Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com

Overview

General Information

Sample URL:http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
Analysis ID:1467856
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2072,i,15704371148535401124,780192053816740934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comAvira URL Cloud: detection malicious, Label: malware
Antivirus detection for URL or domain
Source: http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/favicon.icoAvira URL Cloud: Label: malware
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.18
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.18
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: classification engineClassification label: mal56.win@16/5@6/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2072,i,15704371148535401124,780192053816740934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2072,i,15704371148535401124,780192053816740934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com100%Avira URL Cloudmalware

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/favicon.ico100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com
    		3.248.33.252
    		truefalse
      		unknown
      www.google.com
      		142.250.185.100
      		truefalse
        		unknown
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		unknown
          ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
          		unknown
          		unknownfalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/favicon.icotrue
            • Avira URL Cloud: malware
            		unknown
            http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/true
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              3.248.33.252
              		PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.comUnited States
              		16509AMAZON-02USfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              142.250.185.100
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.4

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1467856
              Start date and time:2024-07-04 22:48:12 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 2m 53s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:9
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal56.win@16/5@6/4

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.185.67, 216.58.206.78, 142.250.110.84, 34.104.35.123, 20.12.23.50, 199.232.210.172, 192.229.221.95, 52.165.164.15, 13.95.31.18, 142.250.181.227
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.
              • VT rate limit hit for: http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com

              Simulations

              Behavior and APIs

              No simulations

              LLM Input / Output

              InputOutput
              URL: http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/ Model: Perplexity: mixtral-8x7b-instruct
              {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title 'ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com' does not contain any explicit request for sensitive information, hence no login form is present.","The text 'wfvcx6x68 ztq6kSowu 78 w2zjj gigz' does not create a sense of urgency or interest.","There is no CAPTCHA or anti-robot detection mechanism present in the webpage."]}
              Title: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com OCR: wfvcx6x68 ztq6kSowu 78 w2zjj gigz

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Chrome Cache Entry: 41

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):55
              Entropy (8bit):4.608099258743189
              Encrypted:false
              SSDEEP:3:qVZqTTGdPAxuyCDZcKa:qzUKd4cu
              MD5:9016DD1F1059B6CA63F5BF75FCFB2C34
              SHA1:AD80BE5F02421D382EC0552BCD6A14BF9558F7E2
              SHA-256:426C1A86AEC88F0CD25E38B0487913AAECC941C3D7EB1EB5908537817C06E26A
              SHA-512:72BFEC2E1F62ADD0C3CE195CEEE9BC73D7F721F8EEB13BBDD69D19A27E87CC13702FC2FC70455032621FFF5D7AE5840CD320B6DA5DC3FEEFDC8D18DBCBDCD8C6
              Malicious:false
              Reputation:low
              URL:http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/
              Preview:<html><body>wfvcx6x68ztq6k8owu78w2zjjgigz</body></html>

              Chrome Cache Entry: 42

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):84
              Entropy (8bit):4.6061376606679545
              Encrypted:false
              SSDEEP:3:qVZqTTGdPAxuyCDwoAxuyCDZcKa:qzUKd4T5cu
              MD5:5BCAC5BA4CC9FE8ED9C340958265B22E
              SHA1:F0B9B51078DA4EFC8E6F42FAA648A44B06395647
              SHA-256:E36DE8BE3A836C9653FF1527639B00A06CE686DF445144E138C4E000691BAB08
              SHA-512:6AEA376FCA7641722FCFE0BE6FF01C49D69760774F8EA0249EDBB05129F45AA882F64A8A12D3600D97EEA949FFA372181EAA3B656D4AED1BA0C7D784D7C0C1AD
              Malicious:false
              Reputation:low
              URL:http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/favicon.ico
              Preview:<html><body>wfvcx6x68ztq6k8owu78w2zjjgigzwfvcx6x68ztq6k8owu78w2zjjgigz</body></html>

              Chrome Cache Entry: 43

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with no line terminators
              Category:dropped
              Size (bytes):55
              Entropy (8bit):4.608099258743189
              Encrypted:false
              SSDEEP:3:qVZqTTGdPAxuyCDZcKa:qzUKd4cu
              MD5:9016DD1F1059B6CA63F5BF75FCFB2C34
              SHA1:AD80BE5F02421D382EC0552BCD6A14BF9558F7E2
              SHA-256:426C1A86AEC88F0CD25E38B0487913AAECC941C3D7EB1EB5908537817C06E26A
              SHA-512:72BFEC2E1F62ADD0C3CE195CEEE9BC73D7F721F8EEB13BBDD69D19A27E87CC13702FC2FC70455032621FFF5D7AE5840CD320B6DA5DC3FEEFDC8D18DBCBDCD8C6
              Malicious:false
              Reputation:low
              Preview:<html><body>wfvcx6x68ztq6k8owu78w2zjjgigz</body></html>

              Static File Info

              No static file info

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jul 4, 2024 22:48:54.916831017 CEST49678443192.168.2.4104.46.162.224
              Jul 4, 2024 22:48:56.135577917 CEST49675443192.168.2.4173.222.162.32
              Jul 4, 2024 22:49:05.218965054 CEST4973580192.168.2.43.248.33.252
              Jul 4, 2024 22:49:05.219233036 CEST4973680192.168.2.43.248.33.252
              Jul 4, 2024 22:49:05.223720074 CEST80497353.248.33.252192.168.2.4
              Jul 4, 2024 22:49:05.223944902 CEST80497363.248.33.252192.168.2.4
              Jul 4, 2024 22:49:05.224026918 CEST4973580192.168.2.43.248.33.252
              Jul 4, 2024 22:49:05.224205017 CEST4973680192.168.2.43.248.33.252
              Jul 4, 2024 22:49:05.224205017 CEST4973580192.168.2.43.248.33.252
              Jul 4, 2024 22:49:05.228964090 CEST80497353.248.33.252192.168.2.4
              Jul 4, 2024 22:49:05.744767904 CEST49675443192.168.2.4173.222.162.32
              Jul 4, 2024 22:49:05.849631071 CEST80497353.248.33.252192.168.2.4
              Jul 4, 2024 22:49:05.849915028 CEST80497353.248.33.252192.168.2.4
              Jul 4, 2024 22:49:05.850583076 CEST4973580192.168.2.43.248.33.252
              Jul 4, 2024 22:49:05.919838905 CEST4973580192.168.2.43.248.33.252
              Jul 4, 2024 22:49:05.919981956 CEST4973680192.168.2.43.248.33.252
              Jul 4, 2024 22:49:05.927818060 CEST80497353.248.33.252192.168.2.4
              Jul 4, 2024 22:49:05.927944899 CEST80497363.248.33.252192.168.2.4
              Jul 4, 2024 22:49:06.100934982 CEST80497363.248.33.252192.168.2.4
              Jul 4, 2024 22:49:06.101202011 CEST80497363.248.33.252192.168.2.4
              Jul 4, 2024 22:49:06.101252079 CEST4973680192.168.2.43.248.33.252
              Jul 4, 2024 22:49:06.102153063 CEST4973680192.168.2.43.248.33.252
              Jul 4, 2024 22:49:06.106910944 CEST80497363.248.33.252192.168.2.4
              Jul 4, 2024 22:49:06.170509100 CEST4973880192.168.2.43.248.33.252
              Jul 4, 2024 22:49:06.178752899 CEST80497383.248.33.252192.168.2.4
              Jul 4, 2024 22:49:06.178836107 CEST4973880192.168.2.43.248.33.252
              Jul 4, 2024 22:49:06.179209948 CEST4973880192.168.2.43.248.33.252
              Jul 4, 2024 22:49:06.187509060 CEST80497383.248.33.252192.168.2.4
              Jul 4, 2024 22:49:06.824584007 CEST80497383.248.33.252192.168.2.4
              Jul 4, 2024 22:49:06.824696064 CEST80497383.248.33.252192.168.2.4
              Jul 4, 2024 22:49:06.824743986 CEST4973880192.168.2.43.248.33.252
              Jul 4, 2024 22:49:06.841741085 CEST4973880192.168.2.43.248.33.252
              Jul 4, 2024 22:49:06.846482992 CEST80497383.248.33.252192.168.2.4
              Jul 4, 2024 22:49:07.830931902 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:07.830980062 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:07.831048965 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:07.834008932 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:07.834022999 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:08.440041065 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:08.440090895 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:08.440227032 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:08.442461967 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:08.442475080 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:08.487251997 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:08.487642050 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:08.487669945 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:08.488547087 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:08.488652945 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:08.489998102 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:08.490061998 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:08.540563107 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:08.540575981 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:08.587258101 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:09.128022909 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.128108025 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.137598038 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.137612104 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.138000011 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.180998087 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.424654961 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.468545914 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.616874933 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.616995096 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.617048979 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.617233992 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.617259979 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.617275000 CEST49742443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.617280960 CEST44349742184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.675734997 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.675786972 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:09.675853968 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.676707983 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:09.676722050 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:10.347722054 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:10.347809076 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:10.348990917 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:10.349001884 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:10.349325895 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:10.350378036 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:10.396497011 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:10.652287960 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:10.652367115 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:10.660401106 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:10.669441938 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:10.669461966 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:10.669503927 CEST49743443192.168.2.4184.28.90.27
              Jul 4, 2024 22:49:10.669509888 CEST44349743184.28.90.27192.168.2.4
              Jul 4, 2024 22:49:18.396291971 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:18.396358013 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:18.396416903 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:20.091801882 CEST49741443192.168.2.4142.250.185.100
              Jul 4, 2024 22:49:20.091825008 CEST44349741142.250.185.100192.168.2.4
              Jul 4, 2024 22:49:39.630053043 CEST8049724217.20.57.18192.168.2.4
              Jul 4, 2024 22:49:39.630233049 CEST4972480192.168.2.4217.20.57.18
              Jul 4, 2024 22:49:39.634613991 CEST4972480192.168.2.4217.20.57.18
              Jul 4, 2024 22:49:39.639436960 CEST8049724217.20.57.18192.168.2.4
              Jul 4, 2024 22:50:07.911686897 CEST49752443192.168.2.4142.250.185.100
              Jul 4, 2024 22:50:07.911744118 CEST44349752142.250.185.100192.168.2.4
              Jul 4, 2024 22:50:07.912587881 CEST49752443192.168.2.4142.250.185.100
              Jul 4, 2024 22:50:07.913095951 CEST49752443192.168.2.4142.250.185.100
              Jul 4, 2024 22:50:07.913113117 CEST44349752142.250.185.100192.168.2.4
              Jul 4, 2024 22:50:08.564912081 CEST44349752142.250.185.100192.168.2.4
              Jul 4, 2024 22:50:08.565179110 CEST49752443192.168.2.4142.250.185.100
              Jul 4, 2024 22:50:08.565203905 CEST44349752142.250.185.100192.168.2.4
              Jul 4, 2024 22:50:08.565483093 CEST44349752142.250.185.100192.168.2.4
              Jul 4, 2024 22:50:08.565830946 CEST49752443192.168.2.4142.250.185.100
              Jul 4, 2024 22:50:08.565882921 CEST44349752142.250.185.100192.168.2.4
              Jul 4, 2024 22:50:08.618803024 CEST49752443192.168.2.4142.250.185.100
              Jul 4, 2024 22:50:13.868722916 CEST4972380192.168.2.42.19.126.163
              Jul 4, 2024 22:50:14.181046009 CEST4972380192.168.2.42.19.126.163
              Jul 4, 2024 22:50:14.297488928 CEST80497232.19.126.163192.168.2.4
              Jul 4, 2024 22:50:14.297867060 CEST80497232.19.126.163192.168.2.4
              Jul 4, 2024 22:50:14.297909975 CEST4972380192.168.2.42.19.126.163
              Jul 4, 2024 22:50:18.780929089 CEST44349752142.250.185.100192.168.2.4
              Jul 4, 2024 22:50:18.780993938 CEST44349752142.250.185.100192.168.2.4
              Jul 4, 2024 22:50:18.781205893 CEST49752443192.168.2.4142.250.185.100
              Jul 4, 2024 22:50:20.090054989 CEST49752443192.168.2.4142.250.185.100
              Jul 4, 2024 22:50:20.090089083 CEST44349752142.250.185.100192.168.2.4

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jul 4, 2024 22:49:03.888993025 CEST53640191.1.1.1192.168.2.4
              Jul 4, 2024 22:49:03.895545006 CEST53587441.1.1.1192.168.2.4
              Jul 4, 2024 22:49:05.181539059 CEST6183353192.168.2.41.1.1.1
              Jul 4, 2024 22:49:05.181701899 CEST6156253192.168.2.41.1.1.1
              Jul 4, 2024 22:49:05.217438936 CEST53618331.1.1.1192.168.2.4
              Jul 4, 2024 22:49:05.218224049 CEST53615621.1.1.1192.168.2.4
              Jul 4, 2024 22:49:05.465945005 CEST53522171.1.1.1192.168.2.4
              Jul 4, 2024 22:49:06.119944096 CEST6105653192.168.2.41.1.1.1
              Jul 4, 2024 22:49:06.120080948 CEST6222453192.168.2.41.1.1.1
              Jul 4, 2024 22:49:06.167972088 CEST53610561.1.1.1192.168.2.4
              Jul 4, 2024 22:49:06.168113947 CEST53622241.1.1.1192.168.2.4
              Jul 4, 2024 22:49:07.812999964 CEST5788753192.168.2.41.1.1.1
              Jul 4, 2024 22:49:07.813082933 CEST5247053192.168.2.41.1.1.1
              Jul 4, 2024 22:49:07.819891930 CEST53524701.1.1.1192.168.2.4
              Jul 4, 2024 22:49:07.820296049 CEST53578871.1.1.1192.168.2.4
              Jul 4, 2024 22:49:22.695502996 CEST53518051.1.1.1192.168.2.4
              Jul 4, 2024 22:49:25.436721087 CEST138138192.168.2.4192.168.2.255
              Jul 4, 2024 22:49:41.687381029 CEST53630321.1.1.1192.168.2.4
              Jul 4, 2024 22:50:03.581209898 CEST53637991.1.1.1192.168.2.4
              Jul 4, 2024 22:50:04.636687994 CEST53551471.1.1.1192.168.2.4

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Jul 4, 2024 22:49:05.181539059 CEST192.168.2.41.1.1.10xe358Standard query (0)ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comA (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:05.181701899 CEST192.168.2.41.1.1.10x7309Standard query (0)ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com65IN (0x0001)false
              Jul 4, 2024 22:49:06.119944096 CEST192.168.2.41.1.1.10x736eStandard query (0)ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comA (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:06.120080948 CEST192.168.2.41.1.1.10xbc35Standard query (0)ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com65IN (0x0001)false
              Jul 4, 2024 22:49:07.812999964 CEST192.168.2.41.1.1.10x6073Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:07.813082933 CEST192.168.2.41.1.1.10x2611Standard query (0)www.google.com65IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jul 4, 2024 22:49:05.217438936 CEST1.1.1.1192.168.2.40xe358No error (0)ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comPublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Jul 4, 2024 22:49:05.217438936 CEST1.1.1.1192.168.2.40xe358No error (0)PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com3.248.33.252A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:05.217438936 CEST1.1.1.1192.168.2.40xe358No error (0)PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com54.77.139.23A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:05.218224049 CEST1.1.1.1192.168.2.40x7309No error (0)ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comPublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Jul 4, 2024 22:49:06.167972088 CEST1.1.1.1192.168.2.40x736eNo error (0)ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comPublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Jul 4, 2024 22:49:06.167972088 CEST1.1.1.1192.168.2.40x736eNo error (0)PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com3.248.33.252A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:06.167972088 CEST1.1.1.1192.168.2.40x736eNo error (0)PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com54.77.139.23A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:06.168113947 CEST1.1.1.1192.168.2.40xbc35No error (0)ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comPublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Jul 4, 2024 22:49:07.819891930 CEST1.1.1.1192.168.2.40x2611No error (0)www.google.com65IN (0x0001)false
              Jul 4, 2024 22:49:07.820296049 CEST1.1.1.1192.168.2.40x6073No error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:19.369026899 CEST1.1.1.1192.168.2.40xd333No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:19.369026899 CEST1.1.1.1192.168.2.40xd333No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:19.970189095 CEST1.1.1.1192.168.2.40x5bf3No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jul 4, 2024 22:49:19.970189095 CEST1.1.1.1192.168.2.40x5bf3No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:32.908307076 CEST1.1.1.1192.168.2.40x7df6No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jul 4, 2024 22:49:32.908307076 CEST1.1.1.1192.168.2.40x7df6No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              Jul 4, 2024 22:49:56.769762993 CEST1.1.1.1192.168.2.40xecd8No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jul 4, 2024 22:49:56.769762993 CEST1.1.1.1192.168.2.40xecd8No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              Jul 4, 2024 22:50:17.007587910 CEST1.1.1.1192.168.2.40xe47No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jul 4, 2024 22:50:17.007587910 CEST1.1.1.1192.168.2.40xe47No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • fs.microsoft.com
              • ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.4497353.248.33.252805496C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Jul 4, 2024 22:49:05.224205017 CEST459OUTGET / HTTP/1.1
              Host: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Jul 4, 2024 22:49:05.849631071 CEST203INHTTP/1.1 200 OK
              Server: Burp Collaborator https://burpcollaborator.net/
              X-Collaborator-Version: 4
              Content-Type: text/html
              Content-Length: 55
              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 77 66 76 63 78 36 78 36 38 7a 74 71 36 6b 38 6f 77 75 37 38 77 32 7a 6a 6a 67 69 67 7a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
              Data Ascii: <html><body>wfvcx6x68ztq6k8owu78w2zjjgigz</body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.4497363.248.33.252805496C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Jul 4, 2024 22:49:05.919981956 CEST432OUTGET /favicon.ico HTTP/1.1
              Host: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Referer: http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com/
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Jul 4, 2024 22:49:06.100934982 CEST232INHTTP/1.1 200 OK
              Server: Burp Collaborator https://burpcollaborator.net/
              X-Collaborator-Version: 4
              Content-Type: text/html
              Content-Length: 84
              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 77 66 76 63 78 36 78 36 38 7a 74 71 36 6b 38 6f 77 75 37 38 77 32 7a 6a 6a 67 69 67 7a 77 66 76 63 78 36 78 36 38 7a 74 71 36 6b 38 6f 77 75 37 38 77 32 7a 6a 6a 67 69 67 7a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
              Data Ascii: <html><body>wfvcx6x68ztq6k8owu78w2zjjgigzwfvcx6x68ztq6k8owu78w2zjjgigz</body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.4497383.248.33.252805496C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Jul 4, 2024 22:49:06.179209948 CEST308OUTGET /favicon.ico HTTP/1.1
              Host: ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Jul 4, 2024 22:49:06.824584007 CEST203INHTTP/1.1 200 OK
              Server: Burp Collaborator https://burpcollaborator.net/
              X-Collaborator-Version: 4
              Content-Type: text/html
              Content-Length: 55
              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 77 66 76 63 78 36 78 36 38 7a 74 71 36 6b 38 6f 77 75 37 38 77 32 7a 6a 6a 67 69 67 7a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
              Data Ascii: <html><body>wfvcx6x68ztq6k8owu78w2zjjgigz</body></html>


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.449742184.28.90.27443
              TimestampBytes transferredDirectionData
              2024-07-04 20:49:09 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-07-04 20:49:09 UTC466INHTTP/1.1 200 OK
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              Content-Type: application/octet-stream
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              Server: ECAcc (chd/0758)
              X-CID: 11
              X-Ms-ApiVersion: Distribute 1.2
              X-Ms-Region: prod-eus-z1
              Cache-Control: public, max-age=36893
              Date: Thu, 04 Jul 2024 20:49:09 GMT
              Connection: close
              X-CID: 2


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.449743184.28.90.27443
              TimestampBytes transferredDirectionData
              2024-07-04 20:49:10 UTC239OUTGET /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
              Range: bytes=0-2147483646
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-07-04 20:49:10 UTC514INHTTP/1.1 200 OK
              ApiVersion: Distribute 1.1
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              Content-Type: application/octet-stream
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              Server: ECAcc (lpl/EF06)
              X-CID: 11
              X-Ms-ApiVersion: Distribute 1.2
              X-Ms-Region: prod-weu-z1
              Cache-Control: public, max-age=36913
              Date: Thu, 04 Jul 2024 20:49:10 GMT
              Content-Length: 55
              Connection: close
              X-CID: 2
              2024-07-04 20:49:10 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:16:48:58
              Start date:04/07/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:2
              Start time:16:49:02
              Start date:04/07/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2072,i,15704371148535401124,780192053816740934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:3
              Start time:16:49:04
              Start date:04/07/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.com"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly