Edit tour

Windows Analysis Report
https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg

Overview

General Information

Sample URL:	https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg
Analysis ID:	1433167
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2056,i,15730607251357712271,6665821697192158328,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.203.40.158:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.203.40.158:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49719 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.40.158
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /images/Castelli-adventures_01.jpg HTTP/1.1Host: mms-media.s3.us-west-004.backblazeb2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mms-media.s3.us-west-004.backblazeb2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yaMp1xXfWFfXByd&MD=RXrsNt5c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yaMp1xXfWFfXByd&MD=RXrsNt5c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: mms-media.s3.us-west-004.backblazeb2.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 23.203.40.158:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.203.40.158:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49719 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/2@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2056,i,15730607251357712271,6665821697192158328,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2056,i,15730607251357712271,6665821697192158328,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://mms-media.s3.us-west-004.backblazeb2.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
mms-media.s3.us-west-004.backblazeb2.com	149.137.130.10	true	false	unknown
www.google.com	142.250.191.132	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg	false		unknown
https://mms-media.s3.us-west-004.backblazeb2.com/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
149.137.130.10	mms-media.s3.us-west-004.backblazeb2.com	United States	30103	ZOOM-VIDEO-COMM-ASUS	false
142.250.191.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1433167
Start date and time:	2024-04-29 10:23:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/2@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.190.35, 142.250.190.142, 142.250.123.84, 34.104.35.123, 23.52.42.50, 23.52.42.44, 23.52.42.49, 23.52.42.46, 23.52.42.47, 23.52.42.43, 23.52.42.39, 23.52.42.48, 23.52.42.45, 192.229.211.108, 13.95.31.18, 52.165.164.15, 142.250.191.163, 199.232.214.172
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x941, components 3
Category:	downloaded
Size (bytes):	143505
Entropy (8bit):	7.959428124029648
Encrypted:	false
SSDEEP:	3072:7jygQnn5VTqBqx4Nf6UX7YVr9SZ4O3Ryu/dUcGKadpLpWbwM9x:7GgQnn5VRx4V6NrEZTDG/RpWb5x
MD5:	C0A3267A9ADB8B3C310EC8E5579E5811
SHA1:	998707B6D42EF9142D957B598E3D8479948639B3
SHA-256:	527CEBE8AF95D01D3779DB3A09FAFDFAD1CE512FFD18EE61DA1AADF35111A86D
SHA-512:	0C857F6D8DCF060B17804D475C21B28C8EAA05BD2BA4331A4A7FDA894CAE54059FAA7125AB68B75A8F08D481FD1BA251EEB28E5042C9377E229C9D3D783E19CE
Malicious:	false
Reputation:	low
URL:	https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg
Preview:	......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c002 79.f354efc70, 2023/11/09-12:05:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:66a228d8-d62e-4499-af99-f47c57f77227" xmpMM:DocumentID="xmp.did:4A51EB33F02511EEB4D9E076D17C5271" xmpMM:InstanceID="xmp.iid:4A51EB32F02511EEB4D9E076D17C5271" xmp:CreatorTool="Adobe Photoshop 25.4 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:66a228d8-d62e-4499-af99-f47c57f77227" stRef:documentID="xmp.did:66a228d8-d62e-4499-af99-f47c57f77227"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 29, 2024 10:23:49.813632965 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 29, 2024 10:23:49.826750040 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 29, 2024 10:23:50.141766071 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 29, 2024 10:23:59.421710014 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 29, 2024 10:23:59.437308073 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 29, 2024 10:23:59.754170895 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 29, 2024 10:23:59.879023075 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:23:59.879065037 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:23:59.879326105 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:23:59.879545927 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:23:59.879580975 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:23:59.879633904 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:23:59.879821062 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:23:59.879837990 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:23:59.879982948 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:23:59.879996061 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.203823090 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.205589056 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.208376884 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.208399057 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.208513975 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.208525896 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.209512949 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.209575891 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.210112095 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.210208893 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.213228941 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.213314056 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.213898897 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.213993073 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.214126110 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.214135885 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.266336918 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.266344070 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.266356945 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.313076019 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.559312105 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.559344053 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.559351921 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.559374094 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.559444904 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.559480906 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.590329885 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.590466022 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.590481043 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.632971048 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.692533970 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.692544937 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.692570925 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.692601919 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.692647934 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.723571062 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.723577976 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.723644972 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.723663092 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.760056019 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.760063887 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.760123014 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.760140896 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.791227102 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.791235924 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.791259050 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.791277885 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.791304111 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.791346073 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.832803011 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.832812071 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.832830906 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.832851887 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.832870960 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.832911015 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.850758076 