Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://agent-data.service.itsupport247.net

Overview

General Information

Sample URL:http://agent-data.service.itsupport247.net
Analysis ID:1431979
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

No high impact signatures.

Classification

Analysis Advice

Joe Sandbox was unable to browse the URL (domain or webserver down or HTTPS issue), try to browse the URL again later
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,199900451331400863,10604163420401531897,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6384 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://agent-data.service.itsupport247.net" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: agent-data.service.itsupport247.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: classification engineClassification label: unknown0.win@18/0@4/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,199900451331400863,10604163420401531897,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://agent-data.service.itsupport247.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,199900451331400863,10604163420401531897,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://agent-data.service.itsupport247.net0%Avira URL Cloudsafe
http://agent-data.service.itsupport247.net0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
agent-data.service.itsupport247.net
44.210.167.18
truefalse
    		high
    www.google.com
    		142.250.217.196
    		truefalse
      		high
      fp2e7a.wpc.phicdn.net
      		192.229.211.108
      		truefalse
        		unknown
        windowsupdatebg.s.llnwi.net
        		208.111.136.0
        		truefalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          54.235.121.23
          		unknownUnited States
          		14618AMAZON-AESUSfalse
          142.250.217.196
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          34.237.210.58
          		unknownUnited States
          		14618AMAZON-AESUSfalse
          44.210.167.18
          		agent-data.service.itsupport247.netUnited States
          		14618AMAZON-AESUSfalse
          52.0.23.233
          		unknownUnited States
          		14618AMAZON-AESUSfalse

          Private

          IP
          192.168.2.4

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1431979
          Start date and time:2024-04-26 06:34:01 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 2m 10s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://agent-data.service.itsupport247.net
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:7
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:UNKNOWN
          Classification:unknown0.win@18/0@4/7
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • URL browsing timeout or error

