Create Interactive Tour

Windows Analysis Report
http://ny-t.r-tb.com/

Overview

General Information

Sample URL:	http://ny-t.r-tb.com/
Analysis ID:	564184
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6060 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ny-t.r-tb.com/ MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 8052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5072 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Feb 2022 14:15:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSVary: Accept-EncodingServer: cloudflareCF-RAY: 6d6bca1069ed9225-FRAContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$

Source: angular.js.1.dr	String found in binary or memory: http://angularjs.org
Source: angular.js.1.dr	String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.1.dr, pnacl_public_x86_64_pnacl_llc_nexe.1.dr	String found in binary or memory: http://llvm.org/):
Source: History Provider Cache.1.dr	String found in binary or memory: http://ny-t.r-tb.com/2$Suspected
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://9309168.fls.doubleclick.net
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, manifest.json.1.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://ad.doubleclick.net
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://adservice.google.ae
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://adservice.google.com
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, manifest.json.1.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.1.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://benchmark.1e100cdn.net
Source: mirroring_common.js.1.dr	String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: pnacl_public_x86_64_libcrt_platform_a.1.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.1.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.1.dr, manifest.json.1.dr, manifest.json1.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: manifest.json.1.dr	String found in binary or memory: https://content.googleapis.com
Source: common.js.1.dr, mirroring_cast_streaming.js.1.dr	String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr, c969abab-a3f1-4f19-81a5-e3c8ab3cb894.tmp.3.dr, 61ae7b3f-641b-4b4b-8fd6-fab4d52559d4.tmp.3.dr	String found in binary or memory: https://dns.google
Source: mirroring_common.js.1.dr	String found in binary or memory: https://docs.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json.1.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: angular.js.1.dr, material_css_min.css.1.dr	String found in binary or memory: https://github.com/angular/material
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: mirroring_common.js.1.dr	String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.1.dr	String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json0.1.dr, craw_window.js.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://r4---sn-4g5e6ns7.gvt1.com
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json0.1.dr, craw_window.js.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://stats.g.doubleclick.net
Source: messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json80.1.dr, messages.json22.1.dr, messages.json73.1.dr, messages.json34.1.dr, messages.json10.1.dr, messages.json21.1.dr, messages.json3.1.dr, messages.json74.1.dr, messages.json9.1.dr, messages.json75.1.dr, messages.json85.1.dr, messages.json24.1.dr, messages.json4.1.dr, messages.json8.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json1.1.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json80.1.dr, messages.json22.1.dr, messages.json73.1.dr, messages.json34.1.dr, messages.json10.1.dr, messages.json21.1.dr, messages.json3.1.dr, messages.json74.1.dr, messages.json9.1.dr, messages.json75.1.dr, messages.json85.1.dr, messages.json24.1.dr, messages.json4.1.dr, messages.json8.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json1.1.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: History Provider Cache.1.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing/2
Source: History Provider Cache.1.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing2
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://www.google.ae
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, manifest.json.1.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://www.google.com
Source: manifest.json0.1.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.1.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com;
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr, craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.1.dr	String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.1.dr	String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://www.googleoptimize.com
Source: 696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	String found in binary or memory: https://www.gstatic.com
Source: common.js.1.dr	String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json.1.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.5:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.229:443 -> 192.168.2.5:49940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.26.57:443 -> 192.168.2.5:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.73.67.72:443 -> 192.168.2.5:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.13.51:443 -> 192.168.2.5:49991 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.5:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.92.42.1:443 -> 192.168.2.5:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.142.70.14:443 -> 192.168.2.5:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.53.99:443 -> 192.168.2.5:50222 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\41af2915-51f5-4897-bf38-828833c90425.tmp

Jump to behavior

Source: classification engine

Classification label: mal56.win@34/201@59/34

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ny-t.r-tb.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61F9BEEF-17AC.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Run

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://ny-t.r-tb.com/	4%	Virustotal		Browse
http://ny-t.r-tb.com/	100%	Avira URL Cloud	phishing

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\6060_1862559606\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	ReversingLabs

