Edit tour

Windows Analysis Report
http://audienceexposure.com

Overview

General Information

Sample URL:http://audienceexposure.com
Analysis ID:1583350
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 3740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1988,i,13375425743627228208,12030322760288189565,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://audienceexposure.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://audienceexposure.com/HTTP Parser: No favicon
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: audienceexposure.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: audienceexposure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://audienceexposure.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: audienceexposure.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: classification engineClassification label: clean0.win@16/4@4/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1988,i,13375425743627228208,12030322760288189565,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://audienceexposure.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1988,i,13375425743627228208,12030322760288189565,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1583350 URL: http://audienceexposure.com Startdate: 02/01/2025 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49297 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.185.164, 443, 49738, 49813 GOOGLEUS United States 10->17 19 73685.bodis.com 199.59.243.227, 49740, 49741, 80 BODIS-NJUS United States 10->19 21 audienceexposure.com 10->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://audienceexposure.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
73685.bodis.com
199.59.243.227
truefalse
    unknown
    www.google.com
    142.250.185.164
    truefalse
      high
      audienceexposure.com
      unknown
      unknownfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        unknownReserved
        unknownunknownfalse
        142.250.185.164
        www.google.comUnited States
        15169GOOGLEUSfalse
        199.59.243.227
        73685.bodis.comUnited States
        395082BODIS-NJUSfalse
        IP
        192.168.2.4
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1583350
        Start date and time:2025-01-02 14:23:59 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 54s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:http://audienceexposure.com
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:8
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:CLEAN
        Classification:clean0.win@16/4@4/4
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 173.194.76.84, 142.250.181.238, 142.250.184.195, 142.250.185.78, 172.217.23.110, 142.250.185.238, 199.232.214.172, 192.229.221.95, 172.217.18.110, 142.250.184.238, 142.250.185.206, 142.250.74.206, 142.250.185.142, 216.58.206.67, 142.250.185.174, 142.250.186.142, 184.28.90.27, 20.109.210.53, 13.107.246.45
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: http://audienceexposure.com
        No simulations
        No context
        No context
        No context
        No context
        No context
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text
        Category:downloaded
        Size (bytes):93
        Entropy (8bit):4.647722425298617
        Encrypted:false
        SSDEEP:3:qVZqcMsMgs0UL3AE+FoJRx+QVBK3D:qzsgs0HE+2XVBmD
        MD5:B0D506893D4802090EDF1644F5F082CD
        SHA1:4BF0D7ECB70703857C7029754FA02A7496313B63
        SHA-256:0D3E98CA727FC1201B436170AF5A63F23348AAF146A3AC6234F6C4DA283E8B34
        SHA-512:9A104D02DD1AFB7B1D7C26715FA650C3F1519744AF8F57A57C1A8D39A1D75B16D3CA5DA8E6E00966EBE2D73A9983679710585318ACFED67804C4856B6D1928E5
        Malicious:false
        Reputation:low
        URL:http://audienceexposure.com/favicon.ico
        Preview:<html><body><h1>403 Forbidden</h1>.Request forbidden by administrative rules..</body></html>.
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text
        Category:downloaded
        Size (bytes):93
        Entropy (8bit):4.647722425298617
        Encrypted:false
        SSDEEP:3:qVZqcMsMgs0UL3AE+FoJRx+QVBK3D:qzsgs0HE+2XVBmD
        MD5:B0D506893D4802090EDF1644F5F082CD
        SHA1:4BF0D7ECB70703857C7029754FA02A7496313B63
        SHA-256:0D3E98CA727FC1201B436170AF5A63F23348AAF146A3AC6234F6C4DA283E8B34
        SHA-512:9A104D02DD1AFB7B1D7C26715FA650C3F1519744AF8F57A57C1A8D39A1D75B16D3CA5DA8E6E00966EBE2D73A9983679710585318ACFED67804C4856B6D1928E5
        Malicious:false
        Reputation:low
        URL:http://audienceexposure.com/
        Preview:<html><body><h1>403 Forbidden</h1>.Request forbidden by administrative rules..</body></html>.
        No static file info

        Download Network PCAP: filteredfull

        • Total Packets: 43
        • 443 (HTTPS)
        • 80 (HTTP)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Jan 2, 2025 14:24:45.159065962 CET49675443192.168.2.4173.222.162.32
        Jan 2, 2025 14:24:54.768183947 CET49675443192.168.2.4173.222.162.32
        Jan 2, 2025 14:24:59.635931969 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:24:59.635978937 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:24:59.636079073 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:24:59.636290073 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:24:59.636300087 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:00.290127993 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:00.290709972 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:00.290724993 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:00.291726112 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:00.291795969 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:00.293530941 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:00.293581009 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:00.345637083 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:00.345653057 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:00.392445087 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:00.846535921 CET4974080192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:00.846724987 CET4974180192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:00.851346016 CET8049740199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:00.851413965 CET4974080192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:00.851453066 CET8049741199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:00.851500988 CET4974180192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:00.859743118 CET4974080192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:00.864563942 CET8049740199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:01.333517075 CET8049740199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:01.384563923 CET4974080192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:01.422089100 CET4974080192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:01.426868916 CET8049740199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:01.526890993 CET8049740199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:01.581645966 CET4974080192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:10.188710928 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:10.188769102 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:10.188891888 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:11.228301048 CET8049741199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:11.228522062 CET8049741199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:11.228589058 CET4974180192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:11.527179956 CET8049740199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:11.527272940 CET4974080192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:12.019464016 CET4974080192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:12.019542933 CET49738443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:12.019556999 CET44349738142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:12.024317980 CET8049740199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:56.237437963 CET4974180192.168.2.4199.59.243.227
        Jan 2, 2025 14:25:56.242257118 CET8049741199.59.243.227192.168.2.4
        Jan 2, 2025 14:25:59.690162897 CET49813443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:59.690177917 CET44349813142.250.185.164192.168.2.4
        Jan 2, 2025 14:25:59.690258980 CET49813443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:59.690474987 CET49813443192.168.2.4142.250.185.164
        Jan 2, 2025 14:25:59.690488100 CET44349813142.250.185.164192.168.2.4
        Jan 2, 2025 14:26:00.320436001 CET44349813142.250.185.164192.168.2.4
        Jan 2, 2025 14:26:00.320686102 CET49813443192.168.2.4142.250.185.164
        Jan 2, 2025 14:26:00.320693970 CET44349813142.250.185.164192.168.2.4
        Jan 2, 2025 14:26:00.321154118 CET44349813142.250.185.164192.168.2.4
        Jan 2, 2025 14:26:00.321435928 CET49813443192.168.2.4142.250.185.164
        Jan 2, 2025 14:26:00.321552992 CET44349813142.250.185.164192.168.2.4
        Jan 2, 2025 14:26:00.376497030 CET49813443192.168.2.4142.250.185.164
        Jan 2, 2025 14:26:01.000894070 CET4972380192.168.2.4199.232.210.172
        Jan 2, 2025 14:26:01.000957012 CET4972480192.168.2.4199.232.210.172
        Jan 2, 2025 14:26:01.006366014 CET8049723199.232.210.172192.168.2.4
        Jan 2, 2025 14:26:01.006380081 CET8049724199.232.210.172192.168.2.4
        Jan 2, 2025 14:26:01.006428957 CET4972380192.168.2.4199.232.210.172
        Jan 2, 2025 14:26:01.006445885 CET4972480192.168.2.4199.232.210.172
        Jan 2, 2025 14:26:02.019642115 CET4974180192.168.2.4199.59.243.227
        Jan 2, 2025 14:26:02.019676924 CET4974180192.168.2.4199.59.243.227
        Jan 2, 2025 14:26:02.024408102 CET8049741199.59.243.227192.168.2.4
        Jan 2, 2025 14:26:02.024473906 CET4974180192.168.2.4199.59.243.227
        Jan 2, 2025 14:26:10.238467932 CET44349813142.250.185.164192.168.2.4
        Jan 2, 2025 14:26:10.238509893 CET44349813142.250.185.164192.168.2.4
        Jan 2, 2025 14:26:10.238585949 CET49813443192.168.2.4142.250.185.164
        Jan 2, 2025 14:26:12.019462109 CET49813443192.168.2.4142.250.185.164
        Jan 2, 2025 14:26:12.019476891 CET44349813142.250.185.164192.168.2.4
        TimestampSource PortDest PortSource IPDest IP
        Jan 2, 2025 14:24:55.126229048 CET53588151.1.1.1192.168.2.4
        Jan 2, 2025 14:24:55.252036095 CET53548431.1.1.1192.168.2.4
        Jan 2, 2025 14:24:56.333882093 CET53606101.1.1.1192.168.2.4
        Jan 2, 2025 14:24:59.628146887 CET5224053192.168.2.41.1.1.1
        Jan 2, 2025 14:24:59.628294945 CET5702653192.168.2.41.1.1.1
        Jan 2, 2025 14:24:59.634953976 CET53570261.1.1.1192.168.2.4
        Jan 2, 2025 14:24:59.635066032 CET53522401.1.1.1192.168.2.4
        Jan 2, 2025 14:25:00.837600946 CET4929753192.168.2.41.1.1.1
        Jan 2, 2025 14:25:00.837821007 CET5605753192.168.2.41.1.1.1
        Jan 2, 2025 14:25:00.844490051 CET53492971.1.1.1192.168.2.4
        Jan 2, 2025 14:25:00.845222950 CET53560571.1.1.1192.168.2.4
        Jan 2, 2025 14:25:12.585875988 CET138138192.168.2.4192.168.2.255
        Jan 2, 2025 14:25:13.416476965 CET53603851.1.1.1192.168.2.4
        Jan 2, 2025 14:25:32.353517056 CET53589221.1.1.1192.168.2.4
        Jan 2, 2025 14:25:54.935014963 CET53622731.1.1.1192.168.2.4
        Jan 2, 2025 14:25:55.104985952 CET53580911.1.1.1192.168.2.4
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 2, 2025 14:24:59.628146887 CET192.168.2.41.1.1.10x2fe8Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Jan 2, 2025 14:24:59.628294945 CET192.168.2.41.1.1.10x4c3cStandard query (0)www.google.com65IN (0x0001)false
        Jan 2, 2025 14:25:00.837600946 CET192.168.2.41.1.1.10x6d0Standard query (0)audienceexposure.comA (IP address)IN (0x0001)false
        Jan 2, 2025 14:25:00.837821007 CET192.168.2.41.1.1.10x4209Standard query (0)audienceexposure.com65IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 2, 2025 14:24:59.634953976 CET1.1.1.1192.168.2.40x4c3cNo error (0)www.google.com65IN (0x0001)false
        Jan 2, 2025 14:24:59.635066032 CET1.1.1.1192.168.2.40x2fe8No error (0)www.google.com142.250.185.164A (IP address)IN (0x0001)false
        Jan 2, 2025 14:25:00.844490051 CET1.1.1.1192.168.2.40x6d0No error (0)audienceexposure.com73685.bodis.comCNAME (Canonical name)IN (0x0001)false
        Jan 2, 2025 14:25:00.844490051 CET1.1.1.1192.168.2.40x6d0No error (0)73685.bodis.com199.59.243.227A (IP address)IN (0x0001)false
        Jan 2, 2025 14:25:00.845222950 CET1.1.1.1192.168.2.40x4209No error (0)audienceexposure.com73685.bodis.comCNAME (Canonical name)IN (0x0001)false
        • audienceexposure.com
        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.449740199.59.243.227803288C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        Jan 2, 2025 14:25:00.859743118 CET435OUTGET / HTTP/1.1
        Host: audienceexposure.com
        Connection: keep-alive
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Jan 2, 2025 14:25:01.333517075 CET189INHTTP/1.1 403 Forbidden
        content-length: 93
        cache-control: no-cache
        content-type: text/html
        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Jan 2, 2025 14:25:01.422089100 CET384OUTGET /favicon.ico HTTP/1.1
        Host: audienceexposure.com
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
        Referer: http://audienceexposure.com/
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Jan 2, 2025 14:25:01.526890993 CET189INHTTP/1.1 403 Forbidden
        content-length: 93
        cache-control: no-cache
        content-type: text/html
        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        1192.168.2.449741199.59.243.227803288C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        Jan 2, 2025 14:25:11.228301048 CET233INHTTP/1.1 408 Request Time-out
        Content-length: 110
        Cache-Control: no-cache
        Connection: close
        Content-Type: text/html
        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
        Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>
        Jan 2, 2025 14:25:56.237437963 CET6OUTData Raw: 00
        Data Ascii:


        020406080s020406080100

        Click to jump to process

        020406080s0.0020406080100MB

        Click to jump to process

        Target ID:0
        Start time:08:24:48
        Start date:02/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:2
        Start time:08:24:53
        Start date:02/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1988,i,13375425743627228208,12030322760288189565,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:3
        Start time:08:24:59
        Start date:02/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://audienceexposure.com"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        No disassembly