          Errors

          • URL not reachable

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.189.131, 142.250.217.206, 173.194.216.84, 34.104.35.123, 23.197.24.154, 20.114.59.183, 208.111.136.0, 13.95.31.18, 192.229.211.108
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 26, 2024 06:34:46.890281916 CEST49675443192.168.2.4173.222.162.32
          Apr 26, 2024 06:34:55.862929106 CEST4973580192.168.2.444.210.167.18
          Apr 26, 2024 06:34:55.863390923 CEST4973680192.168.2.444.210.167.18
          Apr 26, 2024 06:34:55.971872091 CEST4973780192.168.2.444.210.167.18
          Apr 26, 2024 06:34:56.046305895 CEST804973544.210.167.18192.168.2.4
          Apr 26, 2024 06:34:56.047533989 CEST804973644.210.167.18192.168.2.4
          Apr 26, 2024 06:34:56.156172037 CEST804973744.210.167.18192.168.2.4
          Apr 26, 2024 06:34:56.497863054 CEST49675443192.168.2.4173.222.162.32
          Apr 26, 2024 06:34:56.562247038 CEST4973580192.168.2.444.210.167.18
          Apr 26, 2024 06:34:56.565658092 CEST4973680192.168.2.444.210.167.18
          Apr 26, 2024 06:34:56.670523882 CEST4973780192.168.2.444.210.167.18
          Apr 26, 2024 06:34:56.745064020 CEST804973544.210.167.18192.168.2.4
          Apr 26, 2024 06:34:56.749500036 CEST804973644.210.167.18192.168.2.4
          Apr 26, 2024 06:34:56.853893042 CEST804973744.210.167.18192.168.2.4
          Apr 26, 2024 06:34:57.249629974 CEST4973580192.168.2.444.210.167.18
          Apr 26, 2024 06:34:57.250242949 CEST4973680192.168.2.444.210.167.18
          Apr 26, 2024 06:34:57.357534885 CEST4973780192.168.2.444.210.167.18
          Apr 26, 2024 06:34:57.432744026 CEST804973544.210.167.18192.168.2.4
          Apr 26, 2024 06:34:57.434369087 CEST804973644.210.167.18192.168.2.4
          Apr 26, 2024 06:34:57.541328907 CEST804973744.210.167.18192.168.2.4
          Apr 26, 2024 06:34:57.935775042 CEST4973580192.168.2.444.210.167.18
          Apr 26, 2024 06:34:57.935831070 CEST4973680192.168.2.444.210.167.18
          Apr 26, 2024 06:34:58.046775103 CEST4973780192.168.2.444.210.167.18
          Apr 26, 2024 06:34:58.118662119 CEST804973544.210.167.18192.168.2.4
          Apr 26, 2024 06:34:58.119781017 CEST804973644.210.167.18192.168.2.4
          Apr 26, 2024 06:34:58.205190897 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:34:58.205240011 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:34:58.205319881 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:34:58.205883980 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:34:58.205899000 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:34:58.230649948 CEST804973744.210.167.18192.168.2.4
          Apr 26, 2024 06:34:58.578440905 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:34:58.583879948 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:34:58.583899021 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:34:58.584875107 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:34:58.584942102 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:34:58.588426113 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:34:58.588500977 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:34:58.624213934 CEST4973580192.168.2.444.210.167.18
          Apr 26, 2024 06:34:58.624241114 CEST4973680192.168.2.444.210.167.18
          Apr 26, 2024 06:34:58.640218973 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:34:58.640233994 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:34:58.685466051 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:34:58.733046055 CEST4973780192.168.2.444.210.167.18
          Apr 26, 2024 06:34:58.809391975 CEST804973544.210.167.18192.168.2.4
          Apr 26, 2024 06:34:58.809864998 CEST804973644.210.167.18192.168.2.4
          Apr 26, 2024 06:34:58.810900927 CEST4974180192.168.2.452.0.23.233
          Apr 26, 2024 06:34:58.811216116 CEST4974280192.168.2.452.0.23.233
          Apr 26, 2024 06:34:58.916841984 CEST804973744.210.167.18192.168.2.4
          Apr 26, 2024 06:34:58.917732000 CEST4974480192.168.2.452.0.23.233
          Apr 26, 2024 06:34:58.995018005 CEST804974152.0.23.233192.168.2.4
