Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://lightsourcebp.com

Overview

General Information

Sample URL:http://lightsourcebp.com
Analysis ID:1522612
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1880,i,11319549537416333260,14284668568687561168,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://lightsourcebp.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://lightsourcebp.com/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.4:49526 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.4:60263 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: lightsourcebp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lightsourcebp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lightsourcebp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DO-LB="Cg8xMC4xMzEuMzkuODE6ODAQxJSIBg=="
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lightsourcebp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DO-LB="Cg8xMC4xMzEuMzkuODE6ODAQxJSIBg=="
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: lightsourcebp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: lightsourcebp.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: sets.json.0.drString found in binary or memory: https://07c225f3.online
Source: sets.json.0.drString found in binary or memory: https://24.hu
Source: sets.json.0.drString found in binary or memory: https://aajtak.in
Source: sets.json.0.drString found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.drString found in binary or memory: https://alice.tw
Source: sets.json.0.drString found in binary or memory: https://ambitionbox.com
Source: sets.json.0.drString found in binary or memory: https://autobild.de
Source: sets.json.0.drString found in binary or memory: https://baomoi.com
Source: sets.json.0.drString found in binary or memory: https://bild.de
Source: sets.json.0.drString found in binary or memory: https://blackrock.com
Source: sets.json.0.drString found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.drString found in binary or memory: https://bluradio.com
Source: sets.json.0.drString found in binary or memory: https://bolasport.com
Source: sets.json.0.drString found in binary or memory: https://bonvivir.com
Source: sets.json.0.drString found in binary or memory: https://bumbox.com
Source: sets.json.0.drString found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.drString found in binary or memory: https://businesstoday.in
Source: sets.json.0.drString found in binary or memory: https://cachematrix.com
Source: sets.json.0.drString found in binary or memory: https://cafemedia.com
Source: sets.json.0.drString found in binary or memory: https://caracoltv.com
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.drString found in binary or memory: https://cardsayings.net
Source: sets.json.0.drString found in binary or memory: https://chatbot.com
Source: sets.json.0.drString found in binary or memory: https://chennien.com
Source: sets.json.0.drString found in binary or memory: https://citybibleforum.org
Source: sets.json.0.drString found in binary or memory: https://clarosports.com
Source: sets.json.0.drString found in binary or memory: https://clmbtech.com
Source: sets.json.0.drString found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.drString found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.drString found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.drString found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.drString found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.drString found in binary or memory: https://commentcamarche.com
Source: sets.json.0.drString found in binary or memory: https://commentcamarche.net
Source: sets.json.0.drString found in binary or memory: https://computerbild.de
Source: sets.json.0.drString found in binary or memory: https://content-loader.com
Source: sets.json.0.drString found in binary or memory: https://cookreactor.com
Source: sets.json.0.drString found in binary or memory: https://cricbuzz.com
Source: sets.json.0.drString found in binary or memory: https://css-load.com
Source: sets.json.0.drString found in binary or memory: https://deccoria.pl
Source: sets.json.0.drString found in binary or memory: https://deere.com
Source: sets.json.0.drString found in binary or memory: https://desimartini.com
Source: sets.json.0.drString found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.drString found in binary or memory: https://drimer.io
Source: sets.json.0.drString found in binary or memory: https://drimer.travel
Source: sets.json.0.drString found in binary or memory: https://economictimes.com
Source: sets.json.0.drString found in binary or memory: https://een.be
Source: sets.json.0.drString found in binary or memory: https://efront.com
Source: sets.json.0.drString found in binary or memory: https://eleconomista.net
Source: sets.json.0.drString found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.drString found in binary or memory: https://elgrafico.com
Source: sets.json.0.drString found in binary or memory: https://ella.sv
Source: sets.json.0.drString found in binary or memory: https://elpais.com.uy
Source: sets.json.0.drString found in binary or memory: https://elpais.uy
Source: sets.json.0.drString found in binary or memory: https://etfacademy.it
Source: sets.json.0.drString found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.drString found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.drString found in binary or memory: https://fakt.pl
Source: sets.json.0.drString found in binary or memory: https://finn.no
Source: sets.json.0.drString found in binary or memory: https://firstlook.biz
Source: sets.json.0.drString found in binary or memory: https://gallito.com.uy
Source: sets.json.0.drString found in binary or memory: https://geforcenow.com
Source: sets.json.0.drString found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.drString found in binary or memory: https://gliadomain.com
Source: sets.json.0.drString found in binary or memory: https://gnttv.com
Source: sets.json.0.drString found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.drString found in binary or memory: https://grid.id
Source: sets.json.0.drString found in binary or memory: https://gridgames.app
Source: sets.json.0.drString found in binary or memory: https://growthrx.in
Source: sets.json.0.drString found in binary or memory: https://grupolpg.sv
Source: sets.json.0.drString found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.drString found in binary or memory: https://hapara.com
Source: sets.json.0.drString found in binary or memory: https://hazipatika.com
Source: sets.json.0.drString found in binary or memory: https://hc1.com
Source: sets.json.0.drString found in binary or memory: https://hc1.global
Source: sets.json.0.drString found in binary or memory: https://hc1cas.com
Source: sets.json.0.drString found in binary or memory: https://hc1cas.global
Source: sets.json.0.drString found in binary or memory: https://healthshots.com
Source: sets.json.0.drString found in binary or memory: https://hearty.app
Source: sets.json.0.drString found in binary or memory: https://hearty.gift
Source: sets.json.0.drString found in binary or memory: https://hearty.me
Source: sets.json.0.drString found in binary or memory: https://heartymail.com
Source: sets.json.0.drString found in binary or memory: https://heatworld.com
Source: sets.json.0.drString found in binary or memory: https://helpdesk.com
Source: sets.json.0.drString found in binary or memory: https://hindustantimes.com
Source: sets.json.0.drString found in binary or memory: https://hj.rs
Source: sets.json.0.drString found in binary or memory: https://hjck.com
Source: sets.json.0.drString found in binary or memory: https://html-load.cc
Source: sets.json.0.drString found in binary or memory: https://html-load.com
Source: sets.json.0.drString found in binary or memory: https://human-talk.org
Source: sets.json.0.drString found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.drString found in binary or memory: https://idbs-dev.com
Source: sets.json.0.drString found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.drString found in binary or memory: https://idbs-staging.com
Source: sets.json.0.drString found in binary or memory: https://img-load.com
Source: sets.json.0.drString found in binary or memory: https://indiatimes.com
Source: sets.json.0.drString found in binary or memory: https://indiatoday.in
Source: sets.json.0.drString found in binary or memory: https://indiatodayne.in
Source: sets.json.0.drString found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.drString found in binary or memory: https://interia.pl
Source: sets.json.0.drString found in binary or memory: https://intoday.in
Source: sets.json.0.drString found in binary or memory: https://iolam.it
Source: sets.json.0.drString found in binary or memory: https://ishares.com
Source: sets.json.0.drString found in binary or memory: https://jagran.com
Source: sets.json.0.drString found in binary or memory: https://johndeere.com
Source: sets.json.0.drString found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.drString found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.drString found in binary or memory: https://journaldunet.com
Source: sets.json.0.drString found in binary or memory: https://journaldunet.fr
Source: sets.json.0.drString found in binary or memory: https://joyreactor.cc
Source: sets.json.0.drString found in binary or memory: https://joyreactor.com
Source: sets.json.0.drString found in binary or memory: https://kaksya.in
Source: sets.json.0.drString found in binary or memory: https://knowledgebase.com
Source: sets.json.0.drString found in binary or memory: https://kompas.com
Source: sets.json.0.drString found in binary or memory: https://kompas.tv
Source: sets.json.0.drString found in binary or memory: https://kompasiana.com
Source: sets.json.0.drString found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.drString found in binary or memory: https://landyrev.com
Source: sets.json.0.drString found in binary or memory: https://landyrev.ru
Source: sets.json.0.drString found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.drString found in binary or memory: https://lateja.cr
Source: sets.json.0.drString found in binary or memory: https://libero.it
Source: sets.json.0.drString found in binary or memory: https://linternaute.com
Source: sets.json.0.drString found in binary or memory: https://linternaute.fr
Source: sets.json.0.drString found in binary or memory: https://livechat.com
Source: sets.json.0.drString found in binary or memory: https://livechatinc.com
Source: sets.json.0.drString found in binary or memory: https://livehindustan.com
Source: sets.json.0.drString found in binary or memory: https://livemint.com
Source: sets.json.0.drString found in binary or memory: https://max.auto
Source: sets.json.0.drString found in binary or memory: https://medonet.pl
Source: sets.json.0.drString found in binary or memory: https://meo.pt
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.drString found in binary or memory: https://mercadolivre.com
Source: sets.json.0.drString found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadopago.cl
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.drString found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.drString found in binary or memory: https://mightytext.net
Source: sets.json.0.drString found in binary or memory: https://mittanbud.no
Source: sets.json.0.drString found in binary or memory: https://money.pl
Source: sets.json.0.drString found in binary or memory: https://motherandbaby.com
Source: sets.json.0.drString found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.drString found in binary or memory: https://nacion.com
Source: sets.json.0.drString found in binary or memory: https://naukri.com
Source: sets.json.0.drString found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.drString found in binary or memory: https://nien.co
Source: sets.json.0.drString found in binary or memory: https://nien.com
Source: sets.json.0.drString found in binary or memory: https://nien.org
Source: sets.json.0.drString found in binary or memory: https://nlc.hu
Source: sets.json.0.drString found in binary or memory: https://nosalty.hu
Source: sets.json.0.drString found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.drString found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.drString found in binary or memory: https://nvidia.com
Source: sets.json.0.drString found in binary or memory: https://o2.pl
Source: sets.json.0.drString found in binary or memory: https://ocdn.eu
Source: sets.json.0.drString found in binary or memory: https://onet.pl
Source: sets.json.0.drString found in binary or memory: https://ottplay.com
Source: sets.json.0.drString found in binary or memory: https://p106.net
Source: sets.json.0.drString found in binary or memory: https://p24.hu
Source: sets.json.0.drString found in binary or memory: https://paula.com.uy
Source: sets.json.0.drString found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.drString found in binary or memory: https://phonandroid.com
Source: sets.json.0.drString found in binary or memory: https://player.pl
Source: sets.json.0.drString found in binary or memory: https://plejada.pl
Source: sets.json.0.drString found in binary or memory: https://poalim.site
Source: sets.json.0.drString found in binary or memory: https://poalim.xyz
Source: sets.json.0.drString found in binary or memory: https://pomponik.pl
Source: sets.json.0.drString found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.drString found in binary or memory: https://prisjakt.no
Source: sets.json.0.drString found in binary or memory: https://pudelek.pl
Source: sets.json.0.drString found in binary or memory: https://punjabijagran.com
Source: sets.json.0.drString found in binary or memory: https://radio1.be
Source: sets.json.0.drString found in binary or memory: https://radio2.be
Source: sets.json.0.drString found in binary or memory: https://reactor.cc
Source: sets.json.0.drString found in binary or memory: https://repid.org
Source: sets.json.0.drString found in binary or memory: https://reshim.org
Source: sets.json.0.drString found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://sackrace.ai
Source: sets.json.0.drString found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.drString found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.drString found in binary or memory: https://salemovetravel.com
Source: sets.json.0.drString found in binary or memory: https://samayam.com
Source: sets.json.0.drString found in binary or memory: https://sapo.io
Source: sets.json.0.drString found in binary or memory: https://sapo.pt
Source: sets.json.0.drString found in binary or memory: https://shock.co
Source: sets.json.0.drString found in binary or memory: https://smaker.pl
Source: sets.json.0.drString found in binary or memory: https://smoney.vn
Source: sets.json.0.drString found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.drString found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.drString found in binary or memory: https://songshare.com
Source: sets.json.0.drString found in binary or memory: https://songstats.com
Source: sets.json.0.drString found in binary or memory: https://sporza.be
Source: sets.json.0.drString found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.drString found in binary or memory: https://startlap.hu
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.drString found in binary or memory: https://stripe.com
Source: sets.json.0.drString found in binary or memory: https://stripe.network
Source: sets.json.0.drString found in binary or memory: https://stripecdn.com
Source: sets.json.0.drString found in binary or memory: https://supereva.it
Source: sets.json.0.drString found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.drString found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.drString found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.drString found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.drString found in binary or memory: https://technology-revealed.com
Source: sets.json.0.drString found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.drString found in binary or memory: https://text.com
Source: sets.json.0.drString found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.drString found in binary or memory: https://the42.ie
Source: sets.json.0.drString found in binary or memory: https://thejournal.ie
Source: sets.json.0.drString found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.drString found in binary or memory: https://timesinternet.in
Source: sets.json.0.drString found in binary or memory: https://timesofindia.com
Source: sets.json.0.drString found in binary or memory: https://tolteck.app
Source: sets.json.0.drString found in binary or memory: https://tolteck.com
Source: sets.json.0.drString found in binary or memory: https://top.pl
Source: sets.json.0.drString found in binary or memory: https://tribunnews.com
Source: sets.json.0.drString found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.drString found in binary or memory: https://tucarro.com
Source: sets.json.0.drString found in binary or memory: https://tucarro.com.co
Source: sets.json.0.drString found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.drString found in binary or memory: https://tvid.in
Source: sets.json.0.drString found in binary or memory: https://tvn.pl
Source: sets.json.0.drString found in binary or memory: https://tvn24.pl
Source: sets.json.0.drString found in binary or memory: https://unotv.com
Source: sets.json.0.drString found in binary or memory: https://victorymedium.com
Source: sets.json.0.drString found in binary or memory: https://vrt.be
Source: sets.json.0.drString found in binary or memory: https://vwo.com
Source: sets.json.0.drString found in binary or memory: https://welt.de
Source: sets.json.0.drString found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.drString found in binary or memory: https://wildix.com
Source: sets.json.0.drString found in binary or memory: https://wildixin.com
Source: sets.json.0.drString found in binary or memory: https://wingify.com
Source: sets.json.0.drString found in binary or memory: https://wordle.at
Source: sets.json.0.drString found in binary or memory: https://wp.pl
Source: sets.json.0.drString found in binary or memory: https://wpext.pl
Source: sets.json.0.drString found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.drString found in binary or memory: https://ya.ru
Source: sets.json.0.drString found in binary or memory: https://yours.co.uk
Source: sets.json.0.drString found in binary or memory: https://zalo.me
Source: sets.json.0.drString found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.drString found in binary or memory: https://zingmp3.vn
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60265
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\sets.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_2656_1091490821Jump to behavior
Source: classification engineClassification label: clean1.win@23/10@8/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1880,i,11319549537416333260,14284668568687561168,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://lightsourcebp.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1880,i,11319549537416333260,14284668568687561168,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1522612 URL: http://lightsourcebp.com Startdate: 30/09/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49526 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.185.132, 443, 49741, 60265 GOOGLEUS United States 10->17 19 lightsourcebp.com 138.68.119.45, 443, 49735, 49736 DIGITALOCEAN-ASNUS United States 10->19

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://lightsourcebp.com0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
www.google.com0%VirustotalBrowse
lightsourcebp.com0%VirustotalBrowse
bg.microsoft.map.fastly.net0%VirustotalBrowse
fp2e7a.wpc.phicdn.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://wieistmeineip.de0%URL Reputationsafe
https://mercadoshops.com.co0%URL Reputationsafe
https://gliadomain.com0%URL Reputationsafe
https://poalim.xyz0%URL Reputationsafe
https://mercadolivre.com0%URL Reputationsafe
https://reshim.org0%URL Reputationsafe
https://nourishingpursuits.com0%URL Reputationsafe
https://medonet.pl0%URL Reputationsafe
https://unotv.com0%URL Reputationsafe
https://mercadoshops.com.br0%URL Reputationsafe
https://zdrowietvn.pl0%URL Reputationsafe
https://johndeere.com0%URL Reputationsafe
https://songstats.com0%URL Reputationsafe
https://songstats.com0%URL Reputationsafe
https://baomoi.com0%URL Reputationsafe
https://supereva.it0%URL Reputationsafe
https://elfinancierocr.com0%URL Reputationsafe
https://bolasport.com0%URL Reputationsafe
https://rws1nvtvt.com0%URL Reputationsafe
https://desimartini.com0%URL Reputationsafe
https://hearty.app0%URL Reputationsafe
https://hearty.gift0%URL Reputationsafe
https://mercadoshops.com0%URL Reputationsafe
https://heartymail.com0%URL Reputationsafe
https://heartymail.com0%URL Reputationsafe
https://p106.net0%URL Reputationsafe
https://radio2.be0%URL Reputationsafe
https://finn.no0%URL Reputationsafe
https://hc1.com0%URL Reputationsafe
https://kompas.tv0%URL Reputationsafe
https://mystudentdashboard.com0%URL Reputationsafe
https://songshare.com0%URL Reputationsafe
https://songshare.com0%URL Reputationsafe
https://smaker.pl0%URL Reputationsafe
https://mercadopago.com.mx0%URL Reputationsafe
https://p24.hu0%URL Reputationsafe
https://talkdeskqaid.com0%URL Reputationsafe
https://mercadopago.com.pe0%URL Reputationsafe
https://cardsayings.net0%URL Reputationsafe
https://mightytext.net0%URL Reputationsafe
https://pudelek.pl0%URL Reputationsafe
https://hazipatika.com0%URL Reputationsafe
https://joyreactor.com0%URL Reputationsafe
https://cookreactor.com0%URL Reputationsafe
https://wildixin.com0%URL Reputationsafe
https://eworkbookcloud.com0%URL Reputationsafe
https://cognitiveai.ru0%URL Reputationsafe
https://nacion.com0%URL Reputationsafe
https://chennien.com0%URL Reputationsafe
https://drimer.travel0%URL Reputationsafe
https://deccoria.pl0%URL Reputationsafe
https://mercadopago.cl0%URL Reputationsafe
https://talkdeskstgid.com0%URL Reputationsafe
https://bonvivir.com0%URL Reputationsafe
https://carcostadvisor.be0%URL Reputationsafe
https://salemovetravel.com0%URL Reputationsafe
https://sapo.io0%URL Reputationsafe
https://wpext.pl0%URL Reputationsafe
https://welt.de0%URL Reputationsafe
https://poalim.site0%URL Reputationsafe
https://drimer.io0%URL Reputationsafe
https://infoedgeindia.com0%URL Reputationsafe
https://blackrockadvisorelite.it0%URL Reputationsafe
https://cognitive-ai.ru0%URL Reputationsafe
https://cafemedia.com0%URL Reputationsafe
https://graziadaily.co.uk0%URL Reputationsafe
https://thirdspace.org.au0%URL Reputationsafe
https://mercadoshops.com.ar0%URL Reputationsafe
https://smpn106jkt.sch.id0%URL Reputationsafe
https://elpais.uy0%URL Reputationsafe
https://landyrev.com0%URL Reputationsafe
https://the42.ie0%URL Reputationsafe
https://commentcamarche.com0%URL Reputationsafe
https://tucarro.com.ve0%URL Reputationsafe
https://rws3nvtvt.com0%URL Reputationsafe
https://eleconomista.net0%URL Reputationsafe
https://mercadolivre.com.br0%URL Reputationsafe
https://clmbtech.com0%URL Reputationsafe
https://standardsandpraiserepurpose.com0%URL Reputationsafe
https://salemovefinancial.com0%URL Reputationsafe
https://mercadopago.com.br0%URL Reputationsafe
https://commentcamarche.net0%URL Reputationsafe
https://etfacademy.it0%URL Reputationsafe
https://mighty-app.appspot.com0%URL Reputationsafe
https://hj.rs0%URL Reputationsafe
https://hearty.me0%URL Reputationsafe
https://mercadolibre.com.gt0%URL Reputationsafe
https://timesinternet.in0%URL Reputationsafe
https://indiatodayne.in0%URL Reputationsafe
https://idbs-staging.com0%URL Reputationsafe
https://blackrock.com0%URL Reputationsafe
https://idbs-eworkbook.com0%URL Reputationsafe
https://motherandbaby.com0%URL Reputationsafe
https://mercadolibre.co.cr0%URL Reputationsafe
https://24.hu0%VirustotalBrowse
https://text.com0%VirustotalBrowse
https://nlc.hu0%VirustotalBrowse
https://interia.pl0%VirustotalBrowse
https://joyreactor.cc1%VirustotalBrowse
https://07c225f3.online0%VirustotalBrowse

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalseunknown
lightsourcebp.com
138.68.119.45
truefalseunknown
www.google.com
142.250.185.132
truefalseunknown
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://lightsourcebp.com/false
    		unknown
    NameSourceMaliciousAntivirus DetectionReputation
    https://wieistmeineip.desets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadoshops.com.cosets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://gliadomain.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://poalim.xyzsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadolivre.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://reshim.orgsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://nourishingpursuits.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://medonet.plsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://unotv.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadoshops.com.brsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://joyreactor.ccsets.json.0.drfalseunknown
    https://zdrowietvn.plsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://johndeere.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://songstats.comsets.json.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://baomoi.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://supereva.itsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://elfinancierocr.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://bolasport.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://rws1nvtvt.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://desimartini.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://hearty.appsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://hearty.giftsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadoshops.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://heartymail.comsets.json.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://nlc.husets.json.0.drfalseunknown
    https://p106.netsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://radio2.besets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://finn.nosets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://hc1.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://kompas.tvsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mystudentdashboard.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://songshare.comsets.json.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://smaker.plsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadopago.com.mxsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://p24.husets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://talkdeskqaid.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://24.husets.json.0.drfalseunknown
    https://mercadopago.com.pesets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cardsayings.netsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://text.comsets.json.0.drfalseunknown
    https://mightytext.netsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://pudelek.plsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://hazipatika.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://joyreactor.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cookreactor.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://wildixin.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://eworkbookcloud.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cognitiveai.rusets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://nacion.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://chennien.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://drimer.travelsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://deccoria.plsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadopago.clsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://talkdeskstgid.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://naukri.comsets.json.0.drfalseunknown
    https://interia.plsets.json.0.drfalseunknown
    https://bonvivir.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://carcostadvisor.besets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://salemovetravel.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://sapo.iosets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://wpext.plsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://welt.desets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://poalim.sitesets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://drimer.iosets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://infoedgeindia.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://blackrockadvisorelite.itsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cognitive-ai.rusets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cafemedia.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://graziadaily.co.uksets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://thirdspace.org.ausets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadoshops.com.arsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://smpn106jkt.sch.idsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://elpais.uysets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://landyrev.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://the42.iesets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://commentcamarche.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://tucarro.com.vesets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://rws3nvtvt.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://eleconomista.netsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://helpdesk.comsets.json.0.drfalseunknown
    https://mercadolivre.com.brsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clmbtech.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://standardsandpraiserepurpose.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://07c225f3.onlinesets.json.0.drfalseunknown
    https://salemovefinancial.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadopago.com.brsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://commentcamarche.netsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://etfacademy.itsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mighty-app.appspot.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://hj.rssets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://hearty.mesets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadolibre.com.gtsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://timesinternet.insets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://indiatodayne.insets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://idbs-staging.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://blackrock.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://idbs-eworkbook.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://motherandbaby.comsets.json.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mercadolibre.co.crsets.json.0.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    138.68.119.45
    		lightsourcebp.comUnited States
    		14061DIGITALOCEAN-ASNUSfalse
    142.250.185.132
    		www.google.comUnited States
    		15169GOOGLEUSfalse

    Private

    IP
    192.168.2.4

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1522612
    Start date and time:2024-09-30 12:48:02 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 3m 13s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:browseurl.jbs
    Sample URL:http://lightsourcebp.com
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:8
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:CLEAN
    Classification:clean1.win@23/10@8/4
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 142.250.185.67, 216.58.206.78, 64.233.167.84, 34.104.35.123, 52.165.165.26, 199.232.210.172, 192.229.221.95, 13.95.31.18, 13.85.23.206, 142.250.185.163
    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtSetInformationFile calls found.

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\LICENSE

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):1558
    Entropy (8bit):5.11458514637545
    Encrypted:false
    SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
    MD5:EE002CB9E51BB8DFA89640A406A1090A
    SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
    SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
    SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
    Malicious:false
    Reputation:low
    Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\_metadata\verified_contents.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1864
    Entropy (8bit):6.021127689065198
    Encrypted:false
    SSDEEP:48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7
    MD5:68E6B5733E04AB7BF19699A84D8ABBC2
    SHA1:1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
    SHA-256:F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
    SHA-512:9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
    Malicious:false
    Reputation:low
    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\manifest.fingerprint

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):66
    Entropy (8bit):3.9159446964030753
    Encrypted:false
    SSDEEP:3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k
    MD5:CFB54589424206D0AE6437B5673F498D
    SHA1:D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
    SHA-256:285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
    SHA-512:70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
    Malicious:false
    Reputation:low
    Preview:1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\manifest.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):85
    Entropy (8bit):4.4533115571544695
    Encrypted:false
    SSDEEP:3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln
    MD5:C3419069A1C30140B77045ABA38F12CF
    SHA1:11920F0C1E55CADC7D2893D1EEBB268B3459762A
    SHA-256:DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
    SHA-512:C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
    Malicious:false
    Reputation:low
    Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2656_1245465862\sets.json

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):9748
    Entropy (8bit):4.629326694042306
    Encrypted:false
    SSDEEP:96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq
    MD5:EEA4913A6625BEB838B3E4E79999B627
    SHA1:1B4966850F1B117041407413B70BFA925FD83703
    SHA-256:20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
    SHA-512:31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
    Malicious:false
    Reputation:low
    Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

    Chrome Cache Entry: 113

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:downloaded
    Size (bytes):70
    Entropy (8bit):4.160019139345476
    Encrypted:false
    SSDEEP:3:ZzEBK1KRA5AzCARk7mLn:ZzMA5uDRkSLn
    MD5:C5FA452CA73F0D9ED526F701A7153E32
    SHA1:FA3813A946715694C7C7D0C39C0954DCB5342E49
    SHA-256:C96910CBF65D0600D9E7E9703AFBEA5C775DEE5BD76F2B023C060DC8B0AE9395
    SHA-512:7E3D491A85FF695D601DB6A9EA14BCB4D4D0CF0B9BA66FE8D063B078DC5323B56FFEF0C80D679A58FFD5412779A55A16A38F37AB129168CF930B871BC5AB7069
    Malicious:false
    Reputation:low
    URL:https://lightsourcebp.com/
    Preview:Our website is currently down for maintenance. Please check back soon.

    Chrome Cache Entry: 114

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):70
    Entropy (8bit):4.160019139345476
    Encrypted:false
    SSDEEP:3:ZzEBK1KRA5AzCARk7mLn:ZzMA5uDRkSLn
    MD5:C5FA452CA73F0D9ED526F701A7153E32
    SHA1:FA3813A946715694C7C7D0C39C0954DCB5342E49
    SHA-256:C96910CBF65D0600D9E7E9703AFBEA5C775DEE5BD76F2B023C060DC8B0AE9395
    SHA-512:7E3D491A85FF695D601DB6A9EA14BCB4D4D0CF0B9BA66FE8D063B078DC5323B56FFEF0C80D679A58FFD5412779A55A16A38F37AB129168CF930B871BC5AB7069
    Malicious:false
    Reputation:low
    Preview:Our website is currently down for maintenance. Please check back soon.

    Chrome Cache Entry: 115

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with no line terminators
    Category:downloaded
    Size (bytes):70
    Entropy (8bit):4.160019139345476
    Encrypted:false
    SSDEEP:3:ZzEBK1KRA5AzCARk7mLn:ZzMA5uDRkSLn
    MD5:C5FA452CA73F0D9ED526F701A7153E32
    SHA1:FA3813A946715694C7C7D0C39C0954DCB5342E49
    SHA-256:C96910CBF65D0600D9E7E9703AFBEA5C775DEE5BD76F2B023C060DC8B0AE9395
    SHA-512:7E3D491A85FF695D601DB6A9EA14BCB4D4D0CF0B9BA66FE8D063B078DC5323B56FFEF0C80D679A58FFD5412779A55A16A38F37AB129168CF930B871BC5AB7069
    Malicious:false
    Reputation:low
    URL:https://lightsourcebp.com/favicon.ico
    Preview:Our website is currently down for maintenance. Please check back soon.

    Static File Info

    No static file info

    Network Behavior

    Download Network PCAP: filteredfull

    Network Port Distribution

    • Total Packets: 101
    • 443 (HTTPS)
    • 80 (HTTP)
    • 53 (DNS)
    TimestampSource PortDest PortSource IPDest IP
    Sep 30, 2024 12:48:49.755374908 CEST49675443192.168.2.4173.222.162.32
    Sep 30, 2024 12:48:59.448390961 CEST49675443192.168.2.4173.222.162.32
    Sep 30, 2024 12:48:59.771464109 CEST4973580192.168.2.4138.68.119.45
    Sep 30, 2024 12:48:59.771779060 CEST4973680192.168.2.4138.68.119.45
    Sep 30, 2024 12:48:59.776575089 CEST8049735138.68.119.45192.168.2.4
    Sep 30, 2024 12:48:59.776741982 CEST8049736138.68.119.45192.168.2.4
    Sep 30, 2024 12:48:59.776762962 CEST4973580192.168.2.4138.68.119.45
    Sep 30, 2024 12:48:59.776803970 CEST4973680192.168.2.4138.68.119.45
    Sep 30, 2024 12:48:59.776977062 CEST4973580192.168.2.4138.68.119.45
    Sep 30, 2024 12:48:59.781850100 CEST8049735138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:00.363400936 CEST8049735138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:00.399907112 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:00.399962902 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:00.400060892 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:00.400276899 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:00.400294065 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:00.458961010 CEST4973580192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.001019955 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.001956940 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.001981974 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.003005981 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.003175020 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.004249096 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.004303932 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.004812002 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.004820108 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.053894997 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.274544954 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.274631023 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.274678946 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.283510923 CEST49737443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.283529043 CEST44349737138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.625565052 CEST49740443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.625622034 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.625683069 CEST49740443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.626734018 CEST49740443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:01.626746893 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:01.868689060 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:01.868742943 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:01.868812084 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:01.869415045 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:01.869432926 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:02.228619099 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.244337082 CEST49740443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:02.244374990 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.244999886 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.248534918 CEST49740443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:02.248732090 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.252933025 CEST49740443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:02.295407057 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.509332895 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.509402037 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.511885881 CEST49740443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:02.514823914 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:02.514861107 CEST49740443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:02.514883995 CEST44349740138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.515259981 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:02.515283108 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:02.516405106 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:02.516833067 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:02.727890015 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:02.728111982 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:02.770045042 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:02.770076036 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:02.791049004 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:02.791105986 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.791867971 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:02.792521000 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:02.792535067 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:02.816910982 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:03.402862072 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:03.457550049 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:03.564053059 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:03.564069986 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:03.565320015 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:03.565335989 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:03.565375090 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:03.577261925 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:03.577372074 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:03.577564955 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:03.577574968 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:03.629390955 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:03.751935005 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:03.753048897 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:03.753089905 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:03.804941893 CEST49742443192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:03.804980040 CEST44349742138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:04.384424925 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:04.384476900 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:04.384582043 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:04.386929989 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:04.386945009 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.053925991 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.053994894 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.061012983 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.061045885 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.061382055 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.113794088 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.269701004 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.311400890 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.460444927 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.460526943 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.460602045 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.467022896 CEST49743443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.467048883 CEST44349743184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.515947104 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.516011953 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:05.516113997 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.517118931 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:05.517141104 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:06.156616926 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:06.156714916 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:06.159915924 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:06.159934998 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:06.160221100 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:06.161974907 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:06.203407049 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:06.433629990 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:06.433818102 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:06.433890104 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:06.434717894 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:06.434751034 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:06.434766054 CEST49744443192.168.2.4184.28.90.27
    Sep 30, 2024 12:49:06.434772015 CEST44349744184.28.90.27192.168.2.4
    Sep 30, 2024 12:49:12.417783976 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:12.417849064 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:12.417959929 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:13.216648102 CEST49741443192.168.2.4142.250.185.132
    Sep 30, 2024 12:49:13.216686964 CEST44349741142.250.185.132192.168.2.4
    Sep 30, 2024 12:49:15.580164909 CEST4972380192.168.2.493.184.221.240
    Sep 30, 2024 12:49:15.588063955 CEST804972393.184.221.240192.168.2.4
    Sep 30, 2024 12:49:15.588165045 CEST4972380192.168.2.493.184.221.240
    Sep 30, 2024 12:49:40.090765953 CEST4952653192.168.2.41.1.1.1
    Sep 30, 2024 12:49:40.095755100 CEST53495261.1.1.1192.168.2.4
    Sep 30, 2024 12:49:40.095841885 CEST4952653192.168.2.41.1.1.1
    Sep 30, 2024 12:49:40.095890999 CEST4952653192.168.2.41.1.1.1
    Sep 30, 2024 12:49:40.100785971 CEST53495261.1.1.1192.168.2.4
    Sep 30, 2024 12:49:40.540669918 CEST53495261.1.1.1192.168.2.4
    Sep 30, 2024 12:49:40.541755915 CEST4952653192.168.2.41.1.1.1
    Sep 30, 2024 12:49:40.547336102 CEST53495261.1.1.1192.168.2.4
    Sep 30, 2024 12:49:40.547544956 CEST4952653192.168.2.41.1.1.1
    Sep 30, 2024 12:49:44.785842896 CEST4973680192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:44.790829897 CEST8049736138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:45.364289999 CEST4973580192.168.2.4138.68.119.45
    Sep 30, 2024 12:49:45.369266987 CEST8049735138.68.119.45192.168.2.4
    Sep 30, 2024 12:49:59.809413910 CEST6026353192.168.2.41.1.1.1
    Sep 30, 2024 12:49:59.814243078 CEST53602631.1.1.1192.168.2.4
    Sep 30, 2024 12:49:59.814332962 CEST6026353192.168.2.41.1.1.1
    Sep 30, 2024 12:49:59.814379930 CEST6026353192.168.2.41.1.1.1
    Sep 30, 2024 12:49:59.819087982 CEST53602631.1.1.1192.168.2.4
    Sep 30, 2024 12:50:00.257702112 CEST53602631.1.1.1192.168.2.4
    Sep 30, 2024 12:50:00.257992029 CEST6026353192.168.2.41.1.1.1
    Sep 30, 2024 12:50:00.263273001 CEST53602631.1.1.1192.168.2.4
    Sep 30, 2024 12:50:00.263324022 CEST6026353192.168.2.41.1.1.1
    Sep 30, 2024 12:50:00.277645111 CEST8049736138.68.119.45192.168.2.4
    Sep 30, 2024 12:50:00.277690887 CEST4973680192.168.2.4138.68.119.45
    Sep 30, 2024 12:50:00.723273993 CEST4973680192.168.2.4138.68.119.45
    Sep 30, 2024 12:50:00.729144096 CEST8049736138.68.119.45192.168.2.4
    Sep 30, 2024 12:50:01.909038067 CEST60265443192.168.2.4142.250.185.132
    Sep 30, 2024 12:50:01.909168005 CEST44360265142.250.185.132192.168.2.4
    Sep 30, 2024 12:50:01.909250975 CEST60265443192.168.2.4142.250.185.132
    Sep 30, 2024 12:50:01.909506083 CEST60265443192.168.2.4142.250.185.132
    Sep 30, 2024 12:50:01.909542084 CEST44360265142.250.185.132192.168.2.4
    Sep 30, 2024 12:50:02.536760092 CEST44360265142.250.185.132192.168.2.4
    Sep 30, 2024 12:50:02.539551973 CEST60265443192.168.2.4142.250.185.132
    Sep 30, 2024 12:50:02.539627075 CEST44360265142.250.185.132192.168.2.4
    Sep 30, 2024 12:50:02.540024996 CEST44360265142.250.185.132192.168.2.4
    Sep 30, 2024 12:50:02.540915012 CEST60265443192.168.2.4142.250.185.132
    Sep 30, 2024 12:50:02.540986061 CEST44360265142.250.185.132192.168.2.4
    Sep 30, 2024 12:50:02.582853079 CEST60265443192.168.2.4142.250.185.132
    Sep 30, 2024 12:50:04.020528078 CEST4972480192.168.2.493.184.221.240
    Sep 30, 2024 12:50:04.025685072 CEST804972493.184.221.240192.168.2.4
    Sep 30, 2024 12:50:04.025748968 CEST4972480192.168.2.493.184.221.240
    Sep 30, 2024 12:50:06.364773035 CEST8049735138.68.119.45192.168.2.4
    Sep 30, 2024 12:50:06.364880085 CEST4973580192.168.2.4138.68.119.45
    Sep 30, 2024 12:50:06.710026979 CEST4973580192.168.2.4138.68.119.45
    Sep 30, 2024 12:50:06.714915037 CEST8049735138.68.119.45192.168.2.4
    Sep 30, 2024 12:50:12.483158112 CEST44360265142.250.185.132192.168.2.4
    Sep 30, 2024 12:50:12.483228922 CEST44360265142.250.185.132192.168.2.4
    Sep 30, 2024 12:50:12.483289003 CEST60265443192.168.2.4142.250.185.132
    Sep 30, 2024 12:50:12.710114002 CEST60265443192.168.2.4142.250.185.132
    Sep 30, 2024 12:50:12.710182905 CEST44360265142.250.185.132192.168.2.4
    TimestampSource PortDest PortSource IPDest IP
    Sep 30, 2024 12:48:58.151249886 CEST53550101.1.1.1192.168.2.4
    Sep 30, 2024 12:48:58.542838097 CEST53613951.1.1.1192.168.2.4
    Sep 30, 2024 12:48:59.639467955 CEST53653831.1.1.1192.168.2.4
    Sep 30, 2024 12:48:59.742737055 CEST5738153192.168.2.41.1.1.1
    Sep 30, 2024 12:48:59.742893934 CEST6281953192.168.2.41.1.1.1
    Sep 30, 2024 12:48:59.763379097 CEST53573811.1.1.1192.168.2.4
    Sep 30, 2024 12:48:59.786159039 CEST53628191.1.1.1192.168.2.4
    Sep 30, 2024 12:49:00.367768049 CEST5721153192.168.2.41.1.1.1
    Sep 30, 2024 12:49:00.367932081 CEST5178453192.168.2.41.1.1.1
    Sep 30, 2024 12:49:00.386487961 CEST53517841.1.1.1192.168.2.4
    Sep 30, 2024 12:49:00.399226904 CEST53572111.1.1.1192.168.2.4
    Sep 30, 2024 12:49:01.858767033 CEST5540853192.168.2.41.1.1.1
    Sep 30, 2024 12:49:01.859313965 CEST5556053192.168.2.41.1.1.1
    Sep 30, 2024 12:49:01.865941048 CEST53554081.1.1.1192.168.2.4
    Sep 30, 2024 12:49:01.866117001 CEST53555601.1.1.1192.168.2.4
    Sep 30, 2024 12:49:02.738197088 CEST5286253192.168.2.41.1.1.1
    Sep 30, 2024 12:49:02.738692999 CEST5332253192.168.2.41.1.1.1
    Sep 30, 2024 12:49:02.755645037 CEST53533221.1.1.1192.168.2.4
    Sep 30, 2024 12:49:02.770117044 CEST53528621.1.1.1192.168.2.4
    Sep 30, 2024 12:49:15.610626936 CEST138138192.168.2.4192.168.2.255
    Sep 30, 2024 12:49:16.622575998 CEST53629321.1.1.1192.168.2.4
    Sep 30, 2024 12:49:36.019973040 CEST53511491.1.1.1192.168.2.4
    Sep 30, 2024 12:49:40.090204000 CEST53655171.1.1.1192.168.2.4
    Sep 30, 2024 12:49:57.769013882 CEST53615151.1.1.1192.168.2.4
    Sep 30, 2024 12:49:59.808789968 CEST53500921.1.1.1192.168.2.4
    TimestampSource IPDest IPChecksumCodeType
    Sep 30, 2024 12:48:59.786259890 CEST192.168.2.41.1.1.1c235(Port unreachable)Destination Unreachable

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Sep 30, 2024 12:48:59.742737055 CEST192.168.2.41.1.1.10xb0bbStandard query (0)lightsourcebp.comA (IP address)IN (0x0001)false
    Sep 30, 2024 12:48:59.742893934 CEST192.168.2.41.1.1.10x7e75Standard query (0)lightsourcebp.com65IN (0x0001)false
    Sep 30, 2024 12:49:00.367768049 CEST192.168.2.41.1.1.10x24e9Standard query (0)lightsourcebp.comA (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:00.367932081 CEST192.168.2.41.1.1.10x3a3dStandard query (0)lightsourcebp.com65IN (0x0001)false
    Sep 30, 2024 12:49:01.858767033 CEST192.168.2.41.1.1.10x77e8Standard query (0)www.google.comA (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:01.859313965 CEST192.168.2.41.1.1.10x150Standard query (0)www.google.com65IN (0x0001)false
    Sep 30, 2024 12:49:02.738197088 CEST192.168.2.41.1.1.10x9528Standard query (0)lightsourcebp.comA (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:02.738692999 CEST192.168.2.41.1.1.10x8acfStandard query (0)lightsourcebp.com65IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Sep 30, 2024 12:48:59.763379097 CEST1.1.1.1192.168.2.40xb0bbNo error (0)lightsourcebp.com138.68.119.45A (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:00.399226904 CEST1.1.1.1192.168.2.40x24e9No error (0)lightsourcebp.com138.68.119.45A (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:01.865941048 CEST1.1.1.1192.168.2.40x77e8No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:01.866117001 CEST1.1.1.1192.168.2.40x150No error (0)www.google.com65IN (0x0001)false
    Sep 30, 2024 12:49:02.770117044 CEST1.1.1.1192.168.2.40x9528No error (0)lightsourcebp.com138.68.119.45A (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:12.825447083 CEST1.1.1.1192.168.2.40x85c6No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:12.825447083 CEST1.1.1.1192.168.2.40x85c6No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:14.267124891 CEST1.1.1.1192.168.2.40x5141No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Sep 30, 2024 12:49:14.267124891 CEST1.1.1.1192.168.2.40x5141No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
    Sep 30, 2024 12:49:26.388259888 CEST1.1.1.1192.168.2.40x2931No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Sep 30, 2024 12:49:26.388259888 CEST1.1.1.1192.168.2.40x2931No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

    HTTP Request Dependency Graph

    • lightsourcebp.com
    • https:
    • fs.microsoft.com

    HTTP Packets

    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.449735138.68.119.45805440C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    Sep 30, 2024 12:48:59.776977062 CEST432OUTGET / HTTP/1.1
    Host: lightsourcebp.com
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Sep 30, 2024 12:49:00.363400936 CEST129INHTTP/1.1 307 Temporary Redirect
    location: https://lightsourcebp.com/
    date: Mon, 30 Sep 2024 10:48:59 GMT
    content-length: 0
    Sep 30, 2024 12:49:45.364289999 CEST6OUTData Raw: 00
    Data Ascii:


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    1192.168.2.449736138.68.119.45805440C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    Sep 30, 2024 12:49:44.785842896 CEST6OUTData Raw: 00
    Data Ascii:


    HTTPS Proxied Packets

    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.449737138.68.119.454435440C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    2024-09-30 10:49:00 UTC660OUTGET / HTTP/1.1
    Host: lightsourcebp.com
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    2024-09-30 10:49:01 UTC284INHTTP/1.1 200 OK
    server: nginx
    date: Mon, 30 Sep 2024 10:49:01 GMT
    content-type: application/octet-stream,text/plain
    content-length: 70
    set-cookie: DO-LB="Cg8xMC4xMzEuMzkuODE6ODAQxJSIBg=="; Max-Age=300; Path=/; HttpOnly; SameSite=Lax
    cache-control: private
    connection: close
    2024-09-30 10:49:01 UTC70INData Raw: 4f 75 72 20 77 65 62 73 69 74 65 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 64 6f 77 6e 20 66 6f 72 20 6d 61 69 6e 74 65 6e 61 6e 63 65 2e 20 50 6c 65 61 73 65 20 63 68 65 63 6b 20 62 61 63 6b 20 73 6f 6f 6e 2e
    Data Ascii: Our website is currently down for maintenance. Please check back soon.


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    1192.168.2.449740138.68.119.454435440C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    2024-09-30 10:49:02 UTC640OUTGET /favicon.ico HTTP/1.1
    Host: lightsourcebp.com
    Connection: keep-alive
    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    sec-ch-ua-platform: "Windows"
    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Dest: image
    Referer: https://lightsourcebp.com/
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Cookie: DO-LB="Cg8xMC4xMzEuMzkuODE6ODAQxJSIBg=="
    2024-09-30 10:49:02 UTC173INHTTP/1.1 200 OK
    server: nginx
    date: Mon, 30 Sep 2024 10:49:02 GMT
    content-type: image/x-icon,text/plain
    content-length: 70
    cache-control: private
    connection: close
    2024-09-30 10:49:02 UTC70INData Raw: 4f 75 72 20 77 65 62 73 69 74 65 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 64 6f 77 6e 20 66 6f 72 20 6d 61 69 6e 74 65 6e 61 6e 63 65 2e 20 50 6c 65 61 73 65 20 63 68 65 63 6b 20 62 61 63 6b 20 73 6f 6f 6e 2e
    Data Ascii: Our website is currently down for maintenance. Please check back soon.


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    2192.168.2.449742138.68.119.454435440C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    2024-09-30 10:49:03 UTC402OUTGET /favicon.ico HTTP/1.1
    Host: lightsourcebp.com
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    Accept: */*
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Cookie: DO-LB="Cg8xMC4xMzEuMzkuODE6ODAQxJSIBg=="
    2024-09-30 10:49:03 UTC173INHTTP/1.1 200 OK
    server: nginx
    date: Mon, 30 Sep 2024 10:49:03 GMT
    content-type: image/x-icon,text/plain
    content-length: 70
    cache-control: private
    connection: close
    2024-09-30 10:49:03 UTC70INData Raw: 4f 75 72 20 77 65 62 73 69 74 65 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 64 6f 77 6e 20 66 6f 72 20 6d 61 69 6e 74 65 6e 61 6e 63 65 2e 20 50 6c 65 61 73 65 20 63 68 65 63 6b 20 62 61 63 6b 20 73 6f 6f 6e 2e
    Data Ascii: Our website is currently down for maintenance. Please check back soon.


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    3192.168.2.449743184.28.90.27443
    TimestampBytes transferredDirectionData
    2024-09-30 10:49:05 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    User-Agent: Microsoft BITS/7.8
    Host: fs.microsoft.com
    2024-09-30 10:49:05 UTC466INHTTP/1.1 200 OK
    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
    Content-Type: application/octet-stream
    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
    Server: ECAcc (lpl/EF06)
    X-CID: 11
    X-Ms-ApiVersion: Distribute 1.2
    X-Ms-Region: prod-neu-z1
    Cache-Control: public, max-age=21400
    Date: Mon, 30 Sep 2024 10:49:05 GMT
    Connection: close
    X-CID: 2


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    4192.168.2.449744184.28.90.27443
    TimestampBytes transferredDirectionData
    2024-09-30 10:49:06 UTC239OUTGET /fs/windows/config.json HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
    Range: bytes=0-2147483646
    User-Agent: Microsoft BITS/7.8
    Host: fs.microsoft.com
    2024-09-30 10:49:06 UTC514INHTTP/1.1 200 OK
    ApiVersion: Distribute 1.1
    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
    Content-Type: application/octet-stream
    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
    Server: ECAcc (lpl/EF06)
    X-CID: 11
    X-Ms-ApiVersion: Distribute 1.2
    X-Ms-Region: prod-weu-z1
    Cache-Control: public, max-age=25934
    Date: Mon, 30 Sep 2024 10:49:06 GMT
    Content-Length: 55
    Connection: close
    X-CID: 2
    2024-09-30 10:49:06 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


    Statistics

    CPU Usage

    020406080s020406080100

    Click to jump to process

    Memory Usage

    020406080s0.0050100MB

    Click to jump to process

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:06:48:53
    Start date:30/09/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Imagebase:0x7ff76e190000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false
    Show Windows behavior

    File Activities

    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    Show Windows behavior

    Process Activities

    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    Show Windows behavior

    Memory Activities

    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    Show Windows behavior

    Process Token Activities


    General

    Target ID:2
    Start time:06:48:55
    Start date:30/09/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1880,i,11319549537416333260,14284668568687561168,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Imagebase:0x7ff76e190000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false
    Show Windows behavior

    File Activities

    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    Show Windows behavior

    Memory Activities


    General

    Target ID:3
    Start time:06:48:58
    Start date:30/09/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://lightsourcebp.com"
    Imagebase:0x7ff76e190000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Disassembly

    No disassembly