Source	Detection	Scanner	Label
http://ny-t.r-tb.com/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing
https://benchmark.1e100cdn.net	0%	URL Reputation	safe
http://ny-t.r-tb.com/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://www.googleoptimize.com	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
http://ny-t.r-tb.com/2$Suspected	100%	Avira URL Cloud	phishing
https://www.google.com;	0%	Avira URL Cloud	safe
http://ny-t.r-tb.com/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.1.229	true	false	unknown
dart.l.doubleclick.net	216.58.201.70	true	false	high
benchmark.1e100cdn.net	35.190.26.57	true	false	unknown
static.cloudflareinsights.com	104.16.95.65	true	false	unknown
tr.www.cloudflare.com	104.16.124.96	true	false	high
ajax.cloudflare.com	104.17.72.14	true	false	high
adservice.google.com	142.251.36.130	true	false	high
ny-t.r-tb.com	104.22.65.104	true	false	unknown
cedexis-1.s.llnwi.net	68.142.70.14	true	false	unknown
jsdelivr.b-cdn.net	45.92.42.1	true	false	high
serverless-benchmarks-js.compute-pipe.com	188.114.97.7	true	false	unknown
www.google.com	142.251.36.132	true	false	high
cs482.wpc.edgecastcdn.net	192.229.220.19	true	false	high
serverless-benchmarks-rust.compute-pipe.com	188.114.97.7	true	false	unknown
d1inq1x5xtur5k.cloudfront.net	13.224.222.119	true	false	high
ab13.mktossl.com	104.17.73.206	true	false	unknown
ecp.map.fastly.net	151.101.13.51	true	false	unknown
embed.videodelivery.net	104.17.23.75	true	false	unknown
pagead46.l.doubleclick.net	142.251.36.130	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
accounts.google.com	142.251.36.77	true	false	high
stats.l.doubleclick.net	142.250.102.154	true	false	high
videodelivery.net	104.17.22.75	true	false	unknown
sentry.io	35.188.42.15	true	false	high
prod.cedexis-ssl.map.fastly.net	151.101.0.65	true	false	unknown
assets.www.cloudflare.com	104.16.123.96	true	false	high
www.googleoptimize.com	142.251.36.78	true	false	unknown
iframe.videodelivery.net	104.17.22.75	true	false	unknown
www.cloudflare.com	104.16.123.96	true	false	high
ptcfc.com	104.16.53.99	true	false	unknown
api.radar.cloudflare.com	104.18.1.239	true	false	high
clients.l.google.com	142.251.36.142	true	false	high
713-xsc-918.mktoresp.com	192.28.144.124	true	false	unknown
googlehosted.l.googleusercontent.com	172.217.23.193	true	false	high
adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com	54.73.67.72	true	false	high
www.google.ae	142.251.36.67	true	false	high
cdnetworks.cedexis-test.com.wsoversea.com	163.171.156.28	true	false	unknown
limelight-ssl.cedexis-test.com	unknown	unknown	false	high
d.adroll.com	unknown	unknown	false	high
carefully-rested-condor.edgecompute.app	unknown	unknown	false	unknown
testingcf.jsdelivr.net	unknown	unknown	false	high
stats.g.doubleclick.net	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
partly-divine-monitor.edgecompute.app	unknown	unknown	false	unknown
ad.doubleclick.net	unknown	unknown	false	high
adservice.google.ae	unknown	unknown	false	high
munchkin.marketo.net	unknown	unknown	false	unknown
info.cloudflare.com	unknown	unknown	false	high
9309168.fls.doubleclick.net	unknown	unknown	false	high
vdms-ssl.cedexis-test.com	unknown	unknown	false	high
stackpath-map3.cedexis-test.com	unknown	unknown	false	high
fastly.jsdelivr.net	unknown	unknown	false	high
fastly.cedexis-test.com	unknown	unknown	false	high
cdnetworks.cedexis-test.com	unknown	unknown	false	high
p29.cedexis-test.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://9309168.fls.doubleclick.net/activityi;dc_pre=CPPH_MjY3vUCFacKBgAdC0gMuA;src=9309168;type=prici0;cat=us-pr0;ord=5246337112613;gtm=2yg1q0;auiddc=1855812276.1643757326;u1=2022%20Feb%2001%2015%3A15%3A38;u2=undefined;u3=https%3A%2F%2Fwww.cloudflare.com%2Fplans%2F;u4=undefined;u10=undefined;~oref=https%3A%2F%2Fwww.cloudflare.com%2Fplans%2F?	false		high
https://www.cloudflare.com/plans/#overview	false		high
http://ny-t.r-tb.com/cdn-cgi/styles/cf.errors.css	true	Avira URL Cloud: phishing	unknown
https://www.cloudflare.com/disclosure/	false		high
https://www.cloudflare.com/ssl/	false		high
http://ny-t.r-tb.com/cdn-cgi/images/icon-exclamation.png?1376755637	true	Avira URL Cloud: phishing	unknown
http://ny-t.r-tb.com/	true		unknown
https://www.cloudflare.com/hp/	false		high
https://iframe.videodelivery.net/36e2ecf71363317a16bd2236dfa3b8b1?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2Fd54759e4e89631c396f7741c5250b8fa%2Fimage_new-homepage_thumbnail_video_findlaw.jpg&preload=auto	true		unknown
https://www.cloudflare.com/case-studies/	false		high
https://9309168.fls.doubleclick.net/activityi;dc_pre=CPCPlczY3vUCFfAhBgAd84oHXg;src=9309168;type=resou0;cat=us-re0;ord=1699083194691;gtm=2yg1q0;auiddc=1855812276.1643757326;u1=2022%20Feb%2001%2015%3A15%3A45;u2=undefined;u3=https%3A%2F%2Fwww.cloudflare.com%2Fcase-studies%2F;u4=undefined;u5=undefined;u6=undefined;u10=undefined;~oref=https%3A%2F%2Fwww.cloudflare.com%2Fcase-studies%2F?	false		high
https://www.cloudflare.com/trademark/	false		high
https://tr.www.cloudflare.com/ns.html?id=GTM-PKQFGQB	false		high
https://iframe.videodelivery.net/652f2749728df84fc32f9a6480438364?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2F6c664e30bf2f38015fb61bd986a719c8%2Fthumbnail_stream_case-study_lendingtree.jpg&preload=auto	true		unknown
https://iframe.videodelivery.net/e696e3b6be9ada0fc9e9674aedb54b17?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2Fcd4f24ce8e7102f1250568b31eef4fc7%2Fimage_new-homepage_thumbnail_video_hubspot.jpg&preload=auto	true		unknown
https://www.cloudflare.com/5xx-error-landing/	false		high
https://tr.www.cloudflare.com/gtm.js?id=GTM-PKQFGQB	false		high
http://ny-t.r-tb.com/	true		unknown
https://iframe.videodelivery.net/5efe5eca1517ad1a2f9ff3e75cc9cf5a?poster=https%3A%2F%2Fwww.cloudflare.com%2Fstatic%2F49e13a9372ad387fe3f96771e6783819%2Fthumbnail_stream_case-study_customer-video.jpg&preload=auto	true		unknown
http://ny-t.r-tb.com/favicon.ico	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://stats.g.doubleclick.net	87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://apis.google.com/js/client.js	mirroring_common.js.1.dr	false		high
https://www.google.com/images/cleardot.gif	craw_window.js.1.dr	false		high
https://crash.corp.google.com/samples?reportid=&q=	common.js.1.dr, mirroring_cast_streaming.js.1.dr	false		high
https://benchmark.1e100cdn.net	87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false	URL Reputation: safe	unknown
https://www.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.1.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json0.1.dr, craw_window.js.1.dr	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01	mirroring_hangouts.js.1.dr	false		high
https://9309168.fls.doubleclick.net	87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.1.dr	false		high
https://preprod-hangouts-googleapis.sandbox.google.com	mirroring_hangouts.js.1.dr	false		high
https://www.google.com	696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, manifest.json.1.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://www.googleoptimize.com	87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false	URL Reputation: safe	unknown
https://hangouts.clients6.google.com	mirroring_hangouts.js.1.dr	false		high
https://meet.google.com	mirroring_common.js.1.dr	false		high
https://hangouts.google.com/hangouts/_/logpref	mirroring_hangouts.js.1.dr	false		high
https://accounts.google.com	696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, manifest.json.1.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://clients2.google.com/cr/report	mirroring_hangouts.js.1.dr	false		high
http://angularjs.org	angular.js.1.dr	false		high
https://creativecommons.org/publicdomain/zero/1.0/.	mirroring_hangouts.js.1.dr	false		high
https://github.com/angular/material	angular.js.1.dr, material_css_min.css.1.dr	false		high
https://apis.google.com	696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, manifest.json.1.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.1.dr	false		high
https://github.com/madler/zlib/blob/master/zlib.h	mirroring_hangouts.js.1.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_background.js.1.dr, craw_window.js.1.dr	false		high
https://clients2.google.com	696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://www.cloudflare.com/5xx-error-landing/2	History Provider Cache.1.dr	false		high
https://www.google.com/tools/feedback	feedback_script.js.1.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	mirroring_hangouts.js.1.dr	false		high
https://dns.google	696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr, c969abab-a3f1-4f19-81a5-e3c8ab3cb894.tmp.3.dr, 61ae7b3f-641b-4b4b-8fd6-fab4d52559d4.tmp.3.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_background.js.1.dr, craw_window.js.1.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.1.dr	false		high
https://ogs.google.com	696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
http://ny-t.r-tb.com/2$Suspected	History Provider Cache.1.dr	true	Avira URL Cloud: phishing	unknown
https://support.google.com/chromecast/troubleshooter/2995236	messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json80.1.dr, messages.json22.1.dr, messages.json73.1.dr, messages.json34.1.dr, messages.json10.1.dr, messages.json21.1.dr, messages.json3.1.dr, messages.json74.1.dr, messages.json9.1.dr, messages.json75.1.dr, messages.json85.1.dr, messages.json24.1.dr, messages.json4.1.dr, messages.json8.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json1.1.dr	false		high
https://www.google.ae	87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions	mirroring_hangouts.js.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json0.1.dr, craw_window.js.1.dr	false		high
https://adservice.google.com	87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://www.google.com;	manifest.json.1.dr	false	Avira URL Cloud: safe	low
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git	pnacl_public_x86_64_libcrt_platform_a.1.dr	false		high
https://hangouts.google.com/	manifest.json.1.dr	false		high
https://www.google.com/images/x2.gif	craw_window.js.1.dr	false		high
http://llvm.org/):	pnacl_public_x86_64_pnacl_sz_nexe.1.dr, pnacl_public_x86_64_pnacl_llc_nexe.1.dr	false		high
https://ad.doubleclick.net	87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.1.dr	false		high
https://meetings.clients6.google.com	mirroring_hangouts.js.1.dr	false		high
https://play.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.1.dr	false		high
https://code.google.com/p/nativeclient/issues/entry%s:	pnacl_public_x86_64_ld_nexe.1.dr	false		high
http://tools.ietf.org/html/rfc1950	mirroring_hangouts.js.1.dr	false		high
https://code.google.com/p/nativeclient/issues/entry	pnacl_public_x86_64_ld_nexe.1.dr	false		high
https://www.cloudflare.com/5xx-error-landing2	History Provider Cache.1.dr	false		high
https://support.google.com/chromecast/answer/2998456	messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json80.1.dr, messages.json22.1.dr, messages.json73.1.dr, messages.json34.1.dr, messages.json10.1.dr, messages.json21.1.dr, messages.json3.1.dr, messages.json74.1.dr, messages.json9.1.dr, messages.json75.1.dr, messages.json85.1.dr, messages.json24.1.dr, messages.json4.1.dr, messages.json8.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json1.1.dr	false		high
https://clients2.googleusercontent.com	696e657a-f8aa-4b81-b040-5814fcb6632c.tmp.3.dr, 87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://docs.google.com	mirroring_common.js.1.dr	false		high
https://www.google.com/	manifest.json0.1.dr	false		high
https://feedback.googleusercontent.com	manifest.json.1.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-clang.git	pnacl_public_x86_64_libcrt_platform_a.1.dr	false		high
https://adservice.google.ae	87477827-3fa1-4073-b293-905b38f3ed65.tmp.3.dr, 0a4a6058-d422-4703-be98-4574384b304f.tmp.3.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.1.dr, manifest.json.1.dr, manifest.json1.1.dr	false		high
https://clients6.google.com	mirroring_hangouts.js.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.28.144.124	713-xsc-918.mktoresp.com	United States	15224	OMNITUREUS	false
104.16.53.99	ptcfc.com	United States	13335	CLOUDFLARENETUS	false
163.171.156.28	cdnetworks.cedexis-test.com.wsoversea.com	European Union	54994	QUANTILNETWORKSUS	false
151.101.13.51	ecp.map.fastly.net	United States	54113	FASTLYUS	false
45.92.42.1	jsdelivr.b-cdn.net	United Kingdom	200325	BUNNYCDNDE	false
151.101.0.65	prod.cedexis-ssl.map.fastly.net	United States	54113	FASTLYUS	false
35.188.42.15	sentry.io	United States	15169	GOOGLEUS	false
192.229.220.19	cs482.wpc.edgecastcdn.net	United States	15133	EDGECASTUS	false
104.17.73.206	ab13.mktossl.com	United States	13335	CLOUDFLARENETUS	false
142.251.36.78	www.googleoptimize.com	United States	15169	GOOGLEUS	false
142.251.36.77	accounts.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
54.73.67.72	adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
104.22.65.104	ny-t.r-tb.com	United States	13335	CLOUDFLARENETUS	false
172.217.23.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
104.17.22.75	videodelivery.net	United States	13335	CLOUDFLARENETUS	false
104.16.124.96	tr.www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.16.95.65	static.cloudflareinsights.com	United States	13335	CLOUDFLARENETUS	false
104.17.72.14	ajax.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
142.251.36.132	www.google.com	United States	15169	GOOGLEUS	false
216.58.201.70	dart.l.doubleclick.net	United States	15169	GOOGLEUS	false
13.224.222.119	d1inq1x5xtur5k.cloudfront.net	United States	16509	AMAZON-02US	false
142.251.36.130	adservice.google.com	United States	15169	GOOGLEUS	false
188.114.97.7	serverless-benchmarks-js.compute-pipe.com	European Union	13335	CLOUDFLARENETUS	false
68.142.70.14	cedexis-1.s.llnwi.net	United States	22822	LLNWUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.26.57	benchmark.1e100cdn.net	United States	15169	GOOGLEUS	false
104.18.1.239	api.radar.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.102.154	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
104.17.23.75	embed.videodelivery.net	United States	13335	CLOUDFLARENETUS	false
104.16.123.96	assets.www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	564184
Start date:	01.02.2022
Start time:	15:13:56
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 19s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://ny-t.r-tb.com/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@34/201@59/34
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Browse: https://www.cloudflare.com/5xx-error-landing Browse: https://www.cloudflare.com/ Browse: https://www.cloudflare.com/ssl/ Browse: https://www.cloudflare.com/plans/ Browse: https://www.cloudflare.com/case-studies/ Browse: https://www.cloudflare.com/disclosure/ Browse: https://www.cloudflare.com/trademark/

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
TCP Packets have been reduced to 100
Created / dropped Files have been reduced to 100
Excluded IPs from analysis (whitelisted): 23.54.113.53, 142.251.36.131, 142.251.36.142, 173.194.182.73, 34.104.35.123, 151.139.128.10, 23.10.249.122, 23.10.249.99, 2.21.22.169, 2.21.22.160, 104.16.85.20, 104.16.87.20, 104.16.88.20, 104.16.86.20, 104.16.89.20, 142.251.36.67, 104.89.28.179, 40.112.88.60, 142.251.37.106, 216.58.201.74, 142.251.36.74, 142.251.36.138, 20.54.104.15, 20.54.7.98
Excluded domains from analysis (whitelisted): testingcf.jsdelivr.net.cdn.cloudflare.net, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, e10776.b.akamaiedge.net, r4.sn-4g5e6ns7.gvt1.com, cds.x7t9n8c4.hwcdn.net, arc.msn.com, wildcard.marketo.net.edgekey.net, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, essl-cdxs.edgekey.net, e31668.a.akamaiedge.net, redirector.gvt1.com, cedexis-test.akamaized.net, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, r4---sn-4g5e6ns7.gvt1.com, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, geo.cdxswitch.akadns.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, www.googleapis.com, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, cedexis-ssl.wpc.apr-b30d.edgecastdns.net, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, store-imag
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

