Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://bit.ly/4eGamyN?XxX=npMBp4hH8T

Overview

General Information

Sample URL:	https://bit.ly/4eGamyN?XxX=npMBp4hH8T
Analysis ID:	1521522
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Performs DNS queries to domains with low reputation

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 1312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2208,i,16879235567526461614,314046905282171960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bit.ly/4eGamyN?XxX=npMBp4hH8T" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49750 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: lcvzx.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: lcvzx.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.38
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.38
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /4eGamyN?XxX=npMBp4hH8T HTTP/1.1Host: bit.lyConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /OqmKiVGs HTTP/1.1Host: lcvzx.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NYH5cg5o3pbCxUn&MD=tE9RmzGR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NYH5cg5o3pbCxUn&MD=tE9RmzGR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: bit.ly
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: lcvzx.xyz

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0Date: Sat, 28 Sep 2024 19:06:56 GMTTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: classification engine

Classification label: sus20.troj.win@18/0@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2208,i,16879235567526461614,314046905282171960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bit.ly/4eGamyN?XxX=npMBp4hH8T"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2208,i,16879235567526461614,314046905282171960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false		unknown
bit.ly	67.199.248.11	true	false		unknown
www.google.com	142.250.185.68	true	false		unknown
lcvzx.xyz	8.208.12.97	true	true		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bit.ly/4eGamyN?XxX=npMBp4hH8T	false		unknown
https://lcvzx.xyz/OqmKiVGs	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
8.208.12.97	lcvzx.xyz	Singapore		45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
67.199.248.11	bit.ly	United States		396982	GOOGLE-PRIVATE-CLOUDUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521522
Start date and time:	2024-09-28 21:05:52 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bit.ly/4eGamyN?XxX=npMBp4hH8T
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.troj.win@18/0@6/5

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 172.217.16.206, 74.125.71.84, 34.104.35.123, 199.232.210.172, 192.229.221.95, 13.95.31.18, 20.3.187.198, 142.250.185.131
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://bit.ly/4eGamyN?XxX=npMBp4hH8T