          Apr 26, 2024 06:34:58.995377064 CEST804974252.0.23.233192.168.2.4
          Apr 26, 2024 06:34:59.101711035 CEST804974452.0.23.233192.168.2.4
          Apr 26, 2024 06:34:59.504060984 CEST4974180192.168.2.452.0.23.233
          Apr 26, 2024 06:34:59.504208088 CEST4974280192.168.2.452.0.23.233
          Apr 26, 2024 06:34:59.615072966 CEST4974480192.168.2.452.0.23.233
          Apr 26, 2024 06:34:59.688174963 CEST804974152.0.23.233192.168.2.4
          Apr 26, 2024 06:34:59.688559055 CEST804974252.0.23.233192.168.2.4
          Apr 26, 2024 06:34:59.798710108 CEST804974452.0.23.233192.168.2.4
          Apr 26, 2024 06:35:00.202799082 CEST4974180192.168.2.452.0.23.233
          Apr 26, 2024 06:35:00.202836037 CEST4974280192.168.2.452.0.23.233
          Apr 26, 2024 06:35:00.310652971 CEST4974480192.168.2.452.0.23.233
          Apr 26, 2024 06:35:00.387458086 CEST804974152.0.23.233192.168.2.4
          Apr 26, 2024 06:35:00.388217926 CEST804974252.0.23.233192.168.2.4
          Apr 26, 2024 06:35:00.494419098 CEST804974452.0.23.233192.168.2.4
          Apr 26, 2024 06:35:00.891751051 CEST4974180192.168.2.452.0.23.233
          Apr 26, 2024 06:35:00.891810894 CEST4974280192.168.2.452.0.23.233
          Apr 26, 2024 06:35:01.002770901 CEST4974480192.168.2.452.0.23.233
          Apr 26, 2024 06:35:01.075809002 CEST804974152.0.23.233192.168.2.4
          Apr 26, 2024 06:35:01.076423883 CEST804974252.0.23.233192.168.2.4
          Apr 26, 2024 06:35:01.186404943 CEST804974452.0.23.233192.168.2.4
          Apr 26, 2024 06:35:01.577976942 CEST4974180192.168.2.452.0.23.233
          Apr 26, 2024 06:35:01.578263044 CEST4974280192.168.2.452.0.23.233
          Apr 26, 2024 06:35:01.688121080 CEST4974480192.168.2.452.0.23.233
          Apr 26, 2024 06:35:01.761991978 CEST804974152.0.23.233192.168.2.4
          Apr 26, 2024 06:35:01.762434006 CEST4974680192.168.2.454.235.121.23
          Apr 26, 2024 06:35:01.762628078 CEST804974252.0.23.233192.168.2.4
          Apr 26, 2024 06:35:01.762895107 CEST4974780192.168.2.454.235.121.23
          Apr 26, 2024 06:35:01.872064114 CEST804974452.0.23.233192.168.2.4
          Apr 26, 2024 06:35:01.902215958 CEST4974880192.168.2.454.235.121.23
          Apr 26, 2024 06:35:01.946579933 CEST804974654.235.121.23192.168.2.4
          Apr 26, 2024 06:35:01.948240995 CEST804974754.235.121.23192.168.2.4
          Apr 26, 2024 06:35:02.087431908 CEST804974854.235.121.23192.168.2.4
          Apr 26, 2024 06:35:02.455256939 CEST4974780192.168.2.454.235.121.23
          Apr 26, 2024 06:35:02.455533981 CEST4974680192.168.2.454.235.121.23
          Apr 26, 2024 06:35:02.593467951 CEST4974880192.168.2.454.235.121.23
          Apr 26, 2024 06:35:02.639060974 CEST804974654.235.121.23192.168.2.4
          Apr 26, 2024 06:35:02.639851093 CEST804974754.235.121.23192.168.2.4
          Apr 26, 2024 06:35:02.777566910 CEST804974854.235.121.23192.168.2.4
          Apr 26, 2024 06:35:03.141634941 CEST4974680192.168.2.454.235.121.23
          Apr 26, 2024 06:35:03.141663074 CEST4974780192.168.2.454.235.121.23
          Apr 26, 2024 06:35:03.284454107 CEST4974880192.168.2.454.235.121.23
          Apr 26, 2024 06:35:03.325360060 CEST804974654.235.121.23192.168.2.4
          Apr 26, 2024 06:35:03.326241970 CEST804974754.235.121.23192.168.2.4
          Apr 26, 2024 06:35:03.469315052 CEST804974854.235.121.23192.168.2.4
          Apr 26, 2024 06:35:03.827553034 CEST4974680192.168.2.454.235.121.23
          Apr 26, 2024 06:35:03.827652931 CEST4974780192.168.2.454.235.121.23
          Apr 26, 2024 06:35:03.970163107 CEST4974880192.168.2.454.235.121.23
          Apr 26, 2024 06:35:04.011473894 CEST804974654.235.121.23192.168.2.4
          Apr 26, 2024 06:35:04.011981010 CEST804974754.235.121.23192.168.2.4
          Apr 26, 2024 06:35:04.155169010 CEST804974854.235.121.23192.168.2.4
          Apr 26, 2024 06:35:04.529844046 CEST4974780192.168.2.454.235.121.23
          Apr 26, 2024 06:35:04.529859066 CEST4974680192.168.2.454.235.121.23
          Apr 26, 2024 06:35:04.670478106 CEST4974880192.168.2.454.235.121.23
          Apr 26, 2024 06:35:04.714278936 CEST804974654.235.121.23192.168.2.4
          Apr 26, 2024 06:35:04.714323044 CEST804974754.235.121.23192.168.2.4
          Apr 26, 2024 06:35:04.714894056 CEST4974980192.168.2.434.237.210.58
          Apr 26, 2024 06:35:04.715169907 CEST4975080192.168.2.434.237.210.58
          Apr 26, 2024 06:35:04.854754925 CEST804974854.235.121.23192.168.2.4
          Apr 26, 2024 06:35:04.897854090 CEST804974934.237.210.58192.168.2.4
          Apr 26, 2024 06:35:04.898346901 CEST804975034.237.210.58192.168.2.4
          Apr 26, 2024 06:35:05.393207073 CEST4975180192.168.2.434.237.210.58
          Apr 26, 2024 06:35:05.401774883 CEST4974980192.168.2.434.237.210.58
          Apr 26, 2024 06:35:05.401897907 CEST4975080192.168.2.434.237.210.58
          Apr 26, 2024 06:35:05.582216024 CEST804975134.237.210.58192.168.2.4
          Apr 26, 2024 06:35:05.594512939 CEST804974934.237.210.58192.168.2.4
          Apr 26, 2024 06:35:05.594558001 CEST804975034.237.210.58192.168.2.4
          Apr 26, 2024 06:35:06.096921921 CEST4975180192.168.2.434.237.210.58
          Apr 26, 2024 06:35:06.096925974 CEST4974980192.168.2.434.237.210.58
          Apr 26, 2024 06:35:06.097908974 CEST4975080192.168.2.434.237.210.58
          Apr 26, 2024 06:35:06.280342102 CEST804974934.237.210.58192.168.2.4
          Apr 26, 2024 06:35:06.281265020 CEST804975034.237.210.58192.168.2.4
          Apr 26, 2024 06:35:06.281342030 CEST804975134.237.210.58192.168.2.4
          Apr 26, 2024 06:35:06.783112049 CEST4974980192.168.2.434.237.210.58
          Apr 26, 2024 06:35:06.783113956 CEST4975180192.168.2.434.237.210.58
          Apr 26, 2024 06:35:06.783128977 CEST4975080192.168.2.434.237.210.58
          Apr 26, 2024 06:35:06.966974020 CEST804975034.237.210.58192.168.2.4
          Apr 26, 2024 06:35:06.967187881 CEST804974934.237.210.58192.168.2.4
          Apr 26, 2024 06:35:06.967535019 CEST804975134.237.210.58192.168.2.4
          Apr 26, 2024 06:35:07.467024088 CEST4975080192.168.2.434.237.210.58
          Apr 26, 2024 06:35:07.477382898 CEST4975180192.168.2.434.237.210.58
          Apr 26, 2024 06:35:07.477487087 CEST4974980192.168.2.434.237.210.58
          Apr 26, 2024 06:35:07.651194096 CEST804975034.237.210.58192.168.2.4
          Apr 26, 2024 06:35:07.660950899 CEST804974934.237.210.58192.168.2.4
          Apr 26, 2024 06:35:07.661696911 CEST804975134.237.210.58192.168.2.4
          Apr 26, 2024 06:35:08.169786930 CEST4975180192.168.2.434.237.210.58
          Apr 26, 2024 06:35:08.365467072 CEST804975134.237.210.58192.168.2.4
          Apr 26, 2024 06:35:08.575989962 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:35:08.576174021 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:35:08.576575041 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:35:09.086633921 CEST49740443192.168.2.4142.250.217.196
          Apr 26, 2024 06:35:09.086666107 CEST44349740142.250.217.196192.168.2.4
          Apr 26, 2024 06:35:09.088272095 CEST4975280192.168.2.444.210.167.18
          Apr 26, 2024 06:35:09.088911057 CEST4975380192.168.2.444.210.167.18
          Apr 26, 2024 06:35:09.272247076 CEST804975244.210.167.18192.168.2.4
          Apr 26, 2024 06:35:09.272872925 CEST804975344.210.167.18192.168.2.4
          Apr 26, 2024 06:35:09.343750000 CEST4975480192.168.2.444.210.167.18
          Apr 26, 2024 06:35:09.543992996 CEST804975444.210.167.18192.168.2.4
          Apr 26, 2024 06:35:09.781174898 CEST4975280192.168.2.444.210.167.18
          Apr 26, 2024 06:35:09.781182051 CEST4975380192.168.2.444.210.167.18
          Apr 26, 2024 06:35:09.964704990 CEST804975244.210.167.18192.168.2.4
          Apr 26, 2024 06:35:09.965024948 CEST804975344.210.167.18192.168.2.4
          Apr 26, 2024 06:35:10.045978069 CEST4975480192.168.2.444.210.167.18
          Apr 26, 2024 06:35:10.229334116 CEST804975444.210.167.18192.168.2.4
          Apr 26, 2024 06:35:10.476603985 CEST4975380192.168.2.444.210.167.18
          Apr 26, 2024 06:35:10.476608038 CEST4975280192.168.2.444.210.167.18
          Apr 26, 2024 06:35:10.679681063 CEST804975244.210.167.18192.168.2.4
          Apr 26, 2024 06:35:10.679755926 CEST804975344.210.167.18192.168.2.4
          Apr 26, 2024 06:35:10.732786894 CEST4975480192.168.2.444.210.167.18
          Apr 26, 2024 06:35:10.916953087 CEST804975444.210.167.18192.168.2.4
          Apr 26, 2024 06:35:11.180093050 CEST4975280192.168.2.444.210.167.18
          Apr 26, 2024 06:35:11.181433916 CEST4975380192.168.2.444.210.167.18
          Apr 26, 2024 06:35:11.363820076 CEST804975244.210.167.18192.168.2.4
          Apr 26, 2024 06:35:11.365350008 CEST804975344.210.167.18192.168.2.4
          Apr 26, 2024 06:35:11.420145988 CEST4975480192.168.2.444.210.167.18
          Apr 26, 2024 06:35:11.603156090 CEST804975444.210.167.18192.168.2.4
          Apr 26, 2024 06:35:11.878130913 CEST4975280192.168.2.444.210.167.18
          Apr 26, 2024 06:35:11.878156900 CEST4975380192.168.2.444.210.167.18
          Apr 26, 2024 06:35:12.065090895 CEST804975244.210.167.18192.168.2.4
          Apr 26, 2024 06:35:12.065104961 CEST804975344.210.167.18192.168.2.4
          Apr 26, 2024 06:35:12.065526962 CEST4975880192.168.2.452.0.23.233
          Apr 26, 2024 06:35:12.065628052 CEST4975980192.168.2.452.0.23.233
          Apr 26, 2024 06:35:12.114732027 CEST4975480192.168.2.444.210.167.18
          Apr 26, 2024 06:35:12.249211073 CEST804975852.0.23.233192.168.2.4
          Apr 26, 2024 06:35:12.249356031 CEST804975952.0.23.233192.168.2.4
          Apr 26, 2024 06:35:12.297835112 CEST804975444.210.167.18192.168.2.4
          Apr 26, 2024 06:35:12.298197985 CEST4976180192.168.2.452.0.23.233
          Apr 26, 2024 06:35:12.482486010 CEST804976152.0.23.233192.168.2.4
          Apr 26, 2024 06:35:12.763617039 CEST4975980192.168.2.452.0.23.233
          Apr 26, 2024 06:35:12.763632059 CEST4975880192.168.2.452.0.23.233
          Apr 26, 2024 06:35:12.947503090 CEST804975852.0.23.233192.168.2.4
          Apr 26, 2024 06:35:12.947520971 CEST804975952.0.23.233192.168.2.4
          Apr 26, 2024 06:35:12.984874010 CEST4976180192.168.2.452.0.23.233
          Apr 26, 2024 06:35:13.169137955 CEST804976152.0.23.233192.168.2.4
          Apr 26, 2024 06:35:13.461680889 CEST4975980192.168.2.452.0.23.233
          Apr 26, 2024 06:35:13.461767912 CEST4975880192.168.2.452.0.23.233
          Apr 26, 2024 06:35:13.645502090 CEST804975852.0.23.233192.168.2.4
          Apr 26, 2024 06:35:13.645826101 CEST804975952.0.23.233192.168.2.4
          Apr 26, 2024 06:35:13.682168007 CEST4976180192.168.2.452.0.23.233
          Apr 26, 2024 06:35:13.866606951 CEST804976152.0.23.233192.168.2.4
          Apr 26, 2024 06:35:14.146090984 CEST4975880192.168.2.452.0.23.233
          Apr 26, 2024 06:35:14.158056021 CEST4975980192.168.2.452.0.23.233
          Apr 26, 2024 06:35:14.329566956 CEST804975852.0.23.233192.168.2.4
          Apr 26, 2024 06:35:14.341624975 CEST804975952.0.23.233192.168.2.4
          Apr 26, 2024 06:35:14.377378941 CEST4976180192.168.2.452.0.23.233
          Apr 26, 2024 06:35:14.561789036 CEST804976152.0.23.233192.168.2.4
          Apr 26, 2024 06:35:14.843317986 CEST4975980192.168.2.452.0.23.233
          Apr 26, 2024 06:35:14.843332052 CEST4975880192.168.2.452.0.23.233
          Apr 26, 2024 06:35:15.027122021 CEST804975852.0.23.233192.168.2.4
          Apr 26, 2024 06:35:15.027618885 CEST4976380192.168.2.454.235.121.23
          Apr 26, 2024 06:35:15.027715921 CEST804975952.0.23.233192.168.2.4
          Apr 26, 2024 06:35:15.028192997 CEST4976480192.168.2.454.235.121.23
          Apr 26, 2024 06:35:15.061846018 CEST4976180192.168.2.452.0.23.233
          Apr 26, 2024 06:35:15.212301016 CEST804976354.235.121.23192.168.2.4
          Apr 26, 2024 06:35:15.212318897 CEST804976454.235.121.23192.168.2.4
          Apr 26, 2024 06:35:15.246193886 CEST804976152.0.23.233192.168.2.4
          Apr 26, 2024 06:35:15.246918917 CEST4976580192.168.2.454.235.121.23
          Apr 26, 2024 06:35:15.431436062 CEST804976554.235.121.23192.168.2.4
          Apr 26, 2024 06:35:15.720402956 CEST4976380192.168.2.454.235.121.23
          Apr 26, 2024 06:35:15.720412016 CEST4976480192.168.2.454.235.121.23
          Apr 26, 2024 06:35:15.905119896 CEST804976354.235.121.23192.168.2.4
          Apr 26, 2024 06:35:15.905317068 CEST804976454.235.121.23192.168.2.4
          Apr 26, 2024 06:35:15.943546057 CEST4976580192.168.2.454.235.121.23
          Apr 26, 2024 06:35:16.127986908 CEST804976554.235.121.23192.168.2.4
          Apr 26, 2024 06:35:16.405486107 CEST4976380192.168.2.454.235.121.23
          Apr 26, 2024 06:35:16.420903921 CEST4976480192.168.2.454.235.121.23
          Apr 26, 2024 06:35:16.589880943 CEST804976354.235.121.23192.168.2.4
          Apr 26, 2024 06:35:16.605889082 CEST804976454.235.121.23192.168.2.4
          Apr 26, 2024 06:35:16.639707088 CEST4976580192.168.2.454.235.121.23
          Apr 26, 2024 06:35:16.824080944 CEST804976554.235.121.23192.168.2.4
          Apr 26, 2024 06:35:17.094518900 CEST4976380192.168.2.454.235.121.23
          Apr 26, 2024 06:35:17.108155966 CEST4976480192.168.2.454.235.121.23
          Apr 26, 2024 06:35:17.279326916 CEST804976354.235.121.23192.168.2.4
          Apr 26, 2024 06:35:17.292402983 CEST804976454.235.121.23192.168.2.4
          Apr 26, 2024 06:35:17.330893040 CEST4976580192.168.2.454.235.121.23
          Apr 26, 2024 06:35:17.515328884 CEST804976554.235.121.23192.168.2.4
          Apr 26, 2024 06:35:17.780364990 CEST4976380192.168.2.454.235.121.23
          Apr 26, 2024 06:35:17.796082973 CEST4976480192.168.2.454.235.121.23
          Apr 26, 2024 06:35:17.964709997 CEST804976354.235.121.23192.168.2.4
          Apr 26, 2024 06:35:17.965277910 CEST4976680192.168.2.434.237.210.58
          Apr 26, 2024 06:35:17.980350018 CEST804976454.235.121.23192.168.2.4
          Apr 26, 2024 06:35:17.981148958 CEST4976780192.168.2.434.237.210.58
          Apr 26, 2024 06:35:18.030378103 CEST4976580192.168.2.454.235.121.23
          Apr 26, 2024 06:35:18.149899960 CEST804976634.237.210.58192.168.2.4
          Apr 26, 2024 06:35:18.164979935 CEST804976734.237.210.58192.168.2.4
          Apr 26, 2024 06:35:18.214907885 CEST804976554.235.121.23192.168.2.4
          Apr 26, 2024 06:35:18.215457916 CEST4976880192.168.2.434.237.210.58
          Apr 26, 2024 06:35:18.399470091 CEST804976834.237.210.58192.168.2.4
          Apr 26, 2024 06:35:18.656526089 CEST4976680192.168.2.434.237.210.58
          Apr 26, 2024 06:35:18.672534943 CEST4976780192.168.2.434.237.210.58
          Apr 26, 2024 06:35:18.840135098 CEST804976634.237.210.58192.168.2.4
          Apr 26, 2024 06:35:18.857533932 CEST804976734.237.210.58192.168.2.4
          Apr 26, 2024 06:35:18.912597895 CEST4976880192.168.2.434.237.210.58
          Apr 26, 2024 06:35:19.096518993 CEST804976834.237.210.58192.168.2.4
          Apr 26, 2024 06:35:19.342185974 CEST4976680192.168.2.434.237.210.58
          Apr 26, 2024 06:35:19.357228041 CEST4976780192.168.2.434.237.210.58
          Apr 26, 2024 06:35:19.525710106 CEST804976634.237.210.58192.168.2.4
          Apr 26, 2024 06:35:19.541074991 CEST804976734.237.210.58192.168.2.4
          Apr 26, 2024 06:35:19.607819080 CEST4976880192.168.2.434.237.210.58
          Apr 26, 2024 06:35:19.793131113 CEST804976834.237.210.58192.168.2.4
          Apr 26, 2024 06:35:20.033396006 CEST4976680192.168.2.434.237.210.58
          Apr 26, 2024 06:35:20.049021006 CEST4976780192.168.2.434.237.210.58
          Apr 26, 2024 06:35:20.217092037 CEST804976634.237.210.58192.168.2.4
          Apr 26, 2024 06:35:20.233186960 CEST804976734.237.210.58192.168.2.4
          Apr 26, 2024 06:35:20.297981977 CEST4976880192.168.2.434.237.210.58
          Apr 26, 2024 06:35:20.481509924 CEST804976834.237.210.58192.168.2.4
          Apr 26, 2024 06:35:20.719674110 CEST4976680192.168.2.434.237.210.58
          Apr 26, 2024 06:35:20.735758066 CEST4976780192.168.2.434.237.210.58
          Apr 26, 2024 06:35:20.903889894 CEST804976634.237.210.58192.168.2.4
          Apr 26, 2024 06:35:20.920080900 CEST804976734.237.210.58192.168.2.4
          Apr 26, 2024 06:35:20.987296104 CEST4976880192.168.2.434.237.210.58
          Apr 26, 2024 06:35:21.173429012 CEST804976834.237.210.58192.168.2.4

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 26, 2024 06:34:53.904781103 CEST53544441.1.1.1192.168.2.4
          Apr 26, 2024 06:34:53.955517054 CEST53546591.1.1.1192.168.2.4
          Apr 26, 2024 06:34:55.040520906 CEST53611811.1.1.1192.168.2.4
          Apr 26, 2024 06:34:55.712513924 CEST5698353192.168.2.41.1.1.1
          Apr 26, 2024 06:34:55.712665081 CEST5168853192.168.2.41.1.1.1
          Apr 26, 2024 06:34:55.860876083 CEST53569831.1.1.1192.168.2.4
          Apr 26, 2024 06:34:55.861881971 CEST53516881.1.1.1192.168.2.4
          Apr 26, 2024 06:34:57.621407986 CEST5381753192.168.2.41.1.1.1
          Apr 26, 2024 06:34:57.621970892 CEST5889253192.168.2.41.1.1.1
          Apr 26, 2024 06:34:57.769434929 CEST53588921.1.1.1192.168.2.4
          Apr 26, 2024 06:34:57.769495964 CEST53538171.1.1.1192.168.2.4
          Apr 26, 2024 06:35:12.693732023 CEST53529021.1.1.1192.168.2.4
          Apr 26, 2024 06:35:14.461496115 CEST138138192.168.2.4192.168.2.255

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Apr 26, 2024 06:34:55.712513924 CEST192.168.2.41.1.1.10x3cb1Standard query (0)agent-data.service.itsupport247.netA (IP address)IN (0x0001)false
          Apr 26, 2024 06:34:55.712665081 CEST192.168.2.41.1.1.10x8bcaStandard query (0)agent-data.service.itsupport247.net65IN (0x0001)false
          Apr 26, 2024 06:34:57.621407986 CEST192.168.2.41.1.1.10x43f6Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Apr 26, 2024 06:34:57.621970892 CEST192.168.2.41.1.1.10xbb9fStandard query (0)www.google.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Apr 26, 2024 06:34:55.860876083 CEST1.1.1.1192.168.2.40x3cb1No error (0)agent-data.service.itsupport247.net44.210.167.18A (IP address)IN (0x0001)false
          Apr 26, 2024 06:34:55.860876083 CEST1.1.1.1192.168.2.40x3cb1No error (0)agent-data.service.itsupport247.net52.0.23.233A (IP address)IN (0x0001)false
          Apr 26, 2024 06:34:55.860876083 CEST1.1.1.1192.168.2.40x3cb1No error (0)agent-data.service.itsupport247.net54.235.121.23A (IP address)IN (0x0001)false
          Apr 26, 2024 06:34:55.860876083 CEST1.1.1.1192.168.2.40x3cb1No error (0)agent-data.service.itsupport247.net34.237.210.58A (IP address)IN (0x0001)false
          Apr 26, 2024 06:34:57.769434929 CEST1.1.1.1192.168.2.40xbb9fNo error (0)www.google.com65IN (0x0001)false
          Apr 26, 2024 06:34:57.769495964 CEST1.1.1.1192.168.2.40x43f6No error (0)www.google.com142.250.217.196A (IP address)IN (0x0001)false
          Apr 26, 2024 06:35:10.701162100 CEST1.1.1.1192.168.2.40x51b8No error (0)windowsupdatebg.s.llnwi.net208.111.136.0A (IP address)IN (0x0001)false
          Apr 26, 2024 06:35:12.227992058 CEST1.1.1.1192.168.2.40x6dd9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Apr 26, 2024 06:35:12.227992058 CEST1.1.1.1192.168.2.40x6dd9No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:06:34:49
          Start date:26/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:06:34:51
          Start date:26/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,199900451331400863,10604163420401531897,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:06:34:54
          Start date:26/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://agent-data.service.itsupport247.net"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly