Edit tour

Windows Analysis Report
http://bookedresults.my.id

Overview

General Information

Sample URL:http://bookedresults.my.id
Analysis ID:1415789
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 5720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2520,i,15045789949889070593,12427848774781699257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 4500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bookedresults.my.id" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://bookedresults.my.idAvira URL Cloud: detection malicious, Label: phishing
Source: http://bookedresults.my.id/favicon.icoAvira URL Cloud: Label: phishing
Source: bookedresults.my.idVirustotal: Detection: 12%Perma Link
Source: http://bookedresults.my.idVirustotal: Detection: 12%Perma Link
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.43
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.155
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.155
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.43
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: bookedresults.my.idConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bookedresults.my.idConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://bookedresults.my.id/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: bookedresults.my.id
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Mar 2024 12:46:53 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: classification engineClassification label: mal72.win@16/10@6/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2520,i,15045789949889070593,12427848774781699257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bookedresults.my.id"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2520,i,15045789949889070593,12427848774781699257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1415789 URL: http://bookedresults.my.id Startdate: 26/03/2024 Architecture: WINDOWS Score: 72 24 Multi AV Scanner detection for domain / URL 2->24 26 Antivirus detection for URL or domain 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 Multi AV Scanner detection for submitted file 2->30 6 chrome.exe 9 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.10 unknown unknown 6->14 16 192.168.2.3, 138, 443, 49707 unknown unknown 6->16 18 2 other IPs or domains 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 bookedresults.my.id 69.49.230.198, 49716, 49717, 80 UNIFIEDLAYER-AS-1US United States 11->20 22 www.google.com 172.253.62.106, 443, 49719, 49726 GOOGLEUS United States 11->22

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://bookedresults.my.id100%Avira URL Cloudphishing
http://bookedresults.my.id13%VirustotalBrowse
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
bookedresults.my.id13%VirustotalBrowse
SourceDetectionScannerLabelLink
http://bookedresults.my.id/favicon.ico100%Avira URL Cloudphishing

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
172.253.62.106
truefalse
    high
    bookedresults.my.id
    69.49.230.198
    truefalseunknown
    fp2e7a.wpc.phicdn.net
    192.229.211.108
    truefalseunknown
    NameMaliciousAntivirus DetectionReputation
    http://bookedresults.my.id/favicon.icofalse
    • Avira URL Cloud: phishing
    unknown
    http://bookedresults.my.id/false
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      239.255.255.250
      unknownReserved
      unknownunknownfalse
      172.253.62.106
      www.google.comUnited States
      15169GOOGLEUSfalse
      69.49.230.198
      bookedresults.my.idUnited States
      46606UNIFIEDLAYER-AS-1USfalse
      IP
      192.168.2.10
      192.168.2.3
      192.168.2.5
      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1415789
      Start date and time:2024-03-26 13:45:59 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 3m 34s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:http://bookedresults.my.id
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:12
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal72.win@16/10@6/6
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 172.253.62.101, 172.253.62.113, 172.253.62.139, 172.253.62.102, 172.253.62.100, 172.253.62.138, 142.251.111.84, 172.253.63.94, 34.104.35.123, 40.68.123.157, 192.229.211.108, 20.242.39.171, 13.107.21.200, 204.79.197.200, 142.251.16.94
      • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, dual-a-0001.a-msedge.net, clientservices.googleapis.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtSetInformationFile calls found.
      No simulations
      No context
      No context
      No context
      No context
      No context
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 11:46:50 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2675
      Entropy (8bit):3.9757352291225523
      Encrypted:false
      SSDEEP:48:8KdYTTbdnHyUidAKZdA1kLehwiZUklqehly+3:8lrds+y
      MD5:CE13A62401BBCCE3A90CE01E5E4D486C
      SHA1:A5F093131603B989A2B5D999C2B74869BAA48C3B
      SHA-256:D4634C867D31F0268C6702A2ED996FDB606B4FDB56DDEB755D191BB692C8288C
      SHA-512:FFBF6FC02B58099EAF808B492300848D9A309749632593D6BE25BFBED9BF2F4C2F155C83510B6A40CD4F693155DC06F3F2C6D2AC5EF219E678162DF4E3E3672C
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.......{.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IzX.e....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX.e....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VzX.e....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VzX.e...........................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VzX.e....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............MW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 11:46:50 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2677
      Entropy (8bit):3.9900394851122285
      Encrypted:false
      SSDEEP:48:8edYTTbdnHyUidAKZdA1DLeh/iZUkAQkqehuy+2:8hrdg9QXy
      MD5:AD7FBDBD792D7390E8E67828C3C203EF
      SHA1:3C48D7839854D15C286C14D9763A453CDC065562
      SHA-256:DA5BBEEADF52F4D06BB87684793089ED78D2D59A421F054029AC32BE9FE9138C
      SHA-512:54EA713D8AADA35119678C2D810013C01DD9E51DD015D4EFDE45374CA0A587091C8CE354A86C02535FADA9AD490B1E99C91A232BF691832C25F53DCDD291B858
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,....L..{.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IzX.e....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX.e....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VzX.e....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VzX.e...........................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VzX.e....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............MW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 13:13:28 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2691
      Entropy (8bit):3.999881927809523
      Encrypted:false
      SSDEEP:48:83dYTTbCnHyUidAKZdA14PLeh7sFiZUkmgqeh7sYy+BX:8OrCmnSy
      MD5:E38A58610C85BFF76EE8AFEDCD170023
      SHA1:BF21E5B26F8731A6DA1581D62448DFD6854D347A
      SHA-256:234666EFDB5149AB612842702E93BF3F365D78D124EBCB3FC11F82C0E6F69CE9
      SHA-512:979A4BEC920CF202F8B8618B7F1E196DA14C6D3F2232799D46CA780F08F3499CD8747DCFF89B94D7F38A3626379B66093F2C7501FE8355CA0B47FF507393D766
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.....k........v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IzX.e....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX.e....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VzX.e....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VzX.e...........................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEW.q....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............MW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 11:46:50 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2679
      Entropy (8bit):3.9857068638051243
      Encrypted:false
      SSDEEP:48:8RdYTTbdnHyUidAKZdA1mLehDiZUkwqeh6y+R:80rdFgy
      MD5:EFD54AB6C3F7AD8B93C071D2E0E14E3C
      SHA1:72013D854C63C5C69FA653545EBF70F97AE624CE
      SHA-256:7DF50F0CC1490A6955DE50B8E54BF4EBE5633F49B77229BBA61268DE543B482F
      SHA-512:AC92F5264375E4A502B1B217AE2B2B14C4020B06FBF46EB11E362E6CFCB5C94B63C0BA3F7428D4CBEF5D67B74B05A3E8F690EEC4DD22A5048F9215F647DADBB7
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.....p.{.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IzX.e....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX.e....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VzX.e....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VzX.e...........................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VzX.e....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............MW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 11:46:50 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2679
      Entropy (8bit):3.9772141141915913
      Encrypted:false
      SSDEEP:48:8V8dYTTbdnHyUidAKZdA1oLehBiZUk1W1qehsy+C:81rd19My
      MD5:44F2A63221351EE21270DF0FEF0E553E
      SHA1:00DD33D8DA8DF95F663B56BBD424F8AAF78CDBBC
      SHA-256:3DE07578AC2FAD333A5128443B783DA7A09B9EA5A0F153A769AE44B16AB78406
      SHA-512:E460C94C8AF3F8F8993E457BB907960C4B7055EC4F16295D7595F13B97302654B91D67EDFB1BE39AAC9DB24875940D04FE417CCFC6E95DC6E8E355EFEE649FB8
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.......{.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IzX.e....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX.e....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VzX.e....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VzX.e...........................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VzX.e....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............MW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 11:46:50 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2681
      Entropy (8bit):3.989544595921157
      Encrypted:false
      SSDEEP:48:82dYTTbdnHyUidAKZdA1duTBLehOuTbbiZUk5OjqehOuTbSy+yT+:8ZrdCT6TbxWOvTbSy7T
      MD5:CBC1838B94DA95A78FC8A658F8FA1448
      SHA1:D1175C9415CE645D8EAFA361AA4BC06686264182
      SHA-256:B2C991EF5FEB4E6DCE49B6EB3921289E76CEB88BE5A6A05540508F65138AB34E
      SHA-512:679AEE8E26703A4EBBD1A576A6FF0690CD208BCF1D950DF8AB620527A5D2DB6EEBD63DA9FBDCD5606BDBC8665C3224BE433BEB7CED92F63B30DE62BDD961E550
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.......{.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IzX.e....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX.e....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VzX.e....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VzX.e...........................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VzX.e....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............MW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:HTML document, ASCII text
      Category:downloaded
      Size (bytes):315
      Entropy (8bit):5.0572271090563765
      Encrypted:false
      SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
      MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
      SHA1:A82190FC530C265AA40A045C21770D967F4767B8
      SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
      SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
      Malicious:false
      Reputation:low
      URL:http://bookedresults.my.id/favicon.ico
      Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with no line terminators
      Category:downloaded
      Size (bytes):8
      Entropy (8bit):2.75
      Encrypted:false
      SSDEEP:3:4tT:W
      MD5:397D00B13C40E37711D9CBEA7FA61BD0
      SHA1:1826B5600A8D92BD85FE5AB4E11005CF42F4027B
      SHA-256:A68202A9E3005AD61F9EF52BA8288811DBD6F56022E8A9C901B31DD89DC9A51A
      SHA-512:6E9A642094E1EFA6ACECB9A28B05FEAF1811A3278D03AB2FB4FA8F731370FBFE7F406F2A9F71A542E14A5903A7591186D7047C9973DF4053EB698CAEC0FE6958
      Malicious:false
      Reputation:low
      URL:http://bookedresults.my.id/
      Preview:nasa.gov
      No static file info

      Download Network PCAP: filteredfull

      • Total Packets: 80
      • 443 (HTTPS)
      • 80 (HTTP)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Mar 26, 2024 13:46:44.814233065 CET49681443192.168.2.320.189.173.5
      Mar 26, 2024 13:46:45.126441002 CET49681443192.168.2.320.189.173.5
      Mar 26, 2024 13:46:45.563913107 CET49677443192.168.2.3104.98.116.138
      Mar 26, 2024 13:46:45.564117908 CET49674443192.168.2.3173.222.162.43
      Mar 26, 2024 13:46:45.569264889 CET49675443192.168.2.3104.98.116.155
      Mar 26, 2024 13:46:45.569268942 CET49676443192.168.2.3104.98.116.138
      Mar 26, 2024 13:46:45.735753059 CET49681443192.168.2.320.189.173.5
      Mar 26, 2024 13:46:45.957588911 CET49672443192.168.2.3104.98.116.138
      Mar 26, 2024 13:46:46.157722950 CET49671443192.168.2.3204.79.197.203
      Mar 26, 2024 13:46:46.938904047 CET49681443192.168.2.320.189.173.5
      Mar 26, 2024 13:46:49.345145941 CET49681443192.168.2.320.189.173.5
      Mar 26, 2024 13:46:53.829325914 CET4971680192.168.2.369.49.230.198
      Mar 26, 2024 13:46:53.830276012 CET4971780192.168.2.369.49.230.198
      Mar 26, 2024 13:46:53.939820051 CET804971669.49.230.198192.168.2.3
      Mar 26, 2024 13:46:53.939948082 CET4971680192.168.2.369.49.230.198
      Mar 26, 2024 13:46:53.940335989 CET804971769.49.230.198192.168.2.3
      Mar 26, 2024 13:46:53.940349102 CET4971680192.168.2.369.49.230.198
      Mar 26, 2024 13:46:53.940408945 CET4971780192.168.2.369.49.230.198
      Mar 26, 2024 13:46:54.050537109 CET804971669.49.230.198192.168.2.3
      Mar 26, 2024 13:46:54.051178932 CET804971669.49.230.198192.168.2.3
      Mar 26, 2024 13:46:54.094449997 CET4971680192.168.2.369.49.230.198
      Mar 26, 2024 13:46:54.145139933 CET49681443192.168.2.320.189.173.5
      Mar 26, 2024 13:46:54.181761980 CET4971680192.168.2.369.49.230.198
      Mar 26, 2024 13:46:54.292471886 CET804971669.49.230.198192.168.2.3
      Mar 26, 2024 13:46:54.344985008 CET4971680192.168.2.369.49.230.198
      Mar 26, 2024 13:46:55.015661001 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:46:55.015708923 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:46:55.015870094 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:46:55.016607046 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:46:55.016621113 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:46:55.168852091 CET49676443192.168.2.3104.98.116.138
      Mar 26, 2024 13:46:55.168869972 CET49675443192.168.2.3104.98.116.155
      Mar 26, 2024 13:46:55.168891907 CET49677443192.168.2.3104.98.116.138
      Mar 26, 2024 13:46:55.168893099 CET49674443192.168.2.3173.222.162.43
      Mar 26, 2024 13:46:55.238832951 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:46:55.260752916 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:46:55.260776043 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:46:55.262247086 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:46:55.262340069 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:46:55.264081955 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:46:55.264166117 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:46:55.309469938 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:46:55.309484005 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:46:55.356364965 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:46:55.559550047 CET49672443192.168.2.3104.98.116.138
      Mar 26, 2024 13:46:55.762609005 CET49671443192.168.2.3204.79.197.203
      Mar 26, 2024 13:46:56.350105047 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.350151062 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.350224972 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.352334976 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.352349043 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.552953005 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.553040028 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.557972908 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.557985067 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.558331966 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.606343031 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.630867004 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.676237106 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.736872911 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.736954927 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.737088919 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.737168074 CET49720443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.737185955 CET4434972023.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.802604914 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.802650928 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.802797079 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.803459883 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:56.803481102 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.999874115 CET44349707104.98.116.138192.168.2.3
      Mar 26, 2024 13:46:56.999901056 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:56.999977112 CET49707443192.168.2.3104.98.116.138
      Mar 26, 2024 13:46:57.000015974 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:57.001724005 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:57.001740932 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:57.001981974 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:57.003350019 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:57.048230886 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:57.189878941 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:57.189963102 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:57.190128088 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:57.192430973 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:57.192430973 CET49721443192.168.2.323.221.242.90
      Mar 26, 2024 13:46:57.192457914 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:57.192470074 CET4434972123.221.242.90192.168.2.3
      Mar 26, 2024 13:46:59.297530890 CET804971669.49.230.198192.168.2.3
      Mar 26, 2024 13:46:59.297602892 CET4971680192.168.2.369.49.230.198
      Mar 26, 2024 13:47:00.969176054 CET4971680192.168.2.369.49.230.198
      Mar 26, 2024 13:47:01.079554081 CET804971669.49.230.198192.168.2.3
      Mar 26, 2024 13:47:03.747766018 CET49681443192.168.2.320.189.173.5
      Mar 26, 2024 13:47:05.239943981 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:05.240026951 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:05.240407944 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:47:06.975990057 CET49719443192.168.2.3172.253.62.106
      Mar 26, 2024 13:47:06.976021051 CET44349719172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:07.707081079 CET49707443192.168.2.3104.98.116.138
      Mar 26, 2024 13:47:07.707169056 CET49707443192.168.2.3104.98.116.138
      Mar 26, 2024 13:47:07.861890078 CET44349707104.98.116.138192.168.2.3
      Mar 26, 2024 13:47:07.861907959 CET44349707104.98.116.138192.168.2.3
      Mar 26, 2024 13:47:24.940804005 CET804971769.49.230.198192.168.2.3
      Mar 26, 2024 13:47:24.940921068 CET4971780192.168.2.369.49.230.198
      Mar 26, 2024 13:47:38.950655937 CET4971780192.168.2.369.49.230.198
      Mar 26, 2024 13:47:39.062786102 CET804971769.49.230.198192.168.2.3
      Mar 26, 2024 13:47:40.517710924 CET4970880192.168.2.372.21.81.240
      Mar 26, 2024 13:47:40.611701012 CET804970872.21.81.240192.168.2.3
      Mar 26, 2024 13:47:40.611763954 CET4970880192.168.2.372.21.81.240
      Mar 26, 2024 13:47:54.963489056 CET4971780192.168.2.369.49.230.198
      Mar 26, 2024 13:47:54.964163065 CET49726443192.168.2.3172.253.62.106
      Mar 26, 2024 13:47:54.964209080 CET44349726172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:54.964339018 CET49726443192.168.2.3172.253.62.106
      Mar 26, 2024 13:47:54.965830088 CET49726443192.168.2.3172.253.62.106
      Mar 26, 2024 13:47:54.965854883 CET44349726172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:55.073947906 CET804971769.49.230.198192.168.2.3
      Mar 26, 2024 13:47:55.074027061 CET4971780192.168.2.369.49.230.198
      Mar 26, 2024 13:47:55.184376955 CET44349726172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:55.192612886 CET49726443192.168.2.3172.253.62.106
      Mar 26, 2024 13:47:55.192629099 CET44349726172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:55.192967892 CET44349726172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:55.194685936 CET49726443192.168.2.3172.253.62.106
      Mar 26, 2024 13:47:55.194737911 CET44349726172.253.62.106192.168.2.3
      Mar 26, 2024 13:47:55.248059988 CET49726443192.168.2.3172.253.62.106
      Mar 26, 2024 13:48:05.181898117 CET44349726172.253.62.106192.168.2.3
      Mar 26, 2024 13:48:05.181968927 CET44349726172.253.62.106192.168.2.3
      Mar 26, 2024 13:48:05.182329893 CET49726443192.168.2.3172.253.62.106
      Mar 26, 2024 13:48:06.970690966 CET49726443192.168.2.3172.253.62.106
      Mar 26, 2024 13:48:06.970714092 CET44349726172.253.62.106192.168.2.3
      TimestampSource PortDest PortSource IPDest IP
      Mar 26, 2024 13:46:50.615053892 CET53510541.1.1.1192.168.2.3
      Mar 26, 2024 13:46:50.658087969 CET53533551.1.1.1192.168.2.3
      Mar 26, 2024 13:46:51.317475080 CET53552861.1.1.1192.168.2.3
      Mar 26, 2024 13:46:52.378284931 CET6511053192.168.2.31.1.1.1
      Mar 26, 2024 13:46:52.378492117 CET5265153192.168.2.31.1.1.1
      Mar 26, 2024 13:46:53.389611959 CET4975153192.168.2.31.1.1.1
      Mar 26, 2024 13:46:53.390019894 CET5347953192.168.2.31.1.1.1
      Mar 26, 2024 13:46:53.825910091 CET53651101.1.1.1192.168.2.3
      Mar 26, 2024 13:46:53.827136040 CET53526511.1.1.1192.168.2.3
      Mar 26, 2024 13:46:54.572613955 CET53534791.1.1.1192.168.2.3
      Mar 26, 2024 13:46:54.790155888 CET53497511.1.1.1192.168.2.3
      Mar 26, 2024 13:46:54.916364908 CET5292953192.168.2.31.1.1.1
      Mar 26, 2024 13:46:54.916809082 CET5138653192.168.2.31.1.1.1
      Mar 26, 2024 13:46:55.011517048 CET53529291.1.1.1192.168.2.3
      Mar 26, 2024 13:46:55.012058973 CET53513861.1.1.1192.168.2.3
      Mar 26, 2024 13:47:09.125442028 CET53600911.1.1.1192.168.2.3
      Mar 26, 2024 13:47:29.217211008 CET53588711.1.1.1192.168.2.3
      Mar 26, 2024 13:47:48.521147966 CET138138192.168.2.3192.168.2.255
      Mar 26, 2024 13:47:50.433757067 CET53646521.1.1.1192.168.2.3
      Mar 26, 2024 13:47:53.423945904 CET53624361.1.1.1192.168.2.3
      TimestampSource IPDest IPChecksumCodeType
      Mar 26, 2024 13:46:54.572695971 CET192.168.2.31.1.1.1c235(Port unreachable)Destination Unreachable
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Mar 26, 2024 13:46:52.378284931 CET192.168.2.31.1.1.10x495dStandard query (0)bookedresults.my.idA (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:52.378492117 CET192.168.2.31.1.1.10xaa6bStandard query (0)bookedresults.my.id65IN (0x0001)false
      Mar 26, 2024 13:46:53.389611959 CET192.168.2.31.1.1.10xa1feStandard query (0)bookedresults.my.idA (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:53.390019894 CET192.168.2.31.1.1.10x208bStandard query (0)bookedresults.my.id65IN (0x0001)false
      Mar 26, 2024 13:46:54.916364908 CET192.168.2.31.1.1.10xaeeaStandard query (0)www.google.comA (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:54.916809082 CET192.168.2.31.1.1.10x2f7dStandard query (0)www.google.com65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Mar 26, 2024 13:46:53.825910091 CET1.1.1.1192.168.2.30x495dNo error (0)bookedresults.my.id69.49.230.198A (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:54.790155888 CET1.1.1.1192.168.2.30xa1feNo error (0)bookedresults.my.id69.49.230.198A (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:55.011517048 CET1.1.1.1192.168.2.30xaeeaNo error (0)www.google.com172.253.62.106A (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:55.011517048 CET1.1.1.1192.168.2.30xaeeaNo error (0)www.google.com172.253.62.105A (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:55.011517048 CET1.1.1.1192.168.2.30xaeeaNo error (0)www.google.com172.253.62.99A (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:55.011517048 CET1.1.1.1192.168.2.30xaeeaNo error (0)www.google.com172.253.62.147A (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:55.011517048 CET1.1.1.1192.168.2.30xaeeaNo error (0)www.google.com172.253.62.104A (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:55.011517048 CET1.1.1.1192.168.2.30xaeeaNo error (0)www.google.com172.253.62.103A (IP address)IN (0x0001)false
      Mar 26, 2024 13:46:55.012058973 CET1.1.1.1192.168.2.30x2f7dNo error (0)www.google.com65IN (0x0001)false
      Mar 26, 2024 13:47:06.375319958 CET1.1.1.1192.168.2.30xf4eeNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
      Mar 26, 2024 13:47:06.375319958 CET1.1.1.1192.168.2.30xf4eeNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
      • fs.microsoft.com
      • bookedresults.my.id
      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.34971669.49.230.198805720C:\Program Files\Google\Chrome\Application\chrome.exe
      TimestampBytes transferredDirectionData
      Mar 26, 2024 13:46:53.940349102 CET434OUTGET / HTTP/1.1
      Host: bookedresults.my.id
      Connection: keep-alive
      Upgrade-Insecure-Requests: 1
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US,en;q=0.9
      Mar 26, 2024 13:46:54.051178932 CET248INHTTP/1.1 200 OK
      Date: Tue, 26 Mar 2024 12:46:53 GMT
      Server: Apache
      Last-Modified: Wed, 17 Jan 2024 13:02:08 GMT
      Accept-Ranges: bytes
      Content-Length: 8
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: text/html
      Data Raw: 6e 61 73 61 2e 67 6f 76
      Data Ascii: nasa.gov
      Mar 26, 2024 13:46:54.181761980 CET382OUTGET /favicon.ico HTTP/1.1
      Host: bookedresults.my.id
      Connection: keep-alive
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
      Referer: http://bookedresults.my.id/
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US,en;q=0.9
      Mar 26, 2024 13:46:54.292471886 CET515INHTTP/1.1 404 Not Found
      Date: Tue, 26 Mar 2024 12:46:53 GMT
      Server: Apache
      Content-Length: 315
      Keep-Alive: timeout=5, max=99
      Connection: Keep-Alive
      Content-Type: text/html; charset=iso-8859-1
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      1192.168.2.34971769.49.230.198805720C:\Program Files\Google\Chrome\Application\chrome.exe
      TimestampBytes transferredDirectionData
      Mar 26, 2024 13:47:38.950655937 CET6OUTData Raw: 00
      Data Ascii:


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.34972023.221.242.90443
      TimestampBytes transferredDirectionData
      2024-03-26 12:46:56 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.8
      Host: fs.microsoft.com
      2024-03-26 12:46:56 UTC467INHTTP/1.1 200 OK
      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
      Content-Type: application/octet-stream
      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
      Server: ECAcc (chd/073D)
      X-CID: 11
      X-Ms-ApiVersion: Distribute 1.2
      X-Ms-Region: prod-weu-z1
      Cache-Control: public, max-age=152226
      Date: Tue, 26 Mar 2024 12:46:56 GMT
      Connection: close
      X-CID: 2


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      1192.168.2.34972123.221.242.90443
      TimestampBytes transferredDirectionData
      2024-03-26 12:46:56 UTC239OUTGET /fs/windows/config.json HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
      Range: bytes=0-2147483646
      User-Agent: Microsoft BITS/7.8
      Host: fs.microsoft.com
      2024-03-26 12:46:57 UTC774INHTTP/1.1 200 OK
      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
      ApiVersion: Distribute 1.1
      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
      X-CID: 7
      X-CCC: US
      X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z
      X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z
      Content-Type: application/octet-stream
      X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
      Cache-Control: public, max-age=152267
      Date: Tue, 26 Mar 2024 12:46:57 GMT
      Content-Length: 55
      Connection: close
      X-CID: 2
      2024-03-26 12:46:57 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


      020406080s020406080100

      Click to jump to process

      020406080s0.0050100MB

      Click to jump to process

      Target ID:2
      Start time:13:46:44
      Start date:26/03/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff7c89f0000
      File size:3'242'272 bytes
      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:4
      Start time:13:46:47
      Start date:26/03/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2520,i,15045789949889070593,12427848774781699257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Imagebase:0x7ff7c89f0000
      File size:3'242'272 bytes
      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:5
      Start time:13:46:49
      Start date:26/03/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bookedresults.my.id"
      Imagebase:0x7ff7c89f0000
      File size:3'242'272 bytes
      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      No disassembly