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.850765944 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.850786924 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.850806952 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.850822926 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.850863934 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.869940996 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.869949102 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.869967937 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.869990110 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.870033026 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.895534992 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.895543098 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.895601034 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.895617008 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.914596081 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.914603949 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.914659023 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.914678097 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.936724901 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.936733961 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.936789989 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.936810970 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.954632044 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.954639912 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.954663038 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.954679012 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.954691887 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.954719067 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.971594095 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.971602917 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.971630096 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.971657991 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.971674919 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.971698046 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.987813950 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.987822056 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:00.987867117 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:00.987880945 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.002336979 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.002345085 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.002370119 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.002465010 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.002481937 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.012799025 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.012808084 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.012831926 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.012882948 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.012898922 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.012923956 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.019628048 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.019701958 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.019718885 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.019767046 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.074228048 CEST	49706	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.074253082 CEST	443	49706	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.122718096 CEST	443	49698	173.222.162.64	192.168.2.6
Apr 29, 2024 10:24:01.122827053 CEST	49698	443	192.168.2.6	173.222.162.64
Apr 29, 2024 10:24:01.232584000 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.276156902 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.394054890 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.394253016 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.394308090 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.395673990 CEST	49705	443	192.168.2.6	149.137.130.10
Apr 29, 2024 10:24:01.395693064 CEST	443	49705	149.137.130.10	192.168.2.6
Apr 29, 2024 10:24:01.915404081 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:01.915446997 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:01.915518999 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:01.916479111 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:01.916495085 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:01.980915070 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:01.980937958 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:01.981004953 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:02.060992002 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:02.061011076 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:02.163644075 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:02.196116924 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:02.196134090 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:02.200187922 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:02.200253010 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:02.242182016 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:02.242356062 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:02.291471958 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:02.291548967 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:02.358720064 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:02.358753920 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:02.546130896 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:02.634057045 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:02.634080887 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:02.634429932 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:02.840131044 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:02.841166973 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:04.565642118 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:04.608123064 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:04.677722931 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:04.677818060 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:04.677870035 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:05.614625931 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:05.614655972 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:05.614698887 CEST	49709	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:05.614705086 CEST	443	49709	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.484368086 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:07.484419107 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.484489918 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:07.484740973 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:07.484754086 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.709366083 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.709444046 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:07.710591078 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:07.710597038 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.710834980 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.711903095 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:07.756130934 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.929411888 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.929493904 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:07.929543018 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:08.027154922 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:08.027168036 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:08.027188063 CEST	49710	443	192.168.2.6	23.203.40.158
Apr 29, 2024 10:24:08.027193069 CEST	443	49710	23.203.40.158	192.168.2.6
Apr 29, 2024 10:24:09.878428936 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:09.878458023 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:09.878551960 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:09.879573107 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:09.879586935 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:10.287817001 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:10.287898064 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:10.340708017 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:10.340727091 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:10.340992928 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:10.390269995 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:10.937642097 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:10.980161905 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.199932098 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.199956894 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.199963093 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.199978113 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.200010061 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:11.200016975 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.200031996 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.200056076 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:11.200062037 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.200076103 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:11.200083017 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.200109005 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:11.200119019 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:11.200122118 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.200146914 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.200185061 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:11.462512016 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:11.462527037 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:11.462538958 CEST	49712	443	192.168.2.6	20.12.23.50
Apr 29, 2024 10:24:11.462543964 CEST	443	49712	20.12.23.50	192.168.2.6
Apr 29, 2024 10:24:12.182141066 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:12.182204008 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:12.182249069 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:13.282555103 CEST	49708	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:24:13.282572031 CEST	443	49708	142.250.191.132	192.168.2.6
Apr 29, 2024 10:24:48.119405031 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.119452000 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.119543076 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.119896889 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.119911909 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.526860952 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.526941061 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.530910969 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.530922890 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.531153917 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.540580988 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.584121943 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916376114 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916466951 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916507959 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916526079 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.916553020 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916570902 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.916598082 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.916671038 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916708946 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916735888 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.916742086 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916822910 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.916827917 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.916922092 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.917133093 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.920119047 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.920135021 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:24:48.920145035 CEST	49719	443	192.168.2.6	52.165.165.26
Apr 29, 2024 10:24:48.920150042 CEST	443	49719	52.165.165.26	192.168.2.6
Apr 29, 2024 10:25:01.455223083 CEST	49721	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:25:01.455256939 CEST	443	49721	142.250.191.132	192.168.2.6
Apr 29, 2024 10:25:01.455389023 CEST	49721	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:25:01.455871105 CEST	49721	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:25:01.455888987 CEST	443	49721	142.250.191.132	192.168.2.6
Apr 29, 2024 10:25:01.695817947 CEST	443	49721	142.250.191.132	192.168.2.6
Apr 29, 2024 10:25:01.696350098 CEST	49721	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:25:01.696361065 CEST	443	49721	142.250.191.132	192.168.2.6
Apr 29, 2024 10:25:01.697453022 CEST	443	49721	142.250.191.132	192.168.2.6
Apr 29, 2024 10:25:01.697983980 CEST	49721	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:25:01.698062897 CEST	443	49721	142.250.191.132	192.168.2.6
Apr 29, 2024 10:25:01.749903917 CEST	49721	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:25:11.728220940 CEST	443	49721	142.250.191.132	192.168.2.6
Apr 29, 2024 10:25:11.728307009 CEST	443	49721	142.250.191.132	192.168.2.6
Apr 29, 2024 10:25:11.728506088 CEST	49721	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:25:13.502918959 CEST	49721	443	192.168.2.6	142.250.191.132
Apr 29, 2024 10:25:13.502957106 CEST	443	49721	142.250.191.132	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 29, 2024 10:23:56.995613098 CEST	53	52140	1.1.1.1	192.168.2.6
Apr 29, 2024 10:23:57.149704933 CEST	53	49385	1.1.1.1	192.168.2.6
Apr 29, 2024 10:23:57.790904999 CEST	53	52521	1.1.1.1	192.168.2.6
Apr 29, 2024 10:23:59.763432980 CEST	59224	53	192.168.2.6	1.1.1.1
Apr 29, 2024 10:23:59.763575077 CEST	61245	53	192.168.2.6	1.1.1.1
Apr 29, 2024 10:23:59.877727985 CEST	53	59224	1.1.1.1	192.168.2.6
Apr 29, 2024 10:23:59.877806902 CEST	53	61245	1.1.1.1	192.168.2.6
Apr 29, 2024 10:24:01.404056072 CEST	49323	53	192.168.2.6	1.1.1.1
Apr 29, 2024 10:24:01.404433966 CEST	53290	53	192.168.2.6	1.1.1.1
Apr 29, 2024 10:24:01.514904976 CEST	53	53290	1.1.1.1	192.168.2.6
Apr 29, 2024 10:24:01.514924049 CEST	53	49323	1.1.1.1	192.168.2.6
Apr 29, 2024 10:24:17.899720907 CEST	53	63592	1.1.1.1	192.168.2.6
Apr 29, 2024 10:24:36.597955942 CEST	53	63655	1.1.1.1	192.168.2.6
Apr 29, 2024 10:24:56.787668943 CEST	53	52463	1.1.1.1	192.168.2.6
Apr 29, 2024 10:24:59.346240044 CEST	53	51844	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 29, 2024 10:23:59.763432980 CEST	192.168.2.6	1.1.1.1	0x1399	Standard query (0)	mms-media.s3.us-west-004.backblazeb2.com	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:23:59.763575077 CEST	192.168.2.6	1.1.1.1	0xe36a	Standard query (0)	mms-media.s3.us-west-004.backblazeb2.com	65	IN (0x0001)	false
Apr 29, 2024 10:24:01.404056072 CEST	192.168.2.6	1.1.1.1	0x6b0d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:24:01.404433966 CEST	192.168.2.6	1.1.1.1	0x6aaf	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 29, 2024 10:23:59.877727985 CEST	1.1.1.1	192.168.2.6	0x1399	No error (0)	mms-media.s3.us-west-004.backblazeb2.com		149.137.130.10	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:23:59.877727985 CEST	1.1.1.1	192.168.2.6	0x1399	No error (0)	mms-media.s3.us-west-004.backblazeb2.com		149.137.129.254	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:23:59.877727985 CEST	1.1.1.1	192.168.2.6	0x1399	No error (0)	mms-media.s3.us-west-004.backblazeb2.com		149.137.135.254	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:23:59.877727985 CEST	1.1.1.1	192.168.2.6	0x1399	No error (0)	mms-media.s3.us-west-004.backblazeb2.com		149.137.133.254	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:24:01.514904976 CEST	1.1.1.1	192.168.2.6	0x6aaf	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 29, 2024 10:24:01.514924049 CEST	1.1.1.1	192.168.2.6	0x6b0d	No error (0)	www.google.com		142.250.191.132	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:24:11.059331894 CEST	1.1.1.1	192.168.2.6	0x69d3	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 29, 2024 10:24:11.059331894 CEST	1.1.1.1	192.168.2.6	0x69d3	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:24:23.940017939 CEST	1.1.1.1	192.168.2.6	0xbb0d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 29, 2024 10:24:23.940017939 CEST	1.1.1.1	192.168.2.6	0xbb0d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:25:12.297389030 CEST	1.1.1.1	192.168.2.6	0x9169	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 29, 2024 10:25:12.297389030 CEST	1.1.1.1	192.168.2.6	0x9169	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mms-media.s3.us-west-004.backblazeb2.com

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49706	149.137.130.10	443	6292	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-29 08:24:00 UTC	716	OUT	GET /images/Castelli-adventures_01.jpg HTTP/1.1 Host: mms-media.s3.us-west-004.backblazeb2.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-29 08:24:00 UTC	547	IN	HTTP/1.1 200 Server: nginx Date: Mon, 29 Apr 2024 08:24:00 GMT Content-Type: image/jpeg Content-Length: 143505 Connection: close Accept-Ranges: bytes Last-Modified: Thu, 11 Apr 2024 12:53:02 GMT ETag: "c0a3267a9adb8b3c310ec8e5579e5811" x-amz-meta-src_last_modified_millis: 1712839981583 x-amz-request-id: 9a2bd9a37f882716 x-amz-id-2: aMUQ0HTO/OPQ1jWGyOOZkgGUpZR0z/TNa x-amz-version-id: 4_zd1f4d348456a18cd7efe0313_f118bff72aa806aae_d20240411_m125302_c004_v0402019_t0007_u01712839982136 Strict-Transport-Security: max-age=63072000
2024-04-29 08:24:00 UTC	7705	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 81 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 32 20 37 39 2e 66 33 35 34 65 66 63 37 30 2c 20 32 30 32 33 2f 31 31 2f 30 39 2d 31 32 3a 30 35 3a 35 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 Data Ascii: ExifII*Ducky<http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c002 79.f354efc70, 2023/11/09-12:05:53 "> <rdf:RDF
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: 3e f7 97 75 57 27 87 c8 e4 df c4 cc 4c 79 c1 78 bc 04 59 6f a0 82 ac 94 cd 72 1e 27 9e b5 a9 d2 a4 15 13 c7 80 af 29 5d 9e 51 58 1f 40 da 78 cd e2 5b 59 6f 28 dc 6d 12 07 0b 76 5b 90 ec 00 72 15 6d 33 79 9c f2 9c 6b 80 c1 2e 25 a7 17 d6 73 43 43 8e 92 79 0a ad 29 99 56 eb 91 43 df de 62 33 1a 23 d0 f0 eb d6 fa 50 ae b4 91 c4 34 2c 41 b5 b9 af bb ba b4 b7 1d 4d 72 33 bb 3d 29 f3 38 7a 24 36 d0 d1 1c a0 cc 5a 14 d4 99 69 3a 86 85 71 fa 25 1e 44 a7 81 3c f9 d7 b7 0b 69 d3 b0 f9 f9 5c 71 ab e6 68 43 a0 b6 74 8b 25 c5 0d 3d da 13 c1 23 db ce ba 54 8e 76 87 18 a5 a8 ca 79 be 65 41 27 f4 2a f6 9e 2d 14 b8 b0 4c d9 94 ca a9 a4 18 30 89 ba f8 3e e8 f7 97 f8 a3 b9 3e 8e da 5d b8 d6 08 8b 76 eb 8b 2c 7e 59 f9 72 77 4e 70 42 50 49 69 80 1d c9 4d 78 90 cb 08 26 c1 21 Data Ascii: >uW'LyxYor')]QX@x[Yo(mv[rm3yk.%sCCy)VCb3#P4,AMr3=)8z$6Zi:q%D<i\qhCt%=#TvyeA'*-L0>>]v,~YrwNpBPIiMx&!
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: 0c 63 2a 03 8d 27 57 5b ab ab 5e b6 dd e5 d2 16 b5 73 df ba e1 4a 1d 16 2d 29 d6 bc 0e 9c 8f b3 36 c5 4b 6f 23 eb 1c a2 92 fa 74 a8 2d d8 c4 02 39 28 7e f7 1e 21 58 7d dc bb 0e 8f b4 8f 69 c7 bc e4 fb 37 e7 76 fa 26 ee 7c 34 cf ad 71 9a 8b f3 59 52 3a 72 18 04 0b af 81 52 5c 40 37 2a 3c 0a 47 61 17 35 45 3d 4c 99 5b d2 8e 39 12 76 6b 14 e8 79 90 5b 50 e3 a8 71 06 b7 4e 71 30 6a 12 3b 2f 93 ff 00 68 08 98 c9 a8 c2 6e 61 f0 f8 b9 ab 01 13 41 3d 38 af 28 db 5a 91 d8 da cf bf 6e 5e f7 7d 56 e4 d4 bb 19 7b 51 71 c3 34 7a 59 2b 42 d0 97 1b 5a 5d 69 62 ed ba da 82 d0 a1 de 95 24 90 6b 33 61 68 02 a0 0b 40 25 48 0a 00 a0 0a 01 28 04 a0 17 f4 aa 00 f6 a8 58 5a 00 bd 00 b4 02 d0 0b 40 64 28 48 b4 01 40 14 06 0e df a6 6d ce a0 10 4f 2d ee a1 e7 40 3c c2 2d c3 91 40 Data Ascii: c'W[^sJ-)6Ko#t-9(~!X}i7v&\|4qYR:rR\@7<Ga5E=L[9vky[PqNq0j;/hnaA=8(Zn^}V{Qq4zY+BZ]ib$k3ah@%H(XZ@d(H@mO-@<-@
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: cc f5 2f d9 d1 b3 23 ca 96 9b 51 bf 43 23 35 b4 7a 01 28 57 df 51 ae 69 2c 4e a8 64 5f 1e 84 ea 0f 01 50 5c d1 d3 7b b8 d4 03 34 45 75 67 95 48 1f 22 2a 90 c1 1d a6 80 8f 54 57 b5 1e 15 00 a9 6f cf 2b 30 fb c5 94 ae 4e a8 59 66 93 a2 3e 51 90 0a f4 f6 21 e4 1e 0e a3 ba fc 47 61 aa ca 09 84 da 3c e1 bf 3c b2 dd bb 29 f4 ab 2d 19 2e e3 5f 56 88 f9 68 d7 54 67 16 45 c2 15 7f 13 4e 7e 2a fd 97 a8 71 a1 29 94 e7 07 6a 4f 0a 80 3e db 18 d4 e4 b3 b1 98 74 5e 33 44 bf 24 72 bb 6d f1 d3 c3 8f 89 56 15 b5 88 6a 92 46 57 65 a6 2d 97 fc 93 eb 71 6a 09 45 ae 6e a0 78 71 ef 29 17 b7 eb 8d eb d3 67 9e 57 65 ad 61 56 b8 16 aa 50 86 cd 0a 74 06 d4 1c 17 bf 34 8e 47 d3 50 c2 22 f3 53 8b 11 7e 11 0a fa 49 23 e9 4f 73 40 f2 fd 71 1f 25 73 df 9d 15 0e 9b 10 ab a9 02 2e 79 57 Data Ascii: /#QC#5z(WQi,Nd_P\{4EugH"TWo+0NYf>Q!Ga<<)-._VhTgEN~q)jO>t^3D$rmVjFWe-qjEnxq)gWeaVPt4GP"S~I#Os@q%s.yW
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: a9 ed 68 f4 62 5b 75 62 e9 4a 94 3b c0 26 be d4 fc c4 42 85 85 04 94 90 a3 c8 11 c6 80 a8 e5 bc d6 d8 b8 bc ba b1 52 e7 ad 52 5b 3a 1f 71 86 94 eb 2d 2f b5 2b 71 3d a3 b7 48 36 aa 4a 69 32 54 6a 4f e2 b3 78 5c c3 7d 4c 4e 42 3c f4 9e 36 61 c0 a5 7e c3 82 fe e5 59 49 30 d3 45 53 7d f9 b9 b6 f6 84 8f 80 93 d4 54 f5 24 e9 7c b4 b3 0d a7 7e 6b 6e bd c1 3d 43 cf 40 3f aa 22 a2 73 d2 12 4c ae e3 e7 a2 70 56 46 24 e7 24 3e e1 d6 f4 90 a2 97 02 8f 1b 14 0e 09 1d c3 95 70 2d a5 a6 9e 15 ae 2d fe aa f7 fa 23 d1 fb db b5 58 e0 b0 a5 3c 3e cf 46 4e b1 96 69 d2 cc 5c 86 81 26 41 29 8f c4 20 bc a4 8b 9d 09 e6 16 00 bf 86 bc bd e6 cd c1 55 f8 a3 ef f4 ed 47 a5 b5 dd a9 ba 2f 0c bd df f0 ef c8 6b 31 e0 a7 52 da dd 51 50 56 98 d2 49 b3 ad af 98 42 d5 f3 82 87 ba 6b c0 bb Data Ascii: hb[ubJ;&BRR[:q-/+q=H6Ji2TjOx\}LNB<6a~YI0ES}T$\|~kn=C@?"sLpVF$$>p--#X<>FNi\&A) UG/k1RQPVIBk
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: 2d 92 d9 d8 5d a8 fb 4c 27 1d 82 72 43 91 1d 42 56 1e 51 92 e2 9c 5f 51 45 65 06 c5 5c 2c 91 41 51 9e d6 dd 19 ad b1 9a 63 31 86 90 63 cc 62 e2 f6 d4 85 a1 5c 14 db 89 3c 14 85 0e 60 fd fa 02 e4 af 3b 33 6d 2d 52 31 58 2c 16 17 20 e5 c3 99 2c 74 1e 8c a2 14 6e b0 1c 52 d7 a3 58 e0 4a 00 3c 78 11 50 4d 48 2d c5 bc b2 9b 9f 78 3f bb b2 2c b0 d4 f7 56 cb 85 a6 12 b4 b3 ae 3b 68 6d 16 4a d6 b5 5b 4b 42 fe 2e 75 0c 09 bc b7 66 47 77 6e 59 9b 87 22 db 2d 4c 9b d3 ea b7 1d 2a 4b 43 a4 d2 19 4e 90 b5 38 af 75 b1 7f 17 3a ab 0c 75 89 de 59 4c 7e d2 cc 6d 76 1a 61 58 fc da d8 72 5b ab 4a cb c9 31 9c 0e 23 a6 a0 b0 91 72 9e 37 49 aa b6 0d fb 3f 7c ee 3d a5 2d d9 18 79 01 28 90 9e 9c b8 ae a4 3a c3 c8 fc 17 1b 57 03 cf 9f 3a a2 95 09 27 a7 f9 cb b8 dd 85 22 2e 2f 1b Data Ascii: -]L'rCBVQ_QEe\,AQc1cb\<`;3m-R1X, ,tnRXJ<xPMH-x?,V;hmJ[KB.ufGwnY"-L*KCN8u:uYL~mvaXr[J1#r7I?\|=-y(:W:'"./
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: 96 31 99 26 dc 94 b1 74 43 70 29 a7 c8 1c 4d 90 b0 2e 7d 44 d7 7d 9d dd ab 8e 91 78 94 76 da 26 eb a0 a0 28 f0 a0 32 45 48 32 2b a1 22 05 d4 10 34 2a 77 a9 31 e0 6c 94 80 da 3d 69 4f e9 9a 94 18 cd d7 0b 50 b4 95 6a 50 4d 8a bb cf 7d 43 74 44 2c 4a a8 96 a6 32 0c cd 02 e6 33 a9 70 0e f0 0f 8b ee 57 03 b9 e2 a9 d2 a3 85 08 cf b4 5e 09 39 0d af 8e cd b0 35 fc 03 dd 27 16 3f a8 4b 00 a0 fe e8 91 f2 d6 bb c8 d6 0a 4b 81 82 e4 79 db ea e0 52 a3 a6 f5 e5 79 b8 96 d0 46 39 06 ca 25 37 41 ef 49 b7 de ae 98 dd 29 a0 6e e4 dc ac 7f c8 cc 79 16 ec d6 48 f9 0d eb a6 0d 32 ca 52 5c 45 6b 76 6e 36 4f 09 3d 40 3b 14 07 e8 5a b7 51 45 d5 e9 1d 77 cb 0d a5 37 cc 0d bc fc ec 5e 7a 3c 4c d6 3d ce 96 47 19 31 85 94 a4 2f 8b 4f 34 e3 2a d5 d3 70 5c 78 93 c1 40 8e ea b2 b7 16 Data Ascii: 1&tCp)M.}D}xv&(2EH2+"4w1l=iOPjPM}CtD,J23pW^95'?KKyRyF9%7AI)nyH2R\Ekvn6O=@;ZQEw7^z<L=G1/O4p\x@
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: c6 4f 03 f7 45 7c f5 c7 4c 0b 8e 03 7f 46 2b 91 cb 12 68 48 63 19 b0 27 be b9 af 48 bc 11 35 0d 7c 0a 0f 2a e3 b8 b8 9b 45 97 df 2e b3 4d 60 d9 cb 3a a4 ea 7d e6 9a 4c 74 91 74 ea 0b 24 95 7a bb bb 6b d4 e9 9b a5 69 49 f1 74 a0 9d bd 54 2b 7b b3 39 32 72 dc 71 6e 29 4a 51 ba c9 e6 af 5f e9 56 37 37 32 9c b1 2d 25 45 81 01 16 2b 6d d9 c9 89 ea 3a 7d c8 d7 e0 3d 2e 11 fc ef cb 52 d2 5d e6 69 73 24 5b 7d d7 ac 85 9f a3 4f ba da 46 94 a4 7a 12 38 57 1d f9 b6 6d 14 64 a6 3b 40 ae 65 23 4a 19 a1 2a 4f 67 03 50 cb 23 7b 41 69 50 d0 a2 92 79 db b7 d7 df 55 d6 d1 6a 12 a9 86 d2 d8 17 48 42 b9 95 24 70 3e b1 50 e7 5c c9 d2 4f 60 37 4c 98 7a 22 64 16 a7 62 0f 0b 6e 9f 12 9b 1e 83 f3 93 f7 ab d1 d9 f5 49 41 e9 9e 31 f8 7e 46 77 2c a7 8a cc b0 ce c9 23 5a 74 ac 14 7b Data Ascii: OE\|LF+hHc'H5\|E.M`:}Ltt$zkiItT+{92rqn)JQ_V772-%E+m:}=.R]is$[}OFz8Wmd;@e#JOgP#{AiPyUjHB$p>P\O`7Lz"dbnIA1~Fw,#Zt{
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: ee 5b 51 42 bc 2e a5 0b e0 a4 9e 62 84 8d 72 1b e7 6b 63 f7 3c 2d af 32 6f 4b 3b 91 6c 3b 0e 1f 49 e5 6b 42 8a c0 3d 44 a0 b6 9e 2d 2b de 50 e5 40 4f 50 1a df 79 b6 19 71 e7 4e 96 9a 49 5a d5 62 6c 94 8b 93 61 c7 95 01 11 b4 f7 9e db dd b8 e7 32 5b 7a 67 c6 c2 69 e5 47 71 de 9b ad 59 d4 a5 2b 29 d2 f2 1b 57 ba e2 4d ed 6a 00 dd 9b cf 6d ed 2c 73 79 2d c3 33 e0 a1 3a f2 63 b6 ef 4d d7 6e ea 92 a5 84 e9 65 0e 2b dd 6d 46 f6 b5 01 9e 77 77 ed 8c 0c 36 e5 e6 72 71 e0 30 f0 bb 25 f5 84 a9 7c 2f e0 41 f1 2b 87 70 a0 33 db 7b 9f 07 b9 71 48 ca e1 24 fc 5e 3d c5 2d b4 3e 10 e3 77 53 67 4a 86 97 12 85 70 3e 8a 01 c6 5b 33 89 c3 c3 54 dc ac c6 60 c4 47 bc fc 85 a5 b4 5f ba ea 23 8f a2 80 a8 b7 e7 97 94 ee 4b 31 53 b8 e3 87 47 35 29 0f 25 bf 63 aa 40 6c fe ca 84 54 Data Ascii: [QB.brkc<-2oK;l;IkB=D-+P@OPyqNIZbla2[zgiGqY+)WMjm,sy-3:cMne+mFww6rq0%\|/A+p3{qH$^=->wSgJp>[3T`G_#K1SG5)%c@lT
2024-04-29 08:24:00 UTC	8192	IN	Data Raw: 16 50 4b 98 a9 0a b2 87 78 e4 68 41 17 92 dd 79 a8 38 c3 2f 6b 62 98 63 e2 77 4b 98 fc 89 7e 5a ae eb a3 20 98 84 80 a6 5d d2 99 3a 4e a2 9f c9 76 05 50 17 38 5b 96 78 ce c4 c2 e6 20 37 06 54 d8 6b 95 19 c6 9f 32 1a 5b 8c b9 a5 f6 02 8b 4c f1 42 16 da c1 b7 10 4f 0f 0f 11 23 bc 2e 7b eb 59 99 46 d9 63 4c 2c 74 9f 83 6e 5e bb 87 dd 42 41 7f 4a 6d c1 2d 2d 5d 3b df 8a 82 bb b8 81 14 fe ef cc ca 9f 36 3e dd c2 7d 6b 1f 1a f1 8d 36 5b b2 93 11 05 f4 a4 29 c6 98 0a 43 9d 45 22 e1 2a 2a d2 9d 5c 35 70 34 20 7b 84 dd 0b c8 65 e6 62 a5 c1 5e 36 5c 76 23 cc 61 a7 96 95 2d c8 f2 11 c5 44 27 c2 95 36 ea 56 da d2 14 ab 58 1b f8 a8 49 14 d7 98 6e cb 6a 22 31 98 a5 cc 9d 94 72 51 c4 c7 0f 25 b4 39 0a 22 c3 66 6b ce 29 3f 44 d2 d4 a4 e8 b0 51 21 49 e1 c4 d8 41 1d be b2 Data Ascii: PKxhAy8/kbcwK~Z ]:NvP8[x 7Tk2[LBO#.{YFcL,tn^BAJm--];6>}k6[)CE"**\5p4 {eb^6\v#a-D'6VXInj"1rQ%9"fk)?DQ!IA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49705	149.137.130.10	443	6292	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-29 08:24:01 UTC	669	OUT	GET /favicon.ico HTTP/1.1 Host: mms-media.s3.us-west-004.backblazeb2.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-29 08:24:01 UTC	314	IN	HTTP/1.1 404 Server: nginx Date: Mon, 29 Apr 2024 08:24:01 GMT Content-Type: application/xml Content-Length: 137 Connection: close x-amz-request-id: b27c48c7d5daa8ab x-amz-id-2: aMaY0ADMgOKo1I2F3ONtk7WVfZTYztTOS Cache-Control: max-age=0, no-cache, no-store Strict-Transport-Security: max-age=63072000
2024-04-29 08:24:01 UTC	137	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 79 65 73 22 3f 3e 0a 3c 45 72 72 6f 72 3e 0a 20 20 20 20 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 0a 20 20 20 20 3c 4d 65 73 73 61 67 65 3e 4b 65 79 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 4d 65 73 73 61 67 65 3e 0a 3c 2f 45 72 72 6f 72 3e 0a Data Ascii: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><Error> <Code>NoSuchKey</Code> <Message>Key not found</Message></Error>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49709	23.203.40.158	443

Timestamp	Bytes transferred	Direction	Data
2024-04-29 08:24:04 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-29 08:24:04 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0790) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=81558 Date: Mon, 29 Apr 2024 08:24:04 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49710	23.203.40.158	443

Timestamp	Bytes transferred	Direction	Data
2024-04-29 08:24:07 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-29 08:24:07 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=81543 Date: Mon, 29 Apr 2024 08:24:07 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-29 08:24:07 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49712	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-29 08:24:10 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yaMp1xXfWFfXByd&MD=RXrsNt5c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-29 08:24:11 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 5ea479ab-a6cb-418e-84b1-c32b6e727ce3 MS-RequestId: fc24c8e8-1798-4e0d-9108-94a2d7bee196 MS-CV: LMmn6B5py0OFbjXY.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 29 Apr 2024 08:24:10 GMT Connection: close Content-Length: 24490
2024-04-29 08:24:11 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-29 08:24:11 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49719	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-04-29 08:24:48 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yaMp1xXfWFfXByd&MD=RXrsNt5c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-29 08:24:48 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 35996b46-9040-400d-92dd-727318355c93 MS-RequestId: 52954a0e-544b-46ec-a4a0-9040c3cd4907 MS-CV: /GSxC8vcVEy0uYLF.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 29 Apr 2024 08:24:48 GMT Connection: close Content-Length: 25457
2024-04-29 08:24:48 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-29 08:24:48 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5224, Parent PID: 3424

General

Target ID:	0
Start time:	10:23:50
Start date:	29/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6292, Parent PID: 5224

General

Target ID:	2
Start time:	10:23:55
Start date:	29/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2056,i,15730607251357712271,6665821697192158328,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2308, Parent PID: 3424

General

Target ID:	3
Start time:	10:23:58
Start date:	29/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5224, Parent PID: 3424

General

Chronological Activities

Analysis Process: chrome.exePID: 6292, Parent PID: 5224

General

Chronological Activities

Analysis Process: chrome.exePID: 2308, Parent PID: 3424

General

Chronological Activities

Disassembly

Windows Analysis Report
https://mms-media.s3.us-west-004.backblazeb2.com/images/Castelli-adventures_01.jpg