Source: http://ny-t.r-tb.com/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing
Source: http://ny-t.r-tb.com/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing
Source: http://ny-t.r-tb.com/2$Suspected	Avira URL Cloud: Label: phishing
Source: http://ny-t.r-tb.com/favicon.ico	Avira URL Cloud: Label: phishing

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ny-t.r-tb.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: ny-t.r-tb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Referer: http://ny-t.r-tb.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: ny-t.r-tb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://ny-t.r-tb.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ny-t.r-tb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://ny-t.r-tb.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: ny-t.r-tb.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 1, 2022 15:14:58.826798916 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:58.826829910 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:58.826910973 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:58.827178955 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:58.827194929 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:58.834194899 CET	49759	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:58.835108042 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:58.850491047 CET	80	49759	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:58.850593090 CET	49759	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:58.851027966 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:58.851110935 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:58.851417065 CET	49759	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:58.867572069 CET	80	49759	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:58.899883986 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:58.901354074 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:58.901384115 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:58.903177977 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:58.903271914 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:58.909010887 CET	80	49759	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:58.909035921 CET	80	49759	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:58.909106970 CET	80	49759	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:58.909117937 CET	49759	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:58.914300919 CET	80	49759	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:58.914366007 CET	49759	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:59.378660917 CET	49759	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:59.394999027 CET	80	49759	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.426297903 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:59.442517042 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.451432943 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.451474905 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.451498032 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.451514006 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.451529980 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.451639891 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:59.451698065 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:59.523199081 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:59.539355993 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.541399956 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:14:59.661010027 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:59.661173105 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:59.664191008 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:59.664208889 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:59.734055996 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:59.755004883 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:59.755084991 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:59.760658026 CET	49757	443	192.168.2.5	142.251.36.77
Feb 1, 2022 15:14:59.760687113 CET	443	49757	142.251.36.77	192.168.2.5
Feb 1, 2022 15:14:59.900330067 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:14:59.916429043 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:15:00.109690905 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:15:00.109719992 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:15:00.109864950 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:15:00.109910011 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:15:00.109965086 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:15:00.111444950 CET	49760	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:15:00.127494097 CET	80	49760	104.22.65.104	192.168.2.5
Feb 1, 2022 15:15:00.904144049 CET	49769	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:15:00.932562113 CET	80	49769	104.22.65.104	192.168.2.5
Feb 1, 2022 15:15:00.932739973 CET	49769	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:15:00.932832003 CET	49769	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:15:00.961095095 CET	80	49769	104.22.65.104	192.168.2.5
Feb 1, 2022 15:15:00.976409912 CET	80	49769	104.22.65.104	192.168.2.5
Feb 1, 2022 15:15:00.976526976 CET	49769	80	192.168.2.5	104.22.65.104
Feb 1, 2022 15:15:08.721110106 CET	49782	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.721149921 CET	443	49782	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.721227884 CET	49782	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.721935987 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.721962929 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.722023964 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.723787069 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.723802090 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.724019051 CET	49782	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.724033117 CET	443	49782	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.765041113 CET	443	49782	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.765162945 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.766571999 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.766599894 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.766804934 CET	49782	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.766822100 CET	443	49782	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.767703056 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.767812967 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.767890930 CET	443	49782	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.767970085 CET	49782	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.771112919 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.771226883 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.771336079 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.771353006 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.771794081 CET	49782	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.772680998 CET	443	49782	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.811647892 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.812707901 CET	49782	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.812736988 CET	443	49782	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.852876902 CET	49782	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.866388083 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.866425991 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.866476059 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.866519928 CET	49783	443	192.168.2.5	104.16.123.96
Feb 1, 2022 15:15:08.866549015 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.866564035 CET	443	49783	104.16.123.96	192.168.2.5
Feb 1, 2022 15:15:08.866600990 CET	49783	443	192.168.2.5	104.16.123.96

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 1, 2022 15:14:58.787280083 CET	192.168.2.5	8.8.8.8	0x78f9	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:58.799494028 CET	192.168.2.5	8.8.8.8	0x6d5e	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:58.804337978 CET	192.168.2.5	8.8.8.8	0x1bbe	Standard query (0)	ny-t.r-tb.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:59.867851019 CET	192.168.2.5	8.8.8.8	0xef32	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:00.874773979 CET	192.168.2.5	8.8.8.8	0x3fa1	Standard query (0)	ny-t.r-tb.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:09.011792898 CET	192.168.2.5	8.8.8.8	0xb6a1	Standard query (0)	assets.www.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:09.530817986 CET	192.168.2.5	8.8.8.8	0xfc2	Standard query (0)	ajax.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:10.529175997 CET	192.168.2.5	8.8.8.8	0x8c8b	Standard query (0)	sentry.io	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:11.914815903 CET	192.168.2.5	8.8.8.8	0x81ae	Standard query (0)	tr.www.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:14.675072908 CET	192.168.2.5	8.8.8.8	0xd340	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:15.725734949 CET	192.168.2.5	8.8.8.8	0x1018	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:23.790339947 CET	192.168.2.5	8.8.8.8	0xb22c	Standard query (0)	www.googleoptimize.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.137593985 CET	192.168.2.5	8.8.8.8	0x1822	Standard query (0)	api.radar.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.230382919 CET	192.168.2.5	8.8.8.8	0xfbe2	Standard query (0)	static.cloudflareinsights.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.627877951 CET	192.168.2.5	8.8.8.8	0x9141	Standard query (0)	serverless-benchmarks-js.compute-pipe.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:25.346534014 CET	192.168.2.5	8.8.8.8	0x8a31	Standard query (0)	fastly.jsdelivr.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:25.748869896 CET	192.168.2.5	8.8.8.8	0x905f	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.549097061 CET	192.168.2.5	8.8.8.8	0x22a3	Standard query (0)	p29.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.879456043 CET	192.168.2.5	8.8.8.8	0x1c17	Standard query (0)	ad.doubleclick.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.879635096 CET	192.168.2.5	8.8.8.8	0x1036	Standard query (0)	d.adroll.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.894474983 CET	192.168.2.5	8.8.8.8	0xf4c7	Standard query (0)	stackpath-map3.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.119832039 CET	192.168.2.5	8.8.8.8	0x70a	Standard query (0)	benchmark.1e100cdn.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.382638931 CET	192.168.2.5	8.8.8.8	0x35d7	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.398664951 CET	192.168.2.5	8.8.8.8	0x832	Standard query (0)	adservice.google.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.398902893 CET	192.168.2.5	8.8.8.8	0x87aa	Standard query (0)	carefully-rested-condor.edgecompute.app	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.607238054 CET	192.168.2.5	8.8.8.8	0x2fe0	Standard query (0)	adservice.google.ae	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.667635918 CET	192.168.2.5	8.8.8.8	0x1850	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.863972902 CET	192.168.2.5	8.8.8.8	0x6f7d	Standard query (0)	www.google.ae	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:29.604027987 CET	192.168.2.5	8.8.8.8	0xc39e	Standard query (0)	cdnetworks.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.570434093 CET	192.168.2.5	8.8.8.8	0xf96e	Standard query (0)	fastly.jsdelivr.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.592592001 CET	192.168.2.5	8.8.8.8	0x40cb	Standard query (0)	jsdelivr.b-cdn.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.610049963 CET	192.168.2.5	8.8.8.8	0x23ee	Standard query (0)	p29.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.630414963 CET	192.168.2.5	8.8.8.8	0x5dff	Standard query (0)	stackpath-map3.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.659388065 CET	192.168.2.5	8.8.8.8	0x20d9	Standard query (0)	benchmark.1e100cdn.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.668108940 CET	192.168.2.5	8.8.8.8	0x71e6	Standard query (0)	carefully-rested-condor.edgecompute.app	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.684760094 CET	192.168.2.5	8.8.8.8	0xd8ee	Standard query (0)	d.adroll.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.134588957 CET	192.168.2.5	8.8.8.8	0x4123	Standard query (0)	testingcf.jsdelivr.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.245073080 CET	192.168.2.5	8.8.8.8	0xfdd1	Standard query (0)	partly-divine-monitor.edgecompute.app	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.282983065 CET	192.168.2.5	8.8.8.8	0x6ed2	Standard query (0)	fastly.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.516038895 CET	192.168.2.5	8.8.8.8	0xb889	Standard query (0)	limelight-ssl.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.647360086 CET	192.168.2.5	8.8.8.8	0xb5b0	Standard query (0)	vdms-ssl.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.843777895 CET	192.168.2.5	8.8.8.8	0x6318	Standard query (0)	ptcfc.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:35.391679049 CET	192.168.2.5	8.8.8.8	0x76cd	Standard query (0)	partly-divine-monitor.edgecompute.app	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:39.257694006 CET	192.168.2.5	8.8.8.8	0x7ac3	Standard query (0)	9309168.fls.doubleclick.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:40.140332937 CET	192.168.2.5	8.8.8.8	0x9d99	Standard query (0)	serverless-benchmarks-rust.compute-pipe.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:41.119573116 CET	192.168.2.5	8.8.8.8	0x3b61	Standard query (0)	adservice.google.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:42.112507105 CET	192.168.2.5	8.8.8.8	0x941b	Standard query (0)	fastly.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:42.125385046 CET	192.168.2.5	8.8.8.8	0x5994	Standard query (0)	jsdelivr.b-cdn.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:45.663765907 CET	192.168.2.5	8.8.8.8	0x8639	Standard query (0)	embed.videodelivery.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:46.397910118 CET	192.168.2.5	8.8.8.8	0xb6b3	Standard query (0)	iframe.videodelivery.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:49.324553967 CET	192.168.2.5	8.8.8.8	0x7416	Standard query (0)	videodelivery.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:55.932569027 CET	192.168.2.5	8.8.8.8	0xf5c	Standard query (0)	ptcfc.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:55.944236040 CET	192.168.2.5	8.8.8.8	0x342c	Standard query (0)	limelight-ssl.cedexis-test.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:55.954221964 CET	192.168.2.5	8.8.8.8	0x39d	Standard query (0)	testingcf.jsdelivr.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:57.791645050 CET	192.168.2.5	8.8.8.8	0x40e9	Standard query (0)	info.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:16:00.095362902 CET	192.168.2.5	8.8.8.8	0x664c	Standard query (0)	munchkin.marketo.net	A (IP address)	IN (0x0001)
Feb 1, 2022 15:16:00.306047916 CET	192.168.2.5	8.8.8.8	0xbaa5	Standard query (0)	713-xsc-918.mktoresp.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:16:00.807857037 CET	192.168.2.5	8.8.8.8	0x7d79	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)
Feb 1, 2022 15:16:26.180897951 CET	192.168.2.5	8.8.8.8	0x918c	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 1, 2022 15:14:58.818231106 CET	8.8.8.8	192.168.2.5	0x6d5e	No error (0)	accounts.google.com		142.251.36.77	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:58.824520111 CET	8.8.8.8	192.168.2.5	0x78f9	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:14:58.824520111 CET	8.8.8.8	192.168.2.5	0x78f9	No error (0)	clients.l.google.com		142.251.36.142	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:58.825577021 CET	8.8.8.8	192.168.2.5	0x1bbe	No error (0)	ny-t.r-tb.com		104.22.65.104	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:58.825577021 CET	8.8.8.8	192.168.2.5	0x1bbe	No error (0)	ny-t.r-tb.com		104.22.64.104	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:58.825577021 CET	8.8.8.8	192.168.2.5	0x1bbe	No error (0)	ny-t.r-tb.com		172.67.26.25	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:59.888459921 CET	8.8.8.8	192.168.2.5	0xef32	No error (0)	www.cloudflare.com		104.16.123.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:14:59.888459921 CET	8.8.8.8	192.168.2.5	0xef32	No error (0)	www.cloudflare.com		104.16.124.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:00.896248102 CET	8.8.8.8	192.168.2.5	0x3fa1	No error (0)	ny-t.r-tb.com		104.22.65.104	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:00.896248102 CET	8.8.8.8	192.168.2.5	0x3fa1	No error (0)	ny-t.r-tb.com		172.67.26.25	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:00.896248102 CET	8.8.8.8	192.168.2.5	0x3fa1	No error (0)	ny-t.r-tb.com		104.22.64.104	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:09.036860943 CET	8.8.8.8	192.168.2.5	0xb6a1	No error (0)	assets.www.cloudflare.com		104.16.123.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:09.036860943 CET	8.8.8.8	192.168.2.5	0xb6a1	No error (0)	assets.www.cloudflare.com		104.16.124.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:09.552755117 CET	8.8.8.8	192.168.2.5	0xfc2	No error (0)	ajax.cloudflare.com		104.17.72.14	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:09.552755117 CET	8.8.8.8	192.168.2.5	0xfc2	No error (0)	ajax.cloudflare.com		104.17.73.14	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:10.545603037 CET	8.8.8.8	192.168.2.5	0x8c8b	No error (0)	sentry.io		35.188.42.15	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:11.939568996 CET	8.8.8.8	192.168.2.5	0x81ae	No error (0)	tr.www.cloudflare.com		104.16.124.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:11.939568996 CET	8.8.8.8	192.168.2.5	0x81ae	No error (0)	tr.www.cloudflare.com		104.16.123.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:14.699395895 CET	8.8.8.8	192.168.2.5	0xd340	No error (0)	www.cloudflare.com		104.16.124.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:14.699395895 CET	8.8.8.8	192.168.2.5	0xd340	No error (0)	www.cloudflare.com		104.16.123.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:15.753587008 CET	8.8.8.8	192.168.2.5	0x1018	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:15.753587008 CET	8.8.8.8	192.168.2.5	0x1018	No error (0)	googlehosted.l.googleusercontent.com		172.217.23.193	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:23.815707922 CET	8.8.8.8	192.168.2.5	0xb22c	No error (0)	www.googleoptimize.com		142.251.36.78	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.162329912 CET	8.8.8.8	192.168.2.5	0x1822	No error (0)	api.radar.cloudflare.com		104.18.1.239	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.162329912 CET	8.8.8.8	192.168.2.5	0x1822	No error (0)	api.radar.cloudflare.com		104.18.0.239	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.248511076 CET	8.8.8.8	192.168.2.5	0xfbe2	No error (0)	static.cloudflareinsights.com		104.16.95.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.248511076 CET	8.8.8.8	192.168.2.5	0xfbe2	No error (0)	static.cloudflareinsights.com		104.16.94.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.650510073 CET	8.8.8.8	192.168.2.5	0x9141	No error (0)	serverless-benchmarks-js.compute-pipe.com		188.114.97.7	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:24.650510073 CET	8.8.8.8	192.168.2.5	0x9141	No error (0)	serverless-benchmarks-js.compute-pipe.com		188.114.96.7	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:25.365242958 CET	8.8.8.8	192.168.2.5	0x8a31	No error (0)	fastly.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:25.365242958 CET	8.8.8.8	192.168.2.5	0x8a31	No error (0)	jsdelivr.map.fastly.net		151.101.1.229	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:25.365242958 CET	8.8.8.8	192.168.2.5	0x8a31	No error (0)	jsdelivr.map.fastly.net		151.101.65.229	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:25.365242958 CET	8.8.8.8	192.168.2.5	0x8a31	No error (0)	jsdelivr.map.fastly.net		151.101.129.229	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:25.365242958 CET	8.8.8.8	192.168.2.5	0x8a31	No error (0)	jsdelivr.map.fastly.net		151.101.193.229	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:25.776143074 CET	8.8.8.8	192.168.2.5	0x905f	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.595113039 CET	8.8.8.8	192.168.2.5	0x22a3	No error (0)	p29.cedexis-test.com	d1inq1x5xtur5k.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:26.595113039 CET	8.8.8.8	192.168.2.5	0x22a3	No error (0)	d1inq1x5xtur5k.cloudfront.net		13.224.222.119	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.595113039 CET	8.8.8.8	192.168.2.5	0x22a3	No error (0)	d1inq1x5xtur5k.cloudfront.net		13.224.222.5	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.595113039 CET	8.8.8.8	192.168.2.5	0x22a3	No error (0)	d1inq1x5xtur5k.cloudfront.net		13.224.222.34	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.595113039 CET	8.8.8.8	192.168.2.5	0x22a3	No error (0)	d1inq1x5xtur5k.cloudfront.net		13.224.222.118	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.895901918 CET	8.8.8.8	192.168.2.5	0x1036	No error (0)	d.adroll.com	adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:26.895901918 CET	8.8.8.8	192.168.2.5	0x1036	No error (0)	adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com		54.73.67.72	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.895901918 CET	8.8.8.8	192.168.2.5	0x1036	No error (0)	adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com		52.208.5.241	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.906002045 CET	8.8.8.8	192.168.2.5	0x1c17	No error (0)	ad.doubleclick.net	dart.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:26.906002045 CET	8.8.8.8	192.168.2.5	0x1c17	No error (0)	dart.l.doubleclick.net		216.58.201.70	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:26.918754101 CET	8.8.8.8	192.168.2.5	0xf4c7	No error (0)	stackpath-map3.cedexis-test.com	cds.x7t9n8c4.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:27.138462067 CET	8.8.8.8	192.168.2.5	0x70a	No error (0)	benchmark.1e100cdn.net		35.190.26.57	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.407383919 CET	8.8.8.8	192.168.2.5	0x35d7	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:27.407383919 CET	8.8.8.8	192.168.2.5	0x35d7	No error (0)	stats.l.doubleclick.net		142.250.102.154	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.407383919 CET	8.8.8.8	192.168.2.5	0x35d7	No error (0)	stats.l.doubleclick.net		142.250.102.157	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.407383919 CET	8.8.8.8	192.168.2.5	0x35d7	No error (0)	stats.l.doubleclick.net		142.250.102.155	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.407383919 CET	8.8.8.8	192.168.2.5	0x35d7	No error (0)	stats.l.doubleclick.net		142.250.102.156	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.421030045 CET	8.8.8.8	192.168.2.5	0x87aa	No error (0)	carefully-rested-condor.edgecompute.app	ecp.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:27.421030045 CET	8.8.8.8	192.168.2.5	0x87aa	No error (0)	ecp.map.fastly.net		151.101.13.51	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.425023079 CET	8.8.8.8	192.168.2.5	0x832	No error (0)	adservice.google.com		142.251.36.130	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.633838892 CET	8.8.8.8	192.168.2.5	0x2fe0	No error (0)	adservice.google.ae	pagead46.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:27.633838892 CET	8.8.8.8	192.168.2.5	0x2fe0	No error (0)	pagead46.l.doubleclick.net		142.251.36.130	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.694447041 CET	8.8.8.8	192.168.2.5	0x1850	No error (0)	www.google.com		142.251.36.132	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:27.903060913 CET	8.8.8.8	192.168.2.5	0x6f7d	No error (0)	www.google.ae		142.251.36.67	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:29.632586002 CET	8.8.8.8	192.168.2.5	0xc39e	No error (0)	cdnetworks.cedexis-test.com	cdnetworks.cedexis-test.com.wsoversea.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:29.632586002 CET	8.8.8.8	192.168.2.5	0xc39e	No error (0)	cdnetworks.cedexis-test.com.wsoversea.com		163.171.156.28	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.589148998 CET	8.8.8.8	192.168.2.5	0xf96e	No error (0)	fastly.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:30.589148998 CET	8.8.8.8	192.168.2.5	0xf96e	No error (0)	jsdelivr.map.fastly.net		151.101.1.229	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.589148998 CET	8.8.8.8	192.168.2.5	0xf96e	No error (0)	jsdelivr.map.fastly.net		151.101.65.229	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.589148998 CET	8.8.8.8	192.168.2.5	0xf96e	No error (0)	jsdelivr.map.fastly.net		151.101.129.229	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.589148998 CET	8.8.8.8	192.168.2.5	0xf96e	No error (0)	jsdelivr.map.fastly.net		151.101.193.229	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.620896101 CET	8.8.8.8	192.168.2.5	0x40cb	No error (0)	jsdelivr.b-cdn.net		45.92.42.1	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.636773109 CET	8.8.8.8	192.168.2.5	0x23ee	No error (0)	p29.cedexis-test.com	d1inq1x5xtur5k.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:30.636773109 CET	8.8.8.8	192.168.2.5	0x23ee	No error (0)	d1inq1x5xtur5k.cloudfront.net		13.224.222.118	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.636773109 CET	8.8.8.8	192.168.2.5	0x23ee	No error (0)	d1inq1x5xtur5k.cloudfront.net		13.224.222.34	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.636773109 CET	8.8.8.8	192.168.2.5	0x23ee	No error (0)	d1inq1x5xtur5k.cloudfront.net		13.224.222.5	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.636773109 CET	8.8.8.8	192.168.2.5	0x23ee	No error (0)	d1inq1x5xtur5k.cloudfront.net		13.224.222.119	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.656771898 CET	8.8.8.8	192.168.2.5	0x5dff	No error (0)	stackpath-map3.cedexis-test.com	cds.x7t9n8c4.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:30.675764084 CET	8.8.8.8	192.168.2.5	0x20d9	No error (0)	benchmark.1e100cdn.net		35.190.26.57	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.687752008 CET	8.8.8.8	192.168.2.5	0x71e6	No error (0)	carefully-rested-condor.edgecompute.app	ecp.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:30.687752008 CET	8.8.8.8	192.168.2.5	0x71e6	No error (0)	ecp.map.fastly.net		151.101.113.51	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.703003883 CET	8.8.8.8	192.168.2.5	0xd8ee	No error (0)	d.adroll.com	adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:30.703003883 CET	8.8.8.8	192.168.2.5	0xd8ee	No error (0)	adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com		54.73.67.72	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:30.703003883 CET	8.8.8.8	192.168.2.5	0xd8ee	No error (0)	adserver-vpc-alb-3-890571764.eu-west-1.elb.amazonaws.com		52.208.5.241	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.155826092 CET	8.8.8.8	192.168.2.5	0x4123	No error (0)	testingcf.jsdelivr.net	testingcf.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:32.267173052 CET	8.8.8.8	192.168.2.5	0xfdd1	No error (0)	partly-divine-monitor.edgecompute.app	ecp.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:32.267173052 CET	8.8.8.8	192.168.2.5	0xfdd1	No error (0)	ecp.map.fastly.net		151.101.13.51	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.309992075 CET	8.8.8.8	192.168.2.5	0x6ed2	No error (0)	fastly.cedexis-test.com	prod.cedexis-ssl.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:32.309992075 CET	8.8.8.8	192.168.2.5	0x6ed2	No error (0)	prod.cedexis-ssl.map.fastly.net		151.101.0.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.309992075 CET	8.8.8.8	192.168.2.5	0x6ed2	No error (0)	prod.cedexis-ssl.map.fastly.net		151.101.64.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.309992075 CET	8.8.8.8	192.168.2.5	0x6ed2	No error (0)	prod.cedexis-ssl.map.fastly.net		151.101.128.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.309992075 CET	8.8.8.8	192.168.2.5	0x6ed2	No error (0)	prod.cedexis-ssl.map.fastly.net		151.101.192.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.542481899 CET	8.8.8.8	192.168.2.5	0xb889	No error (0)	limelight-ssl.cedexis-test.com	cedexis-1.vo.llnwd.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:32.542481899 CET	8.8.8.8	192.168.2.5	0xb889	No error (0)	cedexis-1.vo.llnwd.net	cedexis-1.s.llnwi.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:32.542481899 CET	8.8.8.8	192.168.2.5	0xb889	No error (0)	cedexis-1.s.llnwi.net		68.142.70.14	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.693485022 CET	8.8.8.8	192.168.2.5	0xb5b0	No error (0)	vdms-ssl.cedexis-test.com	cedexis-ssl.wpc.apr-b30d.edgecastdns.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:32.693485022 CET	8.8.8.8	192.168.2.5	0xb5b0	No error (0)	cs482.wpc.edgecastcdn.net		192.229.220.19	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.865381002 CET	8.8.8.8	192.168.2.5	0x6318	No error (0)	ptcfc.com		104.16.53.99	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:32.865381002 CET	8.8.8.8	192.168.2.5	0x6318	No error (0)	ptcfc.com		104.18.143.76	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:35.411770105 CET	8.8.8.8	192.168.2.5	0x76cd	No error (0)	partly-divine-monitor.edgecompute.app	ecp.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:35.411770105 CET	8.8.8.8	192.168.2.5	0x76cd	No error (0)	ecp.map.fastly.net		151.101.13.51	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:39.285197973 CET	8.8.8.8	192.168.2.5	0x7ac3	No error (0)	9309168.fls.doubleclick.net	dart.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:39.285197973 CET	8.8.8.8	192.168.2.5	0x7ac3	No error (0)	dart.l.doubleclick.net		216.58.201.70	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:40.160875082 CET	8.8.8.8	192.168.2.5	0x9d99	No error (0)	serverless-benchmarks-rust.compute-pipe.com		188.114.97.7	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:40.160875082 CET	8.8.8.8	192.168.2.5	0x9d99	No error (0)	serverless-benchmarks-rust.compute-pipe.com		188.114.96.7	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:41.146548033 CET	8.8.8.8	192.168.2.5	0x3b61	No error (0)	adservice.google.com		216.58.201.66	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:42.132509947 CET	8.8.8.8	192.168.2.5	0x941b	No error (0)	fastly.cedexis-test.com	prod.cedexis-ssl.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:42.132509947 CET	8.8.8.8	192.168.2.5	0x941b	No error (0)	prod.cedexis-ssl.map.fastly.net		151.101.0.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:42.132509947 CET	8.8.8.8	192.168.2.5	0x941b	No error (0)	prod.cedexis-ssl.map.fastly.net		151.101.64.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:42.132509947 CET	8.8.8.8	192.168.2.5	0x941b	No error (0)	prod.cedexis-ssl.map.fastly.net		151.101.128.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:42.132509947 CET	8.8.8.8	192.168.2.5	0x941b	No error (0)	prod.cedexis-ssl.map.fastly.net		151.101.192.65	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:42.146560907 CET	8.8.8.8	192.168.2.5	0x5994	No error (0)	jsdelivr.b-cdn.net		45.92.42.1	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:45.688797951 CET	8.8.8.8	192.168.2.5	0x8639	No error (0)	embed.videodelivery.net		104.17.23.75	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:45.688797951 CET	8.8.8.8	192.168.2.5	0x8639	No error (0)	embed.videodelivery.net		104.17.22.75	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:46.420593023 CET	8.8.8.8	192.168.2.5	0xb6b3	No error (0)	iframe.videodelivery.net		104.17.22.75	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:46.420593023 CET	8.8.8.8	192.168.2.5	0xb6b3	No error (0)	iframe.videodelivery.net		104.17.23.75	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:49.344707012 CET	8.8.8.8	192.168.2.5	0x7416	No error (0)	videodelivery.net		104.17.22.75	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:49.344707012 CET	8.8.8.8	192.168.2.5	0x7416	No error (0)	videodelivery.net		104.17.23.75	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:55.958616972 CET	8.8.8.8	192.168.2.5	0xf5c	No error (0)	ptcfc.com		104.16.53.99	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:55.958616972 CET	8.8.8.8	192.168.2.5	0xf5c	No error (0)	ptcfc.com		104.18.143.76	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:55.965540886 CET	8.8.8.8	192.168.2.5	0x342c	No error (0)	limelight-ssl.cedexis-test.com	cedexis-1.vo.llnwd.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:55.965540886 CET	8.8.8.8	192.168.2.5	0x342c	No error (0)	cedexis-1.vo.llnwd.net	cedexis-1.s.llnwi.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:55.965540886 CET	8.8.8.8	192.168.2.5	0x342c	No error (0)	cedexis-1.s.llnwi.net		68.142.70.14	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:55.975805044 CET	8.8.8.8	192.168.2.5	0x39d	No error (0)	testingcf.jsdelivr.net	testingcf.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:57.820705891 CET	8.8.8.8	192.168.2.5	0x40e9	No error (0)	info.cloudflare.com	cloudflare.mktoweb.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:57.820705891 CET	8.8.8.8	192.168.2.5	0x40e9	No error (0)	cloudflare.mktoweb.com	ab13.mktossl.com		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:15:57.820705891 CET	8.8.8.8	192.168.2.5	0x40e9	No error (0)	ab13.mktossl.com		104.17.73.206	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:57.820705891 CET	8.8.8.8	192.168.2.5	0x40e9	No error (0)	ab13.mktossl.com		104.17.74.206	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:57.820705891 CET	8.8.8.8	192.168.2.5	0x40e9	No error (0)	ab13.mktossl.com		104.17.70.206	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:57.820705891 CET	8.8.8.8	192.168.2.5	0x40e9	No error (0)	ab13.mktossl.com		104.17.72.206	A (IP address)	IN (0x0001)
Feb 1, 2022 15:15:57.820705891 CET	8.8.8.8	192.168.2.5	0x40e9	No error (0)	ab13.mktossl.com		104.17.71.206	A (IP address)	IN (0x0001)
Feb 1, 2022 15:16:00.113368988 CET	8.8.8.8	192.168.2.5	0x664c	No error (0)	munchkin.marketo.net	wildcard.marketo.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Feb 1, 2022 15:16:00.414294004 CET	8.8.8.8	192.168.2.5	0xbaa5	No error (0)	713-xsc-918.mktoresp.com		192.28.144.124	A (IP address)	IN (0x0001)
Feb 1, 2022 15:16:00.838010073 CET	8.8.8.8	192.168.2.5	0x7d79	No error (0)	www.cloudflare.com		104.16.124.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:16:00.838010073 CET	8.8.8.8	192.168.2.5	0x7d79	No error (0)	www.cloudflare.com		104.16.123.96	A (IP address)	IN (0x0001)
Feb 1, 2022 15:16:26.199454069 CET	8.8.8.8	192.168.2.5	0x918c	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)

Target ID:	1
Start time:	15:14:55
Start date:	01/02/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ny-t.r-tb.com/
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	3
Start time:	15:14:56
Start date:	01/02/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	14
Start time:	15:15:51
Start date:	01/02/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,13023897823658162512,2227868781108129078,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5072 /prefetch:8
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.7490635095476
Encrypted:	false
SSDEEP:	384:B7DQU2l3uROYV9/EbNYrxvUw3LY+DHebG/Crty0mxbi6uNrJAmtaBiogkLOWCoNE:x2iFZG27z4ejKMmg/LaIKyYUFs
MD5:	D96F25A6C8425938BD321F6808695BB9
SHA1:	803E648400101955AE3D15AD11A92514AF56BAAD
SHA-256:	F7D209545D50F7BA17DAFF4043737BDF37C842FC926B8BE50EF8EE362A98E017
SHA-512:	CD3F0EBD7F67F2F5DF6740C3C8025D15F321B54BD152CF7F181CA4414FB1D9ECEF34B67FC137481E338F170AF4DE3EEEF2DC5A1F42610BADF45C9A8B7B808B56
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....R8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.748426989580152
Encrypted:	false
SSDEEP:	384:H7DQU2l3qOJEbNYrxvUw3LY+DHebG/Crty0mxbi6uNrJAmtaBiogkLOWCoNh1oxo:1iFZG27z4ejKMmg/LaIKyYUFF
MD5:	56BC2A58EF1915717135593F151C7F68
SHA1:	07AB51011755A00A28F8410FDB8F9187FD74220D
SHA-256:	92FB9D43F860BC0696A8628B2D90C7C36A3AB7EA93DEB577D40DAF929859594E
SHA-512:	B642F9364C25AD7AB09F7699F98F386057FAB9B8ECDD64D5955CD63BC6CA40F5CAE4877609098D767D81531B7DCB030F11F1E298F2DCF4CADF6E66DBA106AAA3
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....R8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7486699833983868
Encrypted:	false
SSDEEP:	384:x7DQU2l3uROYV9/EbNYrxvUw3LY+DHebG/Crty0mxbi6uNrJAmtB/BiogkLOWCoX:B2iFZG20z4ejKMmg/LaIKyYUFp
MD5:	2A7F7A2AE27ABCED8AF99BCD7DC06316
SHA1:	BDE9439BB4680AC9889E07987BF3F64562A6663B
SHA-256:	62BB19C3CA80D0AF2C607EE24789E47BD2C7FC7BD943109C76A9A227015BCAC5
SHA-512:	56F379C7CFE881FF2568B2AAE0159E0B0C8ABA3A05672B5BD31959CA2961A703369CEC1E02FECCBDA9DA6A5DE7407D39768561ACE4546E25955DBA7F4842416E
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....R8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ny-t.r-tb.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

C:\Users\user\AppData\Local\Google\Chrome\User Data\099695c3-6035-4124-a6b1-6f136b73835e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\19a56dee-9088-43e7-9ed3-476166115f4f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\2b477162-4e57-43f3-970d-2b76389e302f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\33a70f25-d5bd-4f8e-8abc-1406591bebc6.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\4534a1f8-d36d-451d-973a-90a1320a3fb5.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\679a509e-476c-4930-bb34-ac639f894c4c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\7973fe94-1984-4a9a-bee9-a599d288ad2b.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0a4a6058-d422-4703-be98-4574384b304f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\165a8378-f10d-4a9e-9dee-1dfccada9f20.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\29335cdd-86d6-4f3d-8413-57382d2e0536.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4ab450bc-7dd4-4bb0-8095-5117ef8a74ed.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4fea363e-f686-46a5-a814-74d8dcd5abac.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\515409e7-6b24-47c4-b784-0832b2cdb72f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\53a21b2a-3951-4c03-b07b-f1159639f252.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\696e657a-f8aa-4b81-b040-5814fcb6632c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6d287a92-e8b8-4b3c-8074-c7822327e98d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7171c975-6592-4bc2-8007-ca76e492ef76.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7654ac1b-8a64-4aee-a060-605b2d775bbf.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\87477827-3fa1-4073-b293-905b38f3ed65.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9c7e9906-6184-40d9-bd62-b7c328ababc4.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State} (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

Windows Analysis Report
http://ny-t.r-tb.com/