Edit tour

Windows Analysis Report
https://www.v1.bgmi-event.freewebhostmost.com/

Overview

General Information

Sample URL:	https://www.v1.bgmi-event.freewebhostmost.com/
Analysis ID:	1611558
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2016,i,1394362333023457279,10076870376690856115,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.v1.bgmi-event.freewebhostmost.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://www.v1.bgmi-event.freewebhostmost.com/

Avira URL Cloud: detection malicious, Label: phishing

Source: https://www.v1.bgmi-event.freewebhostmost.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49995 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.6:49716 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:58651 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.v1.bgmi-event.freewebhostmost.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.v1.bgmi-event.freewebhostmost.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.v1.bgmi-event.freewebhostmost.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.v1.bgmi-event.freewebhostmost.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 787date: Mon, 10 Feb 2025 23:34:24 GMTserver: LiteSpeedvary: User-Agentx-content-type-options: nosniffalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 10 Feb 2025 23:34:25 GMTserver: LiteSpeedvary: User-Agentx-content-type-options: nosniffalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: sets.json.1.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.1.dr	String found in binary or memory: https://24.hu
Source: sets.json.1.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.1.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.1.dr	String found in binary or memory: https://alice.tw
Source: sets.json.1.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.1.dr	String found in binary or memory: https://autobild.de
Source: sets.json.1.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.1.dr	String found in binary or memory: https://bild.de
Source: sets.json.1.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.1.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.1.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.1.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.1.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.1.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.1.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.1.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.1.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.1.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.1.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.1.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.1.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.1.dr	String found in binary or memory: https://chennien.com
Source: sets.json.1.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.1.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.1.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.1.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.1.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.1.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.1.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.1.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.1.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.1.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.1.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.1.dr	String found in binary or memory: https://css-load.com
Source: sets.json.1.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.1.dr	String found in binary or memory: https://deere.com
Source: sets.json.1.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.1.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.1.dr	String found in binary or memory: https://drimer.io
Source: sets.json.1.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.1.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.1.dr	String found in binary or memory: https://een.be
Source: sets.json.1.dr	String found in binary or memory: https://efront.com
Source: sets.json.1.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.1.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.1.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.1.dr	String found in binary or memory: https://ella.sv
Source: sets.json.1.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.1.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.1.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.1.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.1.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.1.dr	String found in binary or memory: https://finn.no
Source: sets.json.1.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.1.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.1.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.1.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.1.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://grid.id
Source: sets.json.1.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.1.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.1.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.1.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.1.dr	String found in binary or memory: https://hapara.com
Source: sets.json.1.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1.global
Source: sets.json.1.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.1.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.1.dr	String found in binary or memory: https://hearty.app
Source: sets.json.1.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.1.dr	String found in binary or memory: https://hearty.me
Source: sets.json.1.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.1.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.1.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.1.dr	String found in binary or memory: https://hj.rs
Source: sets.json.1.dr	String found in binary or memory: https://hjck.com
Source: sets.json.1.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.1.dr	String found in binary or memory: https://html-load.com
Source: sets.json.1.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.1.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.1.dr	String found in binary or memory: https://img-load.com
Source: sets.json.1.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.1.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.1.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.1.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.1.dr	String found in binary or memory: https://interia.pl
Source: sets.json.1.dr	String found in binary or memory: https://intoday.in
Source: sets.json.1.dr	String found in binary or memory: https://iolam.it
Source: sets.json.1.dr	String found in binary or memory: https://ishares.com
Source: sets.json.1.dr	String found in binary or memory: https://jagran.com
Source: sets.json.1.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.1.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.1.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.1.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.1.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.1.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.1.dr	String found in binary or memory: https://kompas.com
Source: sets.json.1.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.1.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.1.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.1.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.1.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.1.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.1.dr	String found in binary or memory: https://libero.it
Source: sets.json.1.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.1.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.1.dr	String found in binary or memory: https://livechat.com
Source: sets.json.1.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.1.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.1.dr	String found in binary or memory: https://livemint.com
Source: sets.json.1.dr	String found in binary or memory: https://max.auto
Source: sets.json.1.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.1.dr	String found in binary or memory: https://meo.pt
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.1.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.1.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.1.dr	String found in binary or memory: https://money.pl
Source: sets.json.1.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.1.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.1.dr	String found in binary or memory: https://nacion.com
Source: sets.json.1.dr	String found in binary or memory: https://naukri.com
Source: sets.json.1.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.1.dr	String found in binary or memory: https://nien.co
Source: sets.json.1.dr	String found in binary or memory: https://nien.com
Source: sets.json.1.dr	String found in binary or memory: https://nien.org
Source: sets.json.1.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.1.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.1.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.1.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.1.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.1.dr	String found in binary or memory: https://o2.pl
Source: sets.json.1.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.1.dr	String found in binary or memory: https://onet.pl
Source: sets.json.1.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.1.dr	String found in binary or memory: https://p106.net
Source: sets.json.1.dr	String found in binary or memory: https://p24.hu
Source: sets.json.1.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.1.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.1.dr	String found in binary or memory: https://player.pl
Source: sets.json.1.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.1.dr	String found in binary or memory: https://poalim.site
Source: sets.json.1.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.1.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.1.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.1.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.1.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.1.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.1.dr	String found in binary or memory: https://radio1.be
Source: sets.json.1.dr	String found in binary or memory: https://radio2.be
Source: sets.json.1.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.1.dr	String found in binary or memory: https://repid.org
Source: sets.json.1.dr	String found in binary or memory: https://reshim.org
Source: sets.json.1.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.1.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.1.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.1.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.1.dr	String found in binary or memory: https://samayam.com
Source: sets.json.1.dr	String found in binary or memory: https://sapo.io
Source: sets.json.1.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.1.dr	String found in binary or memory: https://shock.co
Source: sets.json.1.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.1.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.1.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.1.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.1.dr	String found in binary or memory: https://songshare.com
Source: sets.json.1.dr	String found in binary or memory: https://songstats.com
Source: sets.json.1.dr	String found in binary or memory: https://sporza.be
Source: sets.json.1.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.1.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.1.dr	String found in binary or memory: https://stripe.com
Source: sets.json.1.dr	String found in binary or memory: https://stripe.network
Source: sets.json.1.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.1.dr	String found in binary or memory: https://supereva.it
Source: sets.json.1.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.1.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.1.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.1.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.1.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.1.dr	String found in binary or memory: https://text.com
Source: sets.json.1.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.1.dr	String found in binary or memory: https://the42.ie
Source: sets.json.1.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.1.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.1.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.1.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.1.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.1.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.1.dr	String found in binary or memory: https://top.pl
Source: sets.json.1.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.1.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://tvid.in
Source: sets.json.1.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.1.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.1.dr	String found in binary or memory: https://unotv.com
Source: sets.json.1.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.1.dr	String found in binary or memory: https://vrt.be
Source: sets.json.1.dr	String found in binary or memory: https://vwo.com
Source: sets.json.1.dr	String found in binary or memory: https://welt.de
Source: sets.json.1.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.1.dr	String found in binary or memory: https://wildix.com
Source: sets.json.1.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.1.dr	String found in binary or memory: https://wingify.com
Source: sets.json.1.dr	String found in binary or memory: https://wordle.at
Source: sets.json.1.dr	String found in binary or memory: https://wp.pl
Source: sets.json.1.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.1.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.1.dr	String found in binary or memory: https://ya.ru
Source: sets.json.1.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://zalo.me
Source: sets.json.1.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.1.dr	String found in binary or memory: https://zingmp3.vn
Source: sets.json.1.dr	String found in binary or memory: https://zoom.com
Source: sets.json.1.dr	String found in binary or memory: https://zoom.us

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58653 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58653
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49995 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_3524_864793998

Jump to behavior

Source: classification engine

Classification label: mal48.win@17/5@4/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2016,i,1394362333023457279,10076870376690856115,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.v1.bgmi-event.freewebhostmost.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2016,i,1394362333023457279,10076870376690856115,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.v1.bgmi-event.freewebhostmost.com/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.v1.bgmi-event.freewebhostmost.com	66.78.59.15	true	false		unknown
www.google.com	172.217.16.196	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.v1.bgmi-event.freewebhostmost.com/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://wieistmeineip.de	sets.json.1.dr	false	high
https://mercadoshops.com.co	sets.json.1.dr	false	high
https://gliadomain.com	sets.json.1.dr	false	high
https://poalim.xyz	sets.json.1.dr	false	high
https://mercadolivre.com	sets.json.1.dr	false	high
https://reshim.org	sets.json.1.dr	false	high
https://nourishingpursuits.com	sets.json.1.dr	false	high
https://medonet.pl	sets.json.1.dr	false	high
https://unotv.com	sets.json.1.dr	false	high
https://mercadoshops.com.br	sets.json.1.dr	false	high
https://joyreactor.cc	sets.json.1.dr	false	high
https://zdrowietvn.pl	sets.json.1.dr	false	high
https://johndeere.com	sets.json.1.dr	false	high
https://songstats.com	sets.json.1.dr	false	high
https://baomoi.com	sets.json.1.dr	false	high
https://supereva.it	sets.json.1.dr	false	high
https://elfinancierocr.com	sets.json.1.dr	false	high
https://bolasport.com	sets.json.1.dr	false	high
https://rws1nvtvt.com	sets.json.1.dr	false	high
https://desimartini.com	sets.json.1.dr	false	high
https://hearty.app	sets.json.1.dr	false	high
https://hearty.gift	sets.json.1.dr	false	high
https://mercadoshops.com	sets.json.1.dr	false	high
https://heartymail.com	sets.json.1.dr	false	high
https://nlc.hu	sets.json.1.dr	false	high
https://p106.net	sets.json.1.dr	false	high
https://radio2.be	sets.json.1.dr	false	high
https://finn.no	sets.json.1.dr	false	high
https://hc1.com	sets.json.1.dr	false	high
https://kompas.tv	sets.json.1.dr	false	high
https://mystudentdashboard.com	sets.json.1.dr	false	high
https://songshare.com	sets.json.1.dr	false	high
https://smaker.pl	sets.json.1.dr	false	high
https://mercadopago.com.mx	sets.json.1.dr	false	high
https://p24.hu	sets.json.1.dr	false	high
https://talkdeskqaid.com	sets.json.1.dr	false	high
https://24.hu	sets.json.1.dr	false	high
https://mercadopago.com.pe	sets.json.1.dr	false	high
https://cardsayings.net	sets.json.1.dr	false	high
https://text.com	sets.json.1.dr	false	high
https://mightytext.net	sets.json.1.dr	false	high
https://pudelek.pl	sets.json.1.dr	false	high
https://hazipatika.com	sets.json.1.dr	false	high
https://joyreactor.com	sets.json.1.dr	false	high
https://cookreactor.com	sets.json.1.dr	false	high
https://wildixin.com	sets.json.1.dr	false	high
https://eworkbookcloud.com	sets.json.1.dr	false	high
https://cognitiveai.ru	sets.json.1.dr	false	high
https://nacion.com	sets.json.1.dr	false	high
https://chennien.com	sets.json.1.dr	false	high
https://drimer.travel	sets.json.1.dr	false	high
https://deccoria.pl	sets.json.1.dr	false	high
https://mercadopago.cl	sets.json.1.dr	false	high
https://talkdeskstgid.com	sets.json.1.dr	false	high
https://naukri.com	sets.json.1.dr	false	high
https://interia.pl	sets.json.1.dr	false	high
https://bonvivir.com	sets.json.1.dr	false	high
https://carcostadvisor.be	sets.json.1.dr	false	high
https://salemovetravel.com	sets.json.1.dr	false	high
https://sapo.io	sets.json.1.dr	false	high
https://wpext.pl	sets.json.1.dr	false	high
https://welt.de	sets.json.1.dr	false	high
https://poalim.site	sets.json.1.dr	false	high
https://drimer.io	sets.json.1.dr	false	high
https://infoedgeindia.com	sets.json.1.dr	false	high
https://blackrockadvisorelite.it	sets.json.1.dr	false	high
https://cognitive-ai.ru	sets.json.1.dr	false	high
https://cafemedia.com	sets.json.1.dr	false	high
https://graziadaily.co.uk	sets.json.1.dr	false	high
https://thirdspace.org.au	sets.json.1.dr	false	high
https://mercadoshops.com.ar	sets.json.1.dr	false	high
https://smpn106jkt.sch.id	sets.json.1.dr	false	high
https://elpais.uy	sets.json.1.dr	false	high
https://landyrev.com	sets.json.1.dr	false	high
https://the42.ie	sets.json.1.dr	false	high
https://commentcamarche.com	sets.json.1.dr	false	high
https://tucarro.com.ve	sets.json.1.dr	false	high
https://rws3nvtvt.com	sets.json.1.dr	false	high
https://eleconomista.net	sets.json.1.dr	false	high
https://helpdesk.com	sets.json.1.dr	false	high
https://mercadolivre.com.br	sets.json.1.dr	false	high
https://clmbtech.com	sets.json.1.dr	false	high
https://standardsandpraiserepurpose.com	sets.json.1.dr	false	high
https://07c225f3.online	sets.json.1.dr	false	high
https://salemovefinancial.com	sets.json.1.dr	false	high
https://mercadopago.com.br	sets.json.1.dr	false	high
https://zoom.us	sets.json.1.dr	false	high
https://commentcamarche.net	sets.json.1.dr	false	high
https://etfacademy.it	sets.json.1.dr	false	high
https://mighty-app.appspot.com	sets.json.1.dr	false	high
https://hj.rs	sets.json.1.dr	false	high
https://hearty.me	sets.json.1.dr	false	high
https://mercadolibre.com.gt	sets.json.1.dr	false	high
https://timesinternet.in	sets.json.1.dr	false	high
https://indiatodayne.in	sets.json.1.dr	false	high
https://idbs-staging.com	sets.json.1.dr	false	high
https://blackrock.com	sets.json.1.dr	false	high
https://idbs-eworkbook.com	sets.json.1.dr	false	high
https://motherandbaby.com	sets.json.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
66.78.59.15	www.v1.bgmi-event.freewebhostmost.com	United States	46261	QUICKPACKETUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1611558
Start date and time:	2025-02-11 00:33:24 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.v1.bgmi-event.freewebhostmost.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/5@4/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 216.58.212.142, 142.250.110.84, 142.250.72.110, 173.194.7.38, 2.23.77.188, 2.22.50.136, 74.125.155.41, 142.250.185.195, 34.104.35.123, 13.107.246.45, 184.28.90.27, 4.245.163.56
Excluded domains from analysis (whitelisted): r4---sn-p5qlsnrl.gvt1.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, r4.sn-p5qlsnrl.gvt1.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, r1.sn-p5qddn76.gvt1.com, r1---sn-p5qddn76.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www.v1.bgmi-event.freewebhostmost.com/

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://www.v1.bgmi-event.freewebhostmost.com Model: Joe Sandbox AI	```json{ "brand": "BGMI", "brand_classification": "known", "legit_url": "https://www.battlegroundsmobileindia.com", "similarity": 6, "spoofed": 7, "reasoning": "The URL 'https://www.v1.bgmi-event.freewebhostmost.com' appears to be attempting to associate itself with the known brand BGMI (Battlegrounds Mobile India). The use of 'bgmi' in the subdomain suggests an attempt to mimic the legitimate brand. The domain 'freewebhostmost.com' is a generic hosting domain, which could be used for legitimate purposes but also for deceptive ones. The subdomain 'v1.bgmi-event' could mislead users into thinking it is an official event page for BGMI. The structural similarity is moderate due to the inclusion of 'bgmi' and 'event', which are relevant to the brand. However, the use of a generic hosting domain reduces the likelihood of it being an official site, increasing the suspicion of typosquatting. The likelihood of user confusion is moderate to high, given the context and structure of the URL."}
URL: https://www.v1.bgmi-event.freewebhostmost.com
URL: https://www.v1.bgmi-event.freewebhostmost.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://www.v1.bgmi-event.freewebhostmost.com/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.018989605004616
Encrypted:	false
SSDEEP:	48:p/hUI1OwEU3AdIq7ak68O40E2szOxxUJ8BPFkf31U4PrHfqY3J5D:RnOwtQIq7aZ40E2sYUJAYRr/qYZ5D
MD5:	C4709C1D483C9233A3A66A7E157624EA
SHA1:	99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
SHA-256:	225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
SHA-512:	B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.820000180714897
Encrypted:	false
SSDEEP:	3:SVzHL3phUmWRDNKydvgHVz:SBHLLUmWRbCp
MD5:	BBEC7670A2519FEB0627F17D0C0B5276
SHA1:	9C30B996F1B069F86EF7C0136DFAF7E614674DEA
SHA-256:	670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
SHA-512:	1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
Malicious:	false
Reputation:	low
Preview:	1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1kULJVPY:F6VlM8aRWpqS1kSJVg
MD5:	084E339C0C9FE898102815EAC9A7CDEA
SHA1:	6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
SHA-256:	52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
SHA-512:	0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	4.629347296880043
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJl:v5C4ql7BkIVmtRTGXvcxBsl
MD5:	8C702C686B703020BC0290BAFC90D7A0
SHA1:	EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
SHA-256:	97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
SHA-512:	6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 11, 2025 00:34:09.773926973 CET	49673	443	192.168.2.6	173.222.162.64
Feb 11, 2025 00:34:09.773927927 CET	49674	443	192.168.2.6	173.222.162.64
Feb 11, 2025 00:34:10.086421967 CET	49672	443	192.168.2.6	173.222.162.64
Feb 11, 2025 00:34:16.575985909 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:16.576021910 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:16.576095104 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:16.578032017 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:16.578043938 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.384102106 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.384207964 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:17.411612988 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:17.411644936 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.411957979 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.568406105 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:17.568733931 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:17.568744898 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.569355011 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:17.611336946 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.749890089 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.750006914 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.750329971 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:17.751169920 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:17.751193047 CET	443	49708	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:17.751208067 CET	49708	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:18.765912056 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:18.765948057 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:18.766156912 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:18.767239094 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:18.767252922 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:18.781848907 CET	49716	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:18.789006948 CET	53	49716	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:18.789069891 CET	49716	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:18.789129972 CET	49716	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:18.789143085 CET	49716	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:18.796719074 CET	53	49716	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:18.796730995 CET	53	49716	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:19.234950066 CET	53	49716	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:19.235599041 CET	49716	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:19.243199110 CET	53	49716	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:19.243249893 CET	49716	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:19.420162916 CET	49674	443	192.168.2.6	173.222.162.64
Feb 11, 2025 00:34:19.553337097 CET	49673	443	192.168.2.6	173.222.162.64
Feb 11, 2025 00:34:19.609785080 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:19.609966040 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:19.613017082 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:19.613023043 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:19.613275051 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:19.615112066 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:19.615207911 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:19.615212917 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:19.615480900 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:19.663332939 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:19.774394035 CET	49672	443	192.168.2.6	173.222.162.64
Feb 11, 2025 00:34:19.806555033 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:19.806638002 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:19.807149887 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:19.807149887 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:19.807192087 CET	443	49715	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:19.807257891 CET	49715	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:21.424179077 CET	443	49704	173.222.162.64	192.168.2.6
Feb 11, 2025 00:34:21.424278021 CET	49704	443	192.168.2.6	173.222.162.64
Feb 11, 2025 00:34:21.993680954 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:21.993707895 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:21.993813038 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:21.994041920 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:21.994052887 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:22.639615059 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:22.640104055 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:22.640134096 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:22.641155958 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:22.641216993 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:22.642508984 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:22.642575026 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:22.693758011 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:22.693783045 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:22.740632057 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:23.367835999 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:23.367867947 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:23.367976904 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:23.368391037 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:23.368402004 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:23.368443012 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:23.368865013 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:23.368876934 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:23.369286060 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:23.369293928 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.349452019 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.349695921 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.349714041 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.350706100 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.350758076 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.352145910 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.352202892 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.352385044 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.352391958 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.353323936 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.353823900 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.353835106 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.354856968 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.354922056 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.355884075 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.355945110 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.398829937 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.398940086 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.398948908 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.445941925 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.978219032 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.978319883 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:24.982777119 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.989296913 CET	49727	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:24.989322901 CET	443	49727	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:25.062326908 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:25.103328943 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:25.410799980 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:25.410867929 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:25.411089897 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:25.412269115 CET	49728	443	192.168.2.6	66.78.59.15
Feb 11, 2025 00:34:25.412291050 CET	443	49728	66.78.59.15	192.168.2.6
Feb 11, 2025 00:34:32.610558987 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:32.610613108 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:32.610785961 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:34.337037086 CET	49719	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:34:34.337065935 CET	443	49719	172.217.16.196	192.168.2.6
Feb 11, 2025 00:34:44.892906904 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:44.892930984 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:44.892998934 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:44.893682003 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:44.893696070 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.689775944 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.689852953 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:45.703490019 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:45.703506947 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.703787088 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.705775976 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:45.705868959 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:45.705874920 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.706021070 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:45.751333952 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.889383078 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.889647961 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.890089035 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:34:45.890115023 CET	443	49868	40.115.3.253	192.168.2.6
Feb 11, 2025 00:34:45.890127897 CET	49868	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:13.514494896 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:13.514543056 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:13.514631987 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:13.515239954 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:13.515254974 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.384187937 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.384263992 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:14.386009932 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:14.386018991 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.386223078 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.388032913 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:14.388082981 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:14.388087988 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.388211012 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:14.435324907 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.558334112 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.558603048 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.558665991 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:14.558808088 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:14.558828115 CET	443	49995	40.115.3.253	192.168.2.6
Feb 11, 2025 00:35:14.558837891 CET	49995	443	192.168.2.6	40.115.3.253
Feb 11, 2025 00:35:19.391865969 CET	58651	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:35:19.399097919 CET	53	58651	1.1.1.1	192.168.2.6
Feb 11, 2025 00:35:19.399166107 CET	58651	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:35:19.404067993 CET	53	58651	1.1.1.1	192.168.2.6
Feb 11, 2025 00:35:19.851598024 CET	58651	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:35:19.856688023 CET	53	58651	1.1.1.1	192.168.2.6
Feb 11, 2025 00:35:19.856748104 CET	58651	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:35:22.023633003 CET	58653	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:35:22.023680925 CET	443	58653	172.217.16.196	192.168.2.6
Feb 11, 2025 00:35:22.023763895 CET	58653	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:35:22.024065971 CET	58653	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:35:22.024081945 CET	443	58653	172.217.16.196	192.168.2.6
Feb 11, 2025 00:35:22.675180912 CET	443	58653	172.217.16.196	192.168.2.6
Feb 11, 2025 00:35:22.675623894 CET	58653	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:35:22.675656080 CET	443	58653	172.217.16.196	192.168.2.6
Feb 11, 2025 00:35:22.675981045 CET	443	58653	172.217.16.196	192.168.2.6
Feb 11, 2025 00:35:22.676301003 CET	58653	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:35:22.676366091 CET	443	58653	172.217.16.196	192.168.2.6
Feb 11, 2025 00:35:22.725414038 CET	58653	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:35:32.573425055 CET	443	58653	172.217.16.196	192.168.2.6
Feb 11, 2025 00:35:32.573493004 CET	443	58653	172.217.16.196	192.168.2.6
Feb 11, 2025 00:35:32.573657990 CET	58653	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:35:34.336325884 CET	58653	443	192.168.2.6	172.217.16.196
Feb 11, 2025 00:35:34.336363077 CET	443	58653	172.217.16.196	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 11, 2025 00:34:17.788104057 CET	53	62646	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:17.802195072 CET	53	56612	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:18.781446934 CET	53	62625	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:18.781714916 CET	53	55115	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:21.960983038 CET	56687	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:21.960983038 CET	56441	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:21.992237091 CET	53	56441	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:21.992294073 CET	53	56687	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:23.351046085 CET	55771	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:23.351247072 CET	53846	53	192.168.2.6	1.1.1.1
Feb 11, 2025 00:34:23.363074064 CET	53	55771	1.1.1.1	192.168.2.6
Feb 11, 2025 00:34:23.365509987 CET	53	53846	1.1.1.1	192.168.2.6
Feb 11, 2025 00:35:17.394565105 CET	53	57832	1.1.1.1	192.168.2.6
Feb 11, 2025 00:35:19.391411066 CET	53	54248	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 11, 2025 00:34:21.960983038 CET	192.168.2.6	1.1.1.1	0xb2f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 11, 2025 00:34:21.960983038 CET	192.168.2.6	1.1.1.1	0xd770	Standard query (0)	www.google.com	65	IN (0x0001)	false
Feb 11, 2025 00:34:23.351046085 CET	192.168.2.6	1.1.1.1	0xa3c1	Standard query (0)	www.v1.bgmi-event.freewebhostmost.com	A (IP address)	IN (0x0001)	false
Feb 11, 2025 00:34:23.351247072 CET	192.168.2.6	1.1.1.1	0xdf70	Standard query (0)	www.v1.bgmi-event.freewebhostmost.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 11, 2025 00:34:21.992237091 CET	1.1.1.1	192.168.2.6	0xd770	No error (0)	www.google.com		65	IN (0x0001)	false
Feb 11, 2025 00:34:21.992294073 CET	1.1.1.1	192.168.2.6	0xb2f	No error (0)	www.google.com	172.217.16.196	A (IP address)	IN (0x0001)	false
Feb 11, 2025 00:34:23.363074064 CET	1.1.1.1	192.168.2.6	0xa3c1	No error (0)	www.v1.bgmi-event.freewebhostmost.com	66.78.59.15	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.v1.bgmi-event.freewebhostmost.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-02-10 23:34:17 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 73 65 4f 66 55 45 78 58 55 43 73 31 6a 73 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 39 34 35 35 62 33 64 30 61 61 30 61 35 35 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: OseOfUExXUCs1jsa.1Context: d9455b3d0aa0a55b
2025-02-10 23:34:17 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-02-10 23:34:17 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 4f 73 65 4f 66 55 45 78 58 55 43 73 31 6a 73 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 39 34 35 35 62 33 64 30 61 61 30 61 35 35 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: OseOfUExXUCs1jsa.2Context: d9455b3d0aa0a55b<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
2025-02-10 23:34:17 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 73 65 4f 66 55 45 78 58 55 43 73 31 6a 73 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 39 34 35 35 62 33 64 30 61 61 30 61 35 35 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: OseOfUExXUCs1jsa.3Context: d9455b3d0aa0a55b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-02-10 23:34:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-02-10 23:34:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 77 32 34 5a 65 78 42 48 45 61 76 4b 79 4e 39 75 6d 45 57 58 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 9w24ZexBHEavKyN9umEWXA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49715	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-02-10 23:34:19 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 7a 5a 71 54 39 34 36 5a 45 71 73 4e 64 34 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 65 35 61 31 38 66 30 34 30 31 64 61 34 65 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: RzZqT946ZEqsNd4Q.1Context: 3e5a18f0401da4ea
2025-02-10 23:34:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-02-10 23:34:19 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 52 7a 5a 71 54 39 34 36 5a 45 71 73 4e 64 34 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 65 35 61 31 38 66 30 34 30 31 64 61 34 65 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 74 5a 46 32 79 31 4a 43 33 79 53 44 6b 69 39 46 79 57 48 76 79 70 63 5a 4c 44 78 38 54 2f 53 53 51 35 38 5a 65 49 58 63 38 64 4b 44 4d 46 55 35 6e 4e 37 56 6a 6c 7a 49 47 6d 2b 44 30 47 65 77 6f 52 59 32 70 35 6d 77 4a 77 49 47 51 37 4b 6b 78 76 4a 69 48 62 7a 48 39 4a 37 61 57 71 6a 71 39 52 36 78 63 79 48 6a 74 72 35 65 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: RzZqT946ZEqsNd4Q.2Context: 3e5a18f0401da4ea<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAftZF2y1JC3ySDki9FyWHvypcZLDx8T/SSQ58ZeIXc8dKDMFU5nN7VjlzIGm+D0GewoRY2p5mwJwIGQ7KkxvJiHbzH9J7aWqjq9R6xcyHjtr5e
2025-02-10 23:34:19 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 52 7a 5a 71 54 39 34 36 5a 45 71 73 4e 64 34 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 65 35 61 31 38 66 30 34 30 31 64 61 34 65 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: RzZqT946ZEqsNd4Q.3Context: 3e5a18f0401da4ea<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-02-10 23:34:19 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-02-10 23:34:19 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 35 2b 77 54 64 36 57 34 4a 45 32 4e 57 4f 65 63 79 38 54 61 38 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 5+wTd6W4JE2NWOecy8Ta8A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49727	66.78.59.15	443	1056	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-10 23:34:24 UTC	680	OUT	GET / HTTP/1.1 Host: www.v1.bgmi-event.freewebhostmost.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-10 23:34:24 UTC	466	IN	HTTP/1.1 403 Forbidden Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 787 date: Mon, 10 Feb 2025 23:34:24 GMT server: LiteSpeed vary: User-Agent x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-02-10 23:34:24 UTC	787	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 403 Forbidden</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49728	66.78.59.15	443	1056	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-10 23:34:25 UTC	630	OUT	GET /favicon.ico HTTP/1.1 Host: www.v1.bgmi-event.freewebhostmost.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.v1.bgmi-event.freewebhostmost.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-10 23:34:25 UTC	466	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Mon, 10 Feb 2025 23:34:25 GMT server: LiteSpeed vary: User-Agent x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-02-10 23:34:25 UTC	796	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49868	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-02-10 23:34:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 53 36 6a 61 65 36 70 46 59 45 36 36 46 76 35 37 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 32 61 31 39 65 36 64 35 62 36 38 32 66 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: S6jae6pFYE66Fv57.1Context: 9c2a19e6d5b682f5
2025-02-10 23:34:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-02-10 23:34:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 53 36 6a 61 65 36 70 46 59 45 36 36 46 76 35 37 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 32 61 31 39 65 36 64 35 62 36 38 32 66 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 74 5a 46 32 79 31 4a 43 33 79 53 44 6b 69 39 46 79 57 48 76 79 70 63 5a 4c 44 78 38 54 2f 53 53 51 35 38 5a 65 49 58 63 38 64 4b 44 4d 46 55 35 6e 4e 37 56 6a 6c 7a 49 47 6d 2b 44 30 47 65 77 6f 52 59 32 70 35 6d 77 4a 77 49 47 51 37 4b 6b 78 76 4a 69 48 62 7a 48 39 4a 37 61 57 71 6a 71 39 52 36 78 63 79 48 6a 74 72 35 65 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: S6jae6pFYE66Fv57.2Context: 9c2a19e6d5b682f5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAftZF2y1JC3ySDki9FyWHvypcZLDx8T/SSQ58ZeIXc8dKDMFU5nN7VjlzIGm+D0GewoRY2p5mwJwIGQ7KkxvJiHbzH9J7aWqjq9R6xcyHjtr5e
2025-02-10 23:34:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 53 36 6a 61 65 36 70 46 59 45 36 36 46 76 35 37 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 32 61 31 39 65 36 64 35 62 36 38 32 66 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: S6jae6pFYE66Fv57.3Context: 9c2a19e6d5b682f5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-02-10 23:34:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-02-10 23:34:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 56 45 46 75 31 59 58 5a 30 69 70 71 38 43 34 6e 73 4e 72 47 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6VEFu1YXZ0ipq8C4nsNrGg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49995	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-02-10 23:35:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 2b 72 32 72 2f 78 4c 47 30 43 71 43 42 35 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 66 33 35 33 31 38 33 37 39 32 31 66 66 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: T+r2r/xLG0CqCB5g.1Context: d6f3531837921ffa
2025-02-10 23:35:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-02-10 23:35:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 2b 72 32 72 2f 78 4c 47 30 43 71 43 42 35 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 66 33 35 33 31 38 33 37 39 32 31 66 66 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 74 5a 46 32 79 31 4a 43 33 79 53 44 6b 69 39 46 79 57 48 76 79 70 63 5a 4c 44 78 38 54 2f 53 53 51 35 38 5a 65 49 58 63 38 64 4b 44 4d 46 55 35 6e 4e 37 56 6a 6c 7a 49 47 6d 2b 44 30 47 65 77 6f 52 59 32 70 35 6d 77 4a 77 49 47 51 37 4b 6b 78 76 4a 69 48 62 7a 48 39 4a 37 61 57 71 6a 71 39 52 36 78 63 79 48 6a 74 72 35 65 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: T+r2r/xLG0CqCB5g.2Context: d6f3531837921ffa<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAftZF2y1JC3ySDki9FyWHvypcZLDx8T/SSQ58ZeIXc8dKDMFU5nN7VjlzIGm+D0GewoRY2p5mwJwIGQ7KkxvJiHbzH9J7aWqjq9R6xcyHjtr5e
2025-02-10 23:35:14 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 2b 72 32 72 2f 78 4c 47 30 43 71 43 42 35 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 66 33 35 33 31 38 33 37 39 32 31 66 66 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: T+r2r/xLG0CqCB5g.3Context: d6f3531837921ffa<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-02-10 23:35:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-02-10 23:35:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 4a 31 59 53 51 75 61 51 45 2b 69 57 62 38 48 46 61 4e 37 55 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XJ1YSQuaQE+iWb8HFaN7Uw.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3524, Parent PID: 5756

General

Target ID:	1
Start time:	18:34:11
Start date:	10/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1056, Parent PID: 3524

General

Target ID:	3
Start time:	18:34:16
Start date:	10/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2016,i,1394362333023457279,10076870376690856115,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3608, Parent PID: 5756

General

Target ID:	4
Start time:	18:34:22
Start date:	10/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.v1.bgmi-event.freewebhostmost.com/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.v1.bgmi-event.freewebhostmost.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3524_1166118208\sets.json

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3524, Parent PID: 5756

General

Chronological Activities

Analysis Process: chrome.exePID: 1056, Parent PID: 3524

General

Chronological Activities

Analysis Process: chrome.exePID: 3608, Parent PID: 5756

General

Windows Analysis Report
https://www.v1.bgmi-event.freewebhostmost.com/