b3 9c 78 24 07 a8 a5 52 ba 5a 57 0c e4 d8 09 35 e5 35 ba 97 5d 7f 2c 3a 09 8a 47 e7 61 b6 df 2a 99 a4 3e 07 58 0e 56 34 ce 43 d3 25 7d bd 8e d5 60 a7 19 1e Data Ascii: RIFFVWEBPVP8LJ/@%0?xl{It^a:S'U\Mj(mHXse6u\Jk}K#?1D><>lxG %qD%@k%^~QA%}}oDV4+. Av+x$RZW55],:Ga*>XV4C%}`
2024-04-25 21:53:52 UTC	113	IN	Data Raw: 39 91 9a 27 5a e0 99 fa b3 6b 24 68 b6 ae 26 cc 96 0a ae d0 c4 82 00 e8 b0 0d 17 b0 59 50 7d da cb 12 79 be 5d c6 5a 42 4f ef 9c 11 34 c3 57 be 3d 5c c0 e9 66 a9 9e 24 29 57 c3 16 9f 53 09 9f 06 a2 4e 58 36 e7 63 43 97 62 f3 24 4b a7 07 bb c0 a4 d5 be 2b 59 12 3c 90 57 eb d0 f5 db 57 d8 cd 12 e9 14 96 e8 5e e6 ab 3a 95 4e d0 8e ff f9 00 Data Ascii: 9'Zk$h&YP}y]ZBO4W=\f$)WSNX6cCb$K+Y<WW^:N

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49711	172.67.68.66	443	1164	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 21:53:52 UTC	700	OUT	GET /favicon.ico HTTP/1.1 Host: quickchart.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 21:53:52 UTC	716	IN	HTTP/1.1 404 Not Found Date: Thu, 25 Apr 2024 21:53:52 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: public, max-age=14400, must-revalidate Cache-Status: "Netlify Edge"; hit X-Nf-Request-Id: 01HWBM0B436RT45DV42HDV8B8R CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=51UWYJ1yzv%2BnpvLz4yiTRovIguO%2FEQs4WvKc9tJcoQd%2FNIbZT0uZodSqY3fh57OxpY0DJ%2F3UAy5tIAjMbLKfBa5L9xzSj9caKy8G%2B7wO9OZ371WOqnHDCkzAH2ymgao%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87a1917e7b95456c-ATL alt-svc: h3=":443"; ma=86400
2024-04-25 21:53:52 UTC	653	IN	Data Raw: 32 62 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 65 6d 3b 20 7d 0a 20 20 20 20 20 20 70 20 7b 20 66 6f 6e 74 2d Data Ascii: 2b1<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>404 Not Found</title><style> body { text-align: center; } h1 { font-size: 3em; } p { font-
2024-04-25 21:53:52 UTC	43	IN	Data Raw: 62 33 35 38 2d 7c 34 39 22 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: b358-\|49" defer></script></body></html>
2024-04-25 21:53:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49714	35.190.80.1	443	1164	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 21:53:53 UTC	534	OUT	OPTIONS /report/v4?s=51UWYJ1yzv%2BnpvLz4yiTRovIguO%2FEQs4WvKc9tJcoQd%2FNIbZT0uZodSqY3fh57OxpY0DJ%2F3UAy5tIAjMbLKfBa5L9xzSj9caKy8G%2B7wO9OZ371WOqnHDCkzAH2ymgao%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://quickchart.io Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 21:53:53 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Thu, 25 Apr 2024 21:53:53 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49715	35.190.80.1	443	1164	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 21:53:53 UTC	478	OUT	POST /report/v4?s=51UWYJ1yzv%2BnpvLz4yiTRovIguO%2FEQs4WvKc9tJcoQd%2FNIbZT0uZodSqY3fh57OxpY0DJ%2F3UAy5tIAjMbLKfBa5L9xzSj9caKy8G%2B7wO9OZ371WOqnHDCkzAH2ymgao%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 533 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 21:53:53 UTC	533	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 35 36 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 71 75 69 63 6b 63 68 61 72 74 2e 69 6f 2f 71 72 3f 74 65 78 74 3d 28 68 74 74 70 73 3a 68 74 74 70 73 3a 2f 2f 30 38 63 39 61 33 31 31 2e 63 35 32 38 37 39 34 30 38 34 64 64 34 61 62 31 30 32 36 36 61 39 61 37 2e 77 6f 72 6b 65 72 73 2e 64 65 76 2f 3f 71 72 63 3d 61 32 56 32 61 57 34 75 61 6d 46 6a 61 33 4e 76 62 6b 42 7a 59 57 35 70 64 47 46 79 61 58 56 74 4c 6d 4e 76 62 53 35 68 64 51 3d 3d 22 2c 22 73 61 6d 70 Data Ascii: [{"age":0,"body":{"elapsed_time":562,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==","samp
2024-04-25 21:53:54 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 25 Apr 2024 21:53:53 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49717	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-25 21:53:54 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-25 21:53:54 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=119344 Date: Thu, 25 Apr 2024 21:53:54 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49718	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-25 21:53:55 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-25 21:53:55 UTC	521	IN	HTTP/1.1 206 Partial Content Accept-Ranges: bytes ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/074E) X-CID: 11 Cache-Control: public, max-age=119342 Date: Thu, 25 Apr 2024 21:53:55 GMT Content-Range: bytes 0-54/55 Content-Length: 55 Connection: close X-CID: 2
2024-04-25 21:53:55 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49722	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-25 21:54:06 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714082013910&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-04-25 21:54:06 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-04-25 21:54:06 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-04-25 21:54:06 UTC	479	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: F03174CC4D9047F0BD971DA3AAAA3A8B Ref B: LAX311000112017 Ref C: 2024-04-25T21:54:06Z Date: Thu, 25 Apr 2024 21:54:06 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1714082046.d512164

Target ID:	0
Start time:	23:53:44
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	23:53:48
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2000,i,4081994991064466867,11333810919001882514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	23:53:50
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ=="
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ== HTTP/1.1Host: quickchart.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: quickchart.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: quickchart.io
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5656, Parent PID: 5540

General

Chronological Activities

Analysis Process: chrome.exePID: 1164, Parent PID: 5656

General

Chronological Activities

Windows Analysis Report
https://quickchart.io/qr?text=(https:https://08c9a311.c528794084dd4ab10266a9a7.workers.dev/?qrc=a2V2aW4uamFja3NvbkBzYW5pdGFyaXVtLmNvbS5hdQ==