Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=1

Overview

General Information

Sample URL:https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=1
Analysis ID:1499559
Infos:

Detection

Score:20
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)
Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1792,i,5755880963095518564,8690954646798419763,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=1" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://mzstatic.comMatcher: Template: apple matched with high similarity
Source: https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=1HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.4:50714 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficDNS traffic detected: DNS query: s.mzstatic.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 50718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: classification engineClassification label: sus20.phis.win@16/5@6/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1792,i,5755880963095518564,8690954646798419763,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1792,i,5755880963095518564,8690954646798419763,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1499559 URL: https://s.mzstatic.com/emai... Startdate: 27/08/2024 Architecture: WINDOWS Score: 20 24 Phishing site detected (based on favicon image match) 2->24 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49672 unknown unknown 6->14 16 192.168.2.7 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 www.google.com 142.250.185.132, 443, 49739, 50718 GOOGLEUS United States 11->20 22 s.mzstatic.com 11->22

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=10%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.185.132
truefalse
    		unknown
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalse
      		unknown
      s.mzstatic.com
      		unknown
      		unknownfalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        142.250.185.132
        		www.google.comUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.7
        192.168.2.4

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1499559
        Start date and time:2024-08-27 07:55:05 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 3m 17s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=1
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:SUS
        Classification:sus20.phis.win@16/5@6/4
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.185.238, 142.250.110.84, 34.104.35.123, 2.19.224.19, 52.165.165.26, 93.184.221.240, 20.3.187.198, 192.229.221.95, 13.95.31.18, 131.107.255.255, 142.250.186.131
        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, dns.msftncsi.com, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, s.mzstatic.itunes-apple.com.akadns.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, e673.dsce9.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, mzstatic.com.edgekey.net, clients.l.google.com, s-mzstatic-applak.itunes-apple.com.akadns.net
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtSetInformationFile calls found.

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        Chrome Cache Entry: 42

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:downloaded
        Size (bytes):22382
        Entropy (8bit):1.7993121781592736
        Encrypted:false
        SSDEEP:48:sSY37LOM5M80I15CEARV/acnFNOpaF/vXE:sSw7LOekI1EE+fPOpaF30
        MD5:891E510219786F543CA998282ED99F45
        SHA1:19FE2FF6A2418BCB44B02308B998CEF84199EE08
        SHA-256:E4BDF72E2F803F7E19907C12F407AC7F7CD5F1F94BFD730B9BE24B0D49191B48
        SHA-512:E6729E7E1ED1909297317E249ADB7AF6C230B2A7082EA792C7776FA5037C8ED8AAF02BCC4015334B6C439732F965CE19291FFE863126D0C20BED9A0C89C4A95B
        Malicious:false
        Reputation:low
        URL:https://s.mzstatic.com/favicon.ico
        Preview:............ .h...6... .... .........@@.... .(B..F...(....... ..... ................................................................................................................................................................................X.......J......."...........................................V..............................................................................................X......................................................................................................................................................................................................................................................................................................................]...........................U.......................................4...........................v...........2...t.........................................................H...9...................................................................c..............................

        Chrome Cache Entry: 43

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text
        Category:downloaded
        Size (bytes):196
        Entropy (8bit):5.098952451791238
        Encrypted:false
        SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezocKqD:J0+oxBeRmR9etdzRxGez1T
        MD5:62962DAA1B19BBCC2DB10B7BFD531EA6
        SHA1:D64BAE91091EDA6A7532EBEC06AA70893B79E1F8
        SHA-256:80C3FE2AE1062ABF56456F52518BD670F9EC3917B7F85E152B347AC6B6FAF880
        SHA-512:9002A0475FDB38541E78048709006926655C726E93E823B84E2DBF5B53FD539A5342E7266447D23DB0E5528E27A19961B115B180C94F2272FF124C7E5C8304E7
        Malicious:false
        Reputation:low
        URL:"https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=1"
        Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.</body></html>.

        Chrome Cache Entry: 44

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):22382
        Entropy (8bit):1.7993121781592736
        Encrypted:false
        SSDEEP:48:sSY37LOM5M80I15CEARV/acnFNOpaF/vXE:sSw7LOekI1EE+fPOpaF30
        MD5:891E510219786F543CA998282ED99F45
        SHA1:19FE2FF6A2418BCB44B02308B998CEF84199EE08
        SHA-256:E4BDF72E2F803F7E19907C12F407AC7F7CD5F1F94BFD730B9BE24B0D49191B48
        SHA-512:E6729E7E1ED1909297317E249ADB7AF6C230B2A7082EA792C7776FA5037C8ED8AAF02BCC4015334B6C439732F965CE19291FFE863126D0C20BED9A0C89C4A95B
        Malicious:false
        Reputation:low
        Preview:............ .h...6... .... .........@@.... .(B..F...(....... ..... ................................................................................................................................................................................X.......J......."...........................................V..............................................................................................X......................................................................................................................................................................................................................................................................................................................]...........................U.......................................4...........................v...........2...t.........................................................H...9...................................................................c..............................

        Static File Info

        No static file info

        Network Behavior

        Download Network PCAP: filteredfull

        Network Port Distribution

        • Total Packets: 55
        • 443 (HTTPS)
        • 80 (HTTP)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Aug 27, 2024 07:55:53.044459105 CEST49675443192.168.2.4173.222.162.32
        Aug 27, 2024 07:56:02.653723955 CEST49675443192.168.2.4173.222.162.32
        Aug 27, 2024 07:56:12.652260065 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:12.652308941 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:12.652364016 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:12.653465986 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:12.653481007 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:13.304425955 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:13.304943085 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:13.304960012 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:13.306009054 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:13.306138039 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:13.307941914 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:13.308022022 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:13.356297016 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:13.356322050 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:13.402196884 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:14.909624100 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:14.909648895 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:14.909719944 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:14.921984911 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:14.922003031 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.580658913 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.580794096 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.591592073 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.591610909 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.591960907 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.636818886 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.663304090 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.704514980 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.717031956 CEST49672443192.168.2.4173.222.162.32
        Aug 27, 2024 07:56:15.717067003 CEST44349672173.222.162.32192.168.2.4
        Aug 27, 2024 07:56:15.855148077 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.855215073 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.855258942 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.859038115 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.859056950 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.859067917 CEST49740443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.859075069 CEST44349740184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.926906109 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.926934004 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:15.926994085 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.927285910 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:15.927300930 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:16.570698977 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:16.570882082 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:16.581837893 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:16.581856012 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:16.582190037 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:16.591938972 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:16.636495113 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:16.847409010 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:16.847515106 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:16.847656965 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:16.848298073 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:16.848311901 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:16.848323107 CEST49743443192.168.2.4184.28.90.27
        Aug 27, 2024 07:56:16.848329067 CEST44349743184.28.90.27192.168.2.4
        Aug 27, 2024 07:56:17.576076984 CEST4972380192.168.2.4199.232.214.172
        Aug 27, 2024 07:56:17.581182003 CEST8049723199.232.214.172192.168.2.4
        Aug 27, 2024 07:56:17.581229925 CEST4972380192.168.2.4199.232.214.172
        Aug 27, 2024 07:56:19.597485065 CEST5071453192.168.2.41.1.1.1
        Aug 27, 2024 07:56:19.602369070 CEST53507141.1.1.1192.168.2.4
        Aug 27, 2024 07:56:19.602511883 CEST5071453192.168.2.41.1.1.1
        Aug 27, 2024 07:56:19.602511883 CEST5071453192.168.2.41.1.1.1
        Aug 27, 2024 07:56:19.607434034 CEST53507141.1.1.1192.168.2.4
        Aug 27, 2024 07:56:20.044327974 CEST53507141.1.1.1192.168.2.4
        Aug 27, 2024 07:56:20.045181990 CEST5071453192.168.2.41.1.1.1
        Aug 27, 2024 07:56:20.050353050 CEST53507141.1.1.1192.168.2.4
        Aug 27, 2024 07:56:20.050529003 CEST5071453192.168.2.41.1.1.1
        Aug 27, 2024 07:56:23.267153978 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:23.267245054 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:56:23.267307997 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:23.567883968 CEST49739443192.168.2.4142.250.185.132
        Aug 27, 2024 07:56:23.567924023 CEST44349739142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:06.887903929 CEST4972480192.168.2.4199.232.214.172
        Aug 27, 2024 07:57:06.892992973 CEST8049724199.232.214.172192.168.2.4
        Aug 27, 2024 07:57:06.893069983 CEST4972480192.168.2.4199.232.214.172
        Aug 27, 2024 07:57:12.694989920 CEST50718443192.168.2.4142.250.185.132
        Aug 27, 2024 07:57:12.695024967 CEST44350718142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:12.695346117 CEST50718443192.168.2.4142.250.185.132
        Aug 27, 2024 07:57:12.695777893 CEST50718443192.168.2.4142.250.185.132
        Aug 27, 2024 07:57:12.695786953 CEST44350718142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:13.324433088 CEST44350718142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:13.324785948 CEST50718443192.168.2.4142.250.185.132
        Aug 27, 2024 07:57:13.324800014 CEST44350718142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:13.325114012 CEST44350718142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:13.328793049 CEST50718443192.168.2.4142.250.185.132
        Aug 27, 2024 07:57:13.328845978 CEST44350718142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:13.372119904 CEST50718443192.168.2.4142.250.185.132
        Aug 27, 2024 07:57:23.232141972 CEST44350718142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:23.232218981 CEST44350718142.250.185.132192.168.2.4
        Aug 27, 2024 07:57:23.232284069 CEST50718443192.168.2.4142.250.185.132
        Aug 27, 2024 07:57:23.358629942 CEST50718443192.168.2.4142.250.185.132
        Aug 27, 2024 07:57:23.358648062 CEST44350718142.250.185.132192.168.2.4
        TimestampSource PortDest PortSource IPDest IP
        Aug 27, 2024 07:56:08.374939919 CEST53515811.1.1.1192.168.2.4
        Aug 27, 2024 07:56:08.427818060 CEST53530121.1.1.1192.168.2.4
        Aug 27, 2024 07:56:09.466520071 CEST53638141.1.1.1192.168.2.4
        Aug 27, 2024 07:56:12.291770935 CEST5538053192.168.2.41.1.1.1
        Aug 27, 2024 07:56:12.294326067 CEST4920653192.168.2.41.1.1.1
        Aug 27, 2024 07:56:12.641079903 CEST6159853192.168.2.41.1.1.1
        Aug 27, 2024 07:56:12.641824007 CEST5808053192.168.2.41.1.1.1
        Aug 27, 2024 07:56:12.648016930 CEST53615981.1.1.1192.168.2.4
        Aug 27, 2024 07:56:12.649117947 CEST53580801.1.1.1192.168.2.4
        Aug 27, 2024 07:56:15.115952969 CEST5471153192.168.2.41.1.1.1
        Aug 27, 2024 07:56:15.116538048 CEST6449353192.168.2.41.1.1.1
        Aug 27, 2024 07:56:18.379647970 CEST138138192.168.2.4192.168.2.255
        Aug 27, 2024 07:56:19.597035885 CEST53525521.1.1.1192.168.2.4
        Aug 27, 2024 07:56:26.538810015 CEST53510701.1.1.1192.168.2.4
        Aug 27, 2024 07:56:45.674195051 CEST53621191.1.1.1192.168.2.4
        Aug 27, 2024 07:57:08.145251036 CEST53654521.1.1.1192.168.2.4
        Aug 27, 2024 07:57:08.272103071 CEST53642701.1.1.1192.168.2.4

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Aug 27, 2024 07:56:12.291770935 CEST192.168.2.41.1.1.10xcd55Standard query (0)s.mzstatic.comA (IP address)IN (0x0001)false
        Aug 27, 2024 07:56:12.294326067 CEST192.168.2.41.1.1.10x1499Standard query (0)s.mzstatic.com65IN (0x0001)false
        Aug 27, 2024 07:56:12.641079903 CEST192.168.2.41.1.1.10xd908Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Aug 27, 2024 07:56:12.641824007 CEST192.168.2.41.1.1.10xa9d6Standard query (0)www.google.com65IN (0x0001)false
        Aug 27, 2024 07:56:15.115952969 CEST192.168.2.41.1.1.10xd4b6Standard query (0)s.mzstatic.comA (IP address)IN (0x0001)false
        Aug 27, 2024 07:56:15.116538048 CEST192.168.2.41.1.1.10x2498Standard query (0)s.mzstatic.com65IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Aug 27, 2024 07:56:12.298964977 CEST1.1.1.1192.168.2.40xcd55No error (0)s.mzstatic.coms.mzstatic.itunes-apple.com.akadns.netCNAME (Canonical name)IN (0x0001)false
        Aug 27, 2024 07:56:12.301318884 CEST1.1.1.1192.168.2.40x1499No error (0)s.mzstatic.coms.mzstatic.itunes-apple.com.akadns.netCNAME (Canonical name)IN (0x0001)false
        Aug 27, 2024 07:56:12.648016930 CEST1.1.1.1192.168.2.40xd908No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
        Aug 27, 2024 07:56:12.649117947 CEST1.1.1.1192.168.2.40xa9d6No error (0)www.google.com65IN (0x0001)false
        Aug 27, 2024 07:56:15.123167038 CEST1.1.1.1192.168.2.40x2498No error (0)s.mzstatic.coms.mzstatic.itunes-apple.com.akadns.netCNAME (Canonical name)IN (0x0001)false
        Aug 27, 2024 07:56:15.123311996 CEST1.1.1.1192.168.2.40xd4b6No error (0)s.mzstatic.coms.mzstatic.itunes-apple.com.akadns.netCNAME (Canonical name)IN (0x0001)false
        Aug 27, 2024 07:56:18.757359028 CEST1.1.1.1192.168.2.40xb2a6No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
        Aug 27, 2024 07:56:18.757359028 CEST1.1.1.1192.168.2.40xb2a6No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

        HTTP Request Dependency Graph

        • fs.microsoft.com

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.449740184.28.90.27443
        TimestampBytes transferredDirectionData
        2024-08-27 05:56:15 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        Accept-Encoding: identity
        User-Agent: Microsoft BITS/7.8
        Host: fs.microsoft.com
        2024-08-27 05:56:15 UTC467INHTTP/1.1 200 OK
        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
        Content-Type: application/octet-stream
        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
        Server: ECAcc (lpl/EF17)
        X-CID: 11
        X-Ms-ApiVersion: Distribute 1.2
        X-Ms-Region: prod-weu-z1
        Cache-Control: public, max-age=121451
        Date: Tue, 27 Aug 2024 05:56:15 GMT
        Connection: close
        X-CID: 2


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        1192.168.2.449743184.28.90.27443
        TimestampBytes transferredDirectionData
        2024-08-27 05:56:16 UTC239OUTGET /fs/windows/config.json HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        Accept-Encoding: identity
        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
        Range: bytes=0-2147483646
        User-Agent: Microsoft BITS/7.8
        Host: fs.microsoft.com
        2024-08-27 05:56:16 UTC515INHTTP/1.1 200 OK
        ApiVersion: Distribute 1.1
        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
        Content-Type: application/octet-stream
        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
        Server: ECAcc (lpl/EF06)
        X-CID: 11
        X-Ms-ApiVersion: Distribute 1.2
        X-Ms-Region: prod-weu-z1
        Cache-Control: public, max-age=125364
        Date: Tue, 27 Aug 2024 05:56:16 GMT
        Content-Length: 55
        Connection: close
        X-CID: 2
        2024-08-27 05:56:16 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


        Statistics

        CPU Usage

        020406080s020406080100

        Click to jump to process

        Memory Usage

        020406080s0.0050100MB

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:01:55:59
        Start date:27/08/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false
        Show Windows behavior

        File Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Process Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Memory Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Process Token Activities


        General

        Target ID:2
        Start time:01:56:06
        Start date:27/08/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1792,i,5755880963095518564,8690954646798419763,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false
        Show Windows behavior

        File Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Memory Activities


        General

        Target ID:3
        Start time:01:56:11
        Start date:27/08/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.mzstatic.com/email/images_shared/logo_apple_d-2x.png&c=E,1,PBxpnjksu10sE2Vqq24nwHnBCNrZFxUSolGTh_fWuasaVbCMU96kCAINjDrvTHU3q6IZY_5wUh98_tNBfhmzyPu7cnwvU1-MdKDUKxG1Mw3u&typo=1"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        Disassembly

        No disassembly