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 21:06:40.942742109 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 28, 2024 21:06:50.552073956 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 28, 2024 21:06:53.963669062 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:53.963702917 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:53.963784933 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:53.964046001 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:53.964137077 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:53.964230061 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:53.964243889 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:53.964272022 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:53.964391947 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:53.964415073 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.425421000 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.426656961 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.426706076 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.427757025 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.427833080 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.428858995 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.428932905 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.429028988 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.429035902 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.433852911 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.434077024 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.434091091 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.435780048 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.435866117 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.436794996 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.436882019 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.477956057 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.477967978 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.477971077 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.487737894 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:06:54.487795115 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:06:54.487871885 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:06:54.488169909 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:06:54.488194942 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:06:54.524004936 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.542205095 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.542584896 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.542826891 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.550415993 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.550415993 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:54.550457954 CEST	443	49736	67.199.248.11	192.168.2.4
Sep 28, 2024 21:06:54.550519943 CEST	49736	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:06:55.100306988 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.100354910 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.100475073 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.100725889 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.100769997 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.100831032 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.102214098 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.102226973 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.102454901 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.102471113 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.180636883 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:06:55.183130980 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:06:55.183146954 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:06:55.184171915 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:06:55.184252977 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:06:55.187161922 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:06:55.187213898 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:06:55.239037991 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:06:55.239056110 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:06:55.285393000 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:06:55.750266075 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.751746893 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.790452003 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.806509972 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.877134085 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.877142906 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.877855062 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.877868891 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.878288031 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.878353119 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.879024982 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.879034042 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.879086971 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.898065090 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.898134947 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.899115086 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.899203062 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.899519920 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.899527073 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:55.939779997 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.949301004 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:55.949322939 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:56.002775908 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:56.076478958 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:56.076550007 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:56.076668024 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:56.077168941 CEST	49741	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:06:56.077184916 CEST	443	49741	8.208.12.97	192.168.2.4
Sep 28, 2024 21:06:57.334835052 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:57.334884882 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:57.335134029 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:57.337660074 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:57.337677002 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:57.986010075 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:57.986310005 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:57.989350080 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:57.989362955 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:57.989597082 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:58.023873091 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:58.071403980 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:58.258495092 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:58.258538961 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:58.258594990 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:58.356595039 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:58.356637955 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:58.807904005 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:58.807930946 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:58.807996988 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:58.808973074 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:58.808983088 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:59.474064112 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:59.474155903 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:59.479182005 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:59.479190111 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:59.479397058 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:59.481724977 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:59.527407885 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:59.756831884 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:59.756895065 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:59.757594109 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:59.757899046 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:59.757899046 CEST	49743	443	192.168.2.4	184.28.90.27
Sep 28, 2024 21:06:59.757915974 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:06:59.757925987 CEST	443	49743	184.28.90.27	192.168.2.4
Sep 28, 2024 21:07:03.467499018 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:03.467554092 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:03.469248056 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:03.470720053 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:03.470740080 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:04.110704899 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:04.110857964 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:04.116235971 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:04.116250038 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:04.116461039 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:04.160346031 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:04.810890913 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:04.855401993 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:04.955001116 CEST	80	49723	217.20.57.38	192.168.2.4
Sep 28, 2024 21:07:04.955147982 CEST	49723	80	192.168.2.4	217.20.57.38
Sep 28, 2024 21:07:04.955224991 CEST	49723	80	192.168.2.4	217.20.57.38
Sep 28, 2024 21:07:04.960055113 CEST	80	49723	217.20.57.38	192.168.2.4
Sep 28, 2024 21:07:05.002856970 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.002877951 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.002887011 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.002927065 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.002953053 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:05.002965927 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.002995014 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.003024101 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.003045082 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:05.003045082 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:05.003045082 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:05.003076077 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:05.004144907 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.004221916 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:05.004230022 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.004450083 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:05.004494905 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:05.068120003 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:05.068279982 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:05.068356037 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:07:05.617479086 CEST	49744	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:05.617516994 CEST	443	49744	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:06.340517044 CEST	49739	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:07:06.340572119 CEST	443	49739	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:39.489171028 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:07:39.489198923 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:07:40.957927942 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:07:40.957947016 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:07:42.687530994 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:42.687619925 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:42.688039064 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:42.688039064 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:42.688112974 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.508491039 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.508759022 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.519881010 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.519920111 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.520817995 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.567318916 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.585163116 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.627434015 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.788541079 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.788609028 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.788630009 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.788690090 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.788714886 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.788743973 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.788773060 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.788847923 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.788860083 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.791806936 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.791893005 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.791913033 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.792881966 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.792974949 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.792990923 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.793054104 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.793092012 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.793220997 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.793281078 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.799316883 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.799362898 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:43.799424887 CEST	49750	443	192.168.2.4	20.12.23.50
Sep 28, 2024 21:07:43.799442053 CEST	443	49750	20.12.23.50	192.168.2.4
Sep 28, 2024 21:07:54.070220947 CEST	49724	80	192.168.2.4	88.221.110.91
Sep 28, 2024 21:07:54.075701952 CEST	80	49724	88.221.110.91	192.168.2.4
Sep 28, 2024 21:07:54.075839996 CEST	49724	80	192.168.2.4	88.221.110.91
Sep 28, 2024 21:07:54.536807060 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:07:54.537004948 CEST	443	49735	67.199.248.11	192.168.2.4
Sep 28, 2024 21:07:54.537219048 CEST	49735	443	192.168.2.4	67.199.248.11
Sep 28, 2024 21:07:54.537288904 CEST	49752	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:07:54.537338972 CEST	443	49752	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:54.537410021 CEST	49752	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:07:54.537671089 CEST	49752	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:07:54.537688017 CEST	443	49752	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:55.186357975 CEST	443	49752	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:55.186732054 CEST	49752	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:07:55.186749935 CEST	443	49752	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:55.187036037 CEST	443	49752	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:55.187437057 CEST	49752	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:07:55.187494993 CEST	443	49752	142.250.185.68	192.168.2.4
Sep 28, 2024 21:07:55.238955975 CEST	49752	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:07:55.653348923 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:07:55.653407097 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:07:55.653548956 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:07:56.226217985 CEST	49740	443	192.168.2.4	8.208.12.97
Sep 28, 2024 21:07:56.226246119 CEST	443	49740	8.208.12.97	192.168.2.4
Sep 28, 2024 21:08:05.091190100 CEST	443	49752	142.250.185.68	192.168.2.4
Sep 28, 2024 21:08:05.091278076 CEST	443	49752	142.250.185.68	192.168.2.4
Sep 28, 2024 21:08:05.091326952 CEST	49752	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:08:06.262432098 CEST	49752	443	192.168.2.4	142.250.185.68
Sep 28, 2024 21:08:06.262463093 CEST	443	49752	142.250.185.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 21:06:52.041574001 CEST	53	56647	1.1.1.1	192.168.2.4
Sep 28, 2024 21:06:52.055438042 CEST	53	64475	1.1.1.1	192.168.2.4
Sep 28, 2024 21:06:53.077138901 CEST	53	57997	1.1.1.1	192.168.2.4
Sep 28, 2024 21:06:53.954456091 CEST	61310	53	192.168.2.4	1.1.1.1
Sep 28, 2024 21:06:53.954643011 CEST	60034	53	192.168.2.4	1.1.1.1
Sep 28, 2024 21:06:53.961249113 CEST	53	61310	1.1.1.1	192.168.2.4
Sep 28, 2024 21:06:53.961864948 CEST	53	60034	1.1.1.1	192.168.2.4
Sep 28, 2024 21:06:54.478822947 CEST	60865	53	192.168.2.4	1.1.1.1
Sep 28, 2024 21:06:54.479089975 CEST	56289	53	192.168.2.4	1.1.1.1
Sep 28, 2024 21:06:54.486829042 CEST	53	60865	1.1.1.1	192.168.2.4
Sep 28, 2024 21:06:54.486870050 CEST	53	56289	1.1.1.1	192.168.2.4
Sep 28, 2024 21:06:54.575436115 CEST	62777	53	192.168.2.4	1.1.1.1
Sep 28, 2024 21:06:54.575560093 CEST	63135	53	192.168.2.4	1.1.1.1
Sep 28, 2024 21:06:55.036176920 CEST	53	62777	1.1.1.1	192.168.2.4
Sep 28, 2024 21:06:55.097600937 CEST	53	63135	1.1.1.1	192.168.2.4
Sep 28, 2024 21:07:05.731277943 CEST	138	138	192.168.2.4	192.168.2.255
Sep 28, 2024 21:07:10.794540882 CEST	53	62402	1.1.1.1	192.168.2.4
Sep 28, 2024 21:07:29.528795004 CEST	53	57201	1.1.1.1	192.168.2.4
Sep 28, 2024 21:07:51.513186932 CEST	53	60187	1.1.1.1	192.168.2.4
Sep 28, 2024 21:07:52.372338057 CEST	53	58416	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 21:06:53.954456091 CEST	192.168.2.4	1.1.1.1	0xbbe4	Standard query (0)	bit.ly	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:06:53.954643011 CEST	192.168.2.4	1.1.1.1	0xf0b1	Standard query (0)	bit.ly	65	IN (0x0001)	false
Sep 28, 2024 21:06:54.478822947 CEST	192.168.2.4	1.1.1.1	0xa697	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:06:54.479089975 CEST	192.168.2.4	1.1.1.1	0xb520	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 21:06:54.575436115 CEST	192.168.2.4	1.1.1.1	0x7f31	Standard query (0)	lcvzx.xyz	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:06:54.575560093 CEST	192.168.2.4	1.1.1.1	0xca17	Standard query (0)	lcvzx.xyz	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 21:06:53.961249113 CEST	1.1.1.1	192.168.2.4	0xbbe4	No error (0)	bit.ly		67.199.248.11	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:06:53.961249113 CEST	1.1.1.1	192.168.2.4	0xbbe4	No error (0)	bit.ly		67.199.248.10	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:06:54.486829042 CEST	1.1.1.1	192.168.2.4	0xa697	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:06:54.486870050 CEST	1.1.1.1	192.168.2.4	0xb520	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 28, 2024 21:06:55.036176920 CEST	1.1.1.1	192.168.2.4	0x7f31	No error (0)	lcvzx.xyz		8.208.12.97	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:07:04.291306019 CEST	1.1.1.1	192.168.2.4	0xa889	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:07:04.291306019 CEST	1.1.1.1	192.168.2.4	0xa889	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:07:05.787539959 CEST	1.1.1.1	192.168.2.4	0x38a3	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 21:07:05.787539959 CEST	1.1.1.1	192.168.2.4	0x38a3	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:07:18.565857887 CEST	1.1.1.1	192.168.2.4	0xa76c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 21:07:18.565857887 CEST	1.1.1.1	192.168.2.4	0xa76c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:07:44.637731075 CEST	1.1.1.1	192.168.2.4	0xd695	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 21:07:44.637731075 CEST	1.1.1.1	192.168.2.4	0xd695	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 21:08:04.700359106 CEST	1.1.1.1	192.168.2.4	0xabdb	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 21:08:04.700359106 CEST	1.1.1.1	192.168.2.4	0xabdb	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bit.ly

lcvzx.xyz

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	67.199.248.11	443	3688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 19:06:54 UTC	671	OUT	GET /4eGamyN?XxX=npMBp4hH8T HTTP/1.1 Host: bit.ly Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 19:06:54 UTC	488	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 28 Sep 2024 19:06:54 GMT Content-Type: text/html; charset=utf-8 Content-Length: 113 Cache-Control: private, max-age=90 Content-Security-Policy: referrer always; Location: https://lcvzx.xyz/OqmKiVGs Referrer-Policy: unsafe-url Set-Cookie: _bit=o8sj6S-39d4c18d9f62d6f4e9-00f; Domain=bit.ly; Expires=Thu, 27 Mar 2025 19:06:54 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-28 19:06:54 UTC	113	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 42 69 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 63 76 7a 78 2e 78 79 7a 2f 4f 71 6d 4b 69 56 47 73 22 3e 6d 6f 76 65 64 20 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Bitly</title></head><body><a href="https://lcvzx.xyz/OqmKiVGs">moved here</a></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	8.208.12.97	443	3688	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 19:06:55 UTC	660	OUT	GET /OqmKiVGs HTTP/1.1 Host: lcvzx.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 19:06:56 UTC	164	IN	HTTP/1.1 404 Not Found Server: nginx/1.24.0 Date: Sat, 28 Sep 2024 19:06:56 GMT Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: *
2024-09-28 19:06:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 19:06:58 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 19:06:58 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=164284 Date: Sat, 28 Sep 2024 19:06:58 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 19:06:59 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 19:06:59 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=164313 Date: Sat, 28 Sep 2024 19:06:59 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 19:06:59 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 19:07:04 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NYH5cg5o3pbCxUn&MD=tE9RmzGR HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-28 19:07:04 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 48cb7ac6-cbf3-4961-927c-994c633f972b MS-RequestId: b9cd0a1e-55a2-4af7-9326-b0597a64750d MS-CV: B64ApwnJMk2eNEal.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 28 Sep 2024 19:07:04 GMT Connection: close Content-Length: 24490
2024-09-28 19:07:04 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-28 19:07:05 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49750	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 19:07:43 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NYH5cg5o3pbCxUn&MD=tE9RmzGR HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-28 19:07:43 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: f3e56b9b-2eca-49bd-9a52-f2edf30c6267 MS-RequestId: 0c398d20-a44a-43ee-b64f-db126e21c55f MS-CV: qQs3aktXLE2vC6kQ.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 28 Sep 2024 19:07:43 GMT Connection: close Content-Length: 30005
2024-09-28 19:07:43 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-28 19:07:43 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1312, Parent PID: 600

General

Target ID:	0
Start time:	15:06:45
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3688, Parent PID: 1312

General

Target ID:	1
Start time:	15:06:49
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2208,i,16879235567526461614,314046905282171960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6440, Parent PID: 600

General

Target ID:	3
Start time:	15:06:52
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bit.ly/4eGamyN?XxX=npMBp4hH8T"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly