Edit tour

Windows Analysis Report
https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N

Overview

General Information

Sample URL:	https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N
Analysis ID:	1523182
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2212,i,6028412850641485239,2812871127206669124,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N HTTP/1.1Host: abby-gatenby.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: abby-gatenby.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/05/cropped-image-10-32x32.png HTTP/1.1Host: abby-gatenby.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/05/cropped-image-10-32x32.png HTTP/1.1Host: abby-gatenby.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: abby-gatenby.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/5@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2212,i,6028412850641485239,2812871127206669124,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2212,i,6028412850641485239,2812871127206669124,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
abby-gatenby.com	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
abby-gatenby.com	192.185.129.84	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.184.228	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Reputation
https://abby-gatenby.com/favicon.ico	false	unknown
https://abby-gatenby.com/wp-content/uploads/2024/05/cropped-image-10-32x32.png	false	unknown
https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.185.129.84	abby-gatenby.com	United States	46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523182
Start date and time:	2024-10-01 08:40:54 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/5@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.174, 74.125.71.84, 172.217.18.3, 34.104.35.123, 20.12.23.50, 93.184.221.240, 192.229.221.95, 20.242.39.171, 40.69.42.241, 172.217.23.99
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Reputation:	low
URL:	https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N
Preview:	.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2589
Entropy (8bit):	7.9015809013595595
Encrypted:	false
SSDEEP:	48:X1wH44WgILKK3FPC8V4j9KGRcsa9dtLwGCjrYc/MXKpXrRQMATczswhF61D:X1wHULHJJ9PLwnrYy7RnAgtY1D
MD5:	EB51A943DC8FD98D9827D6B688CF7FFC
SHA1:	AE7FCED00C4251379C365FDF10C55BC82900EBD6
SHA-256:	F34DD4240E1313B46625CA3DEB2D005A7895B32D65F645C5166ED98461FE1750
SHA-512:	93C4044A501100F83B079F4BF191E7ED3A6F4FBB5B74040F3B77D20E7E8EE586BAE2E58C48135CCE5AD538610A0D6541EE95007F0FA8EB354AA4913D84D87955
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....IDATX..Y...u...y.o..f.7.33f.....b .aI@Q.RHS.J...7M..U..H..rU....&R..7.fS....d(a..x+v<^f...>.\|..=..`.u..s.<.s~:...........\7.<S...".q..q..E.....a.P.8.X.U.y..;...... .1.!F.@....1.1.";...[[.Y^..4..`P.J.V3.v....8....0F.qT..v.....I...zTuRU.p.J..:..U..9"!"......G..`8..DF.u.".....x@.......\R...).~...o..1.8"...P."r...L....D..H..Y?.Y....v.K.@MDF......=...W.6.p.7...~70..[......u....3.[.<.L...F.MS9h.v....}.......t}.R]U....pT.i..KX...@..x.p._.}..G.z..R.n...c-..,M...&.?.DO.....#....k4..Z..zG....._T.M@..A..[..0...@....D$.........o`.._u..].D.^=...=....121E...l..<..\|4v.s'..!.......O.GI.}.....)v...R...!<.t....0\|............f......\...&Y.._`w...l.4....L^..Z.....M.o.=Y.Ct.VgTuE..j.P^...:...................\.z.Lq......RvrD`z...=.G.D.T'...lP .....?.x.........E.Ue.x...Y.....m"...=.....h..v.`A..Q'`..R.Zdy.,] .z.9....Sd.........-......[.....~g..o...Q.u@5E..W..*C#.p.S_Z.w..w.<.e..$.....R....l....$?.......Ddx....?'=..M..[....vT.P

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2589
Entropy (8bit):	7.9015809013595595
Encrypted:	false
SSDEEP:	48:X1wH44WgILKK3FPC8V4j9KGRcsa9dtLwGCjrYc/MXKpXrRQMATczswhF61D:X1wHULHJJ9PLwnrYy7RnAgtY1D
MD5:	EB51A943DC8FD98D9827D6B688CF7FFC
SHA1:	AE7FCED00C4251379C365FDF10C55BC82900EBD6
SHA-256:	F34DD4240E1313B46625CA3DEB2D005A7895B32D65F645C5166ED98461FE1750
SHA-512:	93C4044A501100F83B079F4BF191E7ED3A6F4FBB5B74040F3B77D20E7E8EE586BAE2E58C48135CCE5AD538610A0D6541EE95007F0FA8EB354AA4913D84D87955
Malicious:	false
Reputation:	low
URL:	https://abby-gatenby.com/wp-content/uploads/2024/05/cropped-image-10-32x32.png
Preview:	.PNG........IHDR... ... .....szz.....IDATX..Y...u...y.o..f.7.33f.....b .aI@Q.RHS.J...7M..U..H..rU....&R..7.fS....d(a..x+v<^f...>.\|..=..`.u..s.<.s~:...........\7.<S...".q..q..E.....a.P.8.X.U.y..;...... .1.!F.@....1.1.";...[[.Y^..4..`P.J.V3.v....8....0F.qT..v.....I...zTuRU.p.J..:..U..9"!"......G..`8..DF.u.".....x@.......\R...).~...o..1.8"...P."r...L....D..H..Y?.Y....v.K.@MDF......=...W.6.p.7...~70..[......u....3.[.<.L...F.MS9h.v....}.......t}.R]U....pT.i..KX...@..x.p._.}..G.z..R.n...c-..,M...&.?.DO.....#....k4..Z..zG....._T.M@..A..[..0...@....D$.........o`.._u..].D.^=...=....121E...l..<..\|4v.s'..!.......O.GI.}.....)v...R...!<.t....0\|............f......\...&Y.._`w...l.4....L^..Z.....M.o.=Y.Ct.VgTuE..j.P^...:...................\.z.Lq......RvrD`z...=.G.D.T'...lP .....?.x.........E.Ue.x...Y.....m"...=.....h..v.`A..Q'`..R.Zdy.,] .z.9....Sd.........-......[.....~g..o...Q.u@5E..W..*C#.p.S_Z.w..w.<.e..$.....R....l....$?.......Ddx....?'=..M..[....vT.P

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 08:41:48.468549013 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 1, 2024 08:41:50.338824034 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.338860989 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.338936090 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.339432955 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.339535952 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.339603901 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.339802980 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.339823008 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.339953899 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.339987040 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.950391054 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.951894999 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.951914072 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.953026056 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.953100920 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.954263926 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.954339981 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.954603910 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.954615116 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.956032991 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.956233025 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.956254005 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.957755089 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.957814932 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.958678961 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:50.958755016 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:50.997060061 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.010674000 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.010680914 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.064116001 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.222837925 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.222927094 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.223011971 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.223745108 CEST	49736	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.223766088 CEST	443	49736	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.258605957 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.303390980 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.599993944 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.600409985 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.600476980 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.601519108 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.601533890 CEST	443	49735	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.601541996 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.601593971 CEST	49735	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.607403040 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.607481956 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:51.607564926 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.608166933 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:51.608201981 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.195578098 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.215740919 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.215759993 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.217065096 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.218164921 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.218353987 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.218401909 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.260845900 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.260874033 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.266752005 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:41:52.266783953 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:41:52.266853094 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:41:52.267687082 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:41:52.267704010 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:41:52.417346954 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.417373896 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.417431116 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.417437077 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.419604063 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.419604063 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.729501963 CEST	49739	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.729549885 CEST	443	49739	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.792110920 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.792134047 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.792213917 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.792789936 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:52.792802095 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:52.910819054 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:41:52.911284924 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:41:52.911303997 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:41:52.912338972 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:41:52.912398100 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:41:53.244817972 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:53.244848967 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:53.244900942 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:53.247179031 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:53.247189999 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:53.328377962 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:41:53.328610897 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:41:53.370107889 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:41:53.370119095 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:41:53.397350073 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.398575068 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.398592949 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.400043011 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.400101900 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.406790972 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.406867027 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.407130003 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.411847115 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:41:53.447439909 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.448239088 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.448246956 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.495115995 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.628099918 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.628130913 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.628256083 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.628266096 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.628360033 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.628446102 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.641664982 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.641678095 CEST	443	49741	192.185.129.84	192.168.2.4
Oct 1, 2024 08:41:53.641694069 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.641724110 CEST	49741	443	192.168.2.4	192.185.129.84
Oct 1, 2024 08:41:53.886435032 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:53.886501074 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:53.892174959 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:53.892182112 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:53.892427921 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:53.932610035 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:53.984652996 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.031402111 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.169540882 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.169600964 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.169754028 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.169775009 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.169785976 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.169791937 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.169887066 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.169889927 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.225080967 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.225119114 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.225667953 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.226537943 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.226552010 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.878004074 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.878163099 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.880657911 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.880666018 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.881055117 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:54.884094954 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:54.931401014 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:55.153465986 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:55.153625965 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:55.153779984 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:55.199726105 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:55.199726105 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 08:41:55.199760914 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:41:55.199774027 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 08:42:02.809366941 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:02.809442043 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:02.809621096 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:42:02.838491917 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:42:02.838505983 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:52.305617094 CEST	49752	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:42:52.305674076 CEST	443	49752	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:52.305742025 CEST	49752	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:42:52.307060957 CEST	49752	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:42:52.307077885 CEST	443	49752	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:52.936996937 CEST	443	49752	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:52.937387943 CEST	49752	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:42:52.937407970 CEST	443	49752	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:52.937691927 CEST	443	49752	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:52.938500881 CEST	49752	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:42:52.938558102 CEST	443	49752	142.250.184.228	192.168.2.4
Oct 1, 2024 08:42:52.981990099 CEST	49752	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:42:55.982172966 CEST	49723	80	192.168.2.4	199.232.214.172
Oct 1, 2024 08:42:55.982275009 CEST	49724	80	192.168.2.4	199.232.214.172
Oct 1, 2024 08:42:55.987289906 CEST	80	49723	199.232.214.172	192.168.2.4
Oct 1, 2024 08:42:55.987459898 CEST	49723	80	192.168.2.4	199.232.214.172
Oct 1, 2024 08:42:55.987591982 CEST	80	49724	199.232.214.172	192.168.2.4
Oct 1, 2024 08:42:55.987858057 CEST	49724	80	192.168.2.4	199.232.214.172
Oct 1, 2024 08:43:02.847388983 CEST	443	49752	142.250.184.228	192.168.2.4
Oct 1, 2024 08:43:02.847461939 CEST	443	49752	142.250.184.228	192.168.2.4
Oct 1, 2024 08:43:02.847506046 CEST	49752	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:43:04.841437101 CEST	49752	443	192.168.2.4	142.250.184.228
Oct 1, 2024 08:43:04.841460943 CEST	443	49752	142.250.184.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 08:41:48.572035074 CEST	53	55680	1.1.1.1	192.168.2.4
Oct 1, 2024 08:41:48.644629002 CEST	53	52479	1.1.1.1	192.168.2.4
Oct 1, 2024 08:41:49.805421114 CEST	53	51754	1.1.1.1	192.168.2.4
Oct 1, 2024 08:41:50.001971006 CEST	59524	53	192.168.2.4	1.1.1.1
Oct 1, 2024 08:41:50.002091885 CEST	54707	53	192.168.2.4	1.1.1.1
Oct 1, 2024 08:41:50.310004950 CEST	53	59524	1.1.1.1	192.168.2.4
Oct 1, 2024 08:41:50.337889910 CEST	53	54707	1.1.1.1	192.168.2.4
Oct 1, 2024 08:41:52.254858971 CEST	55981	53	192.168.2.4	1.1.1.1
Oct 1, 2024 08:41:52.255543947 CEST	62264	53	192.168.2.4	1.1.1.1
Oct 1, 2024 08:41:52.261559010 CEST	53	55981	1.1.1.1	192.168.2.4
Oct 1, 2024 08:41:52.262238979 CEST	53	62264	1.1.1.1	192.168.2.4
Oct 1, 2024 08:41:52.432996988 CEST	56120	53	192.168.2.4	1.1.1.1
Oct 1, 2024 08:41:52.433384895 CEST	58584	53	192.168.2.4	1.1.1.1
Oct 1, 2024 08:41:52.587012053 CEST	53	58584	1.1.1.1	192.168.2.4
Oct 1, 2024 08:41:52.765192032 CEST	53	56120	1.1.1.1	192.168.2.4
Oct 1, 2024 08:42:06.859544039 CEST	53	56207	1.1.1.1	192.168.2.4
Oct 1, 2024 08:42:07.575968027 CEST	138	138	192.168.2.4	192.168.2.255
Oct 1, 2024 08:42:26.291763067 CEST	53	60604	1.1.1.1	192.168.2.4
Oct 1, 2024 08:42:48.067285061 CEST	53	49859	1.1.1.1	192.168.2.4
Oct 1, 2024 08:42:49.221687078 CEST	53	53928	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 08:41:50.001971006 CEST	192.168.2.4	1.1.1.1	0x3f05	Standard query (0)	abby-gatenby.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:41:50.002091885 CEST	192.168.2.4	1.1.1.1	0x19e2	Standard query (0)	abby-gatenby.com	65	IN (0x0001)	false
Oct 1, 2024 08:41:52.254858971 CEST	192.168.2.4	1.1.1.1	0xac55	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:41:52.255543947 CEST	192.168.2.4	1.1.1.1	0x54e0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 1, 2024 08:41:52.432996988 CEST	192.168.2.4	1.1.1.1	0xe0ab	Standard query (0)	abby-gatenby.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:41:52.433384895 CEST	192.168.2.4	1.1.1.1	0x4f88	Standard query (0)	abby-gatenby.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 08:41:50.310004950 CEST	1.1.1.1	192.168.2.4	0x3f05	No error (0)	abby-gatenby.com		192.185.129.84	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:41:52.261559010 CEST	1.1.1.1	192.168.2.4	0xac55	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:41:52.262238979 CEST	1.1.1.1	192.168.2.4	0x54e0	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 08:41:52.765192032 CEST	1.1.1.1	192.168.2.4	0xe0ab	No error (0)	abby-gatenby.com		192.185.129.84	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:42:02.959299088 CEST	1.1.1.1	192.168.2.4	0x793b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 08:42:02.959299088 CEST	1.1.1.1	192.168.2.4	0x793b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:42:16.096925974 CEST	1.1.1.1	192.168.2.4	0xf22f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 08:42:16.096925974 CEST	1.1.1.1	192.168.2.4	0xf22f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:42:41.378510952 CEST	1.1.1.1	192.168.2.4	0x9d2e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 08:42:41.378510952 CEST	1.1.1.1	192.168.2.4	0x9d2e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 1, 2024 08:43:01.177311897 CEST	1.1.1.1	192.168.2.4	0xcc84	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 08:43:01.177311897 CEST	1.1.1.1	192.168.2.4	0xcc84	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

abby-gatenby.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	192.185.129.84	443	5252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 06:41:50 UTC	740	OUT	GET /m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N HTTP/1.1 Host: abby-gatenby.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 06:41:51 UTC	208	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 06:41:51 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-10-01 06:41:51 UTC	11	IN	Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	192.185.129.84	443	5252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 06:41:51 UTC	669	OUT	GET /favicon.ico HTTP/1.1 Host: abby-gatenby.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 06:41:51 UTC	364	IN	HTTP/1.1 302 Found Date: Tue, 01 Oct 2024 06:41:51 GMT Server: Apache Link: <https://abby-gatenby.com/wp-json/>; rel="https://api.w.org/" X-Redirect-By: WordPress Upgrade: h2,h2c Connection: Upgrade, close Location: https://abby-gatenby.com/wp-content/uploads/2024/05/cropped-image-10-32x32.png Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	192.185.129.84	443	5252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 06:41:52 UTC	711	OUT	GET /wp-content/uploads/2024/05/cropped-image-10-32x32.png HTTP/1.1 Host: abby-gatenby.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 06:41:52 UTC	232	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 06:41:52 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 14 May 2024 17:36:34 GMT Accept-Ranges: bytes Content-Length: 2589 Content-Type: image/png
2024-10-01 06:41:52 UTC	2589	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 09 e4 49 44 41 54 58 c3 9d 97 59 8c 9e e5 75 c7 7f e7 79 f7 6f 99 f9 66 f5 37 1e 33 33 66 ec b1 b1 89 8d 13 1c 62 20 c1 61 49 40 51 a2 52 48 53 90 4a a9 14 b5 37 4d a5 aa 55 a4 aa 48 bd a8 72 55 a5 95 9c f6 26 52 1b a9 37 90 66 53 16 92 94 c6 8d 64 28 61 91 ed 78 2b 76 3c 5e 66 c6 1e cf 3e df 7c fb bb 3d a7 17 60 c0 75 81 86 73 fb 3c ef 73 7e 3a ef d1 ff 9c bf c3 87 08 e3 fb be f1 5c 37 f4 83 3c 53 05 d5 0a 22 a9 71 1c 10 71 c4 18 45 f5 ff f5 96 f3 61 00 50 fd 38 10 58 d5 55 b5 79 00 f2 3b 08 d3 08 2e c2 fd 20 1d 31 a6 21 46 e4 83 40 cc fb 1d 8a 31 88 31 11 22 3b 11 dc b7 f3 5b 5b b2 59 5e cc d3 34 14 a5 2a 60 50 0c 4a a2 56 33 b5 76 1d b4 82 f2 80 38 Data Ascii: PNGIHDR szzIDATXYuyof733fb aI@QRHSJ7MUHrU&R7fSd(ax+v<^f>\|=`us<s~:\7<S"qqEaP8XUy;. 1!F@11";[[Y^4*`PJV3v8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	192.185.129.84	443	5252	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 06:41:53 UTC	393	OUT	GET /wp-content/uploads/2024/05/cropped-image-10-32x32.png HTTP/1.1 Host: abby-gatenby.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 06:41:53 UTC	232	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 06:41:53 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 14 May 2024 17:36:34 GMT Accept-Ranges: bytes Content-Length: 2589 Content-Type: image/png
2024-10-01 06:41:53 UTC	2589	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 09 e4 49 44 41 54 58 c3 9d 97 59 8c 9e e5 75 c7 7f e7 79 f7 6f 99 f9 66 f5 37 1e 33 33 66 ec b1 b1 89 8d 13 1c 62 20 c1 61 49 40 51 a2 52 48 53 90 4a a9 14 b5 37 4d a5 aa 55 a4 aa 48 bd a8 72 55 a5 95 9c f6 26 52 1b a9 37 90 66 53 16 92 94 c6 8d 64 28 61 91 ed 78 2b 76 3c 5e 66 c6 1e cf 3e df 7c fb bb 3d a7 17 60 c0 75 81 86 73 fb 3c ef 73 7e 3a ef d1 ff 9c bf c3 87 08 e3 fb be f1 5c 37 f4 83 3c 53 05 d5 0a 22 a9 71 1c 10 71 c4 18 45 f5 ff f5 96 f3 61 00 50 fd 38 10 58 d5 55 b5 79 00 f2 3b 08 d3 08 2e c2 fd 20 1d 31 a6 21 46 e4 83 40 cc fb 1d 8a 31 88 31 11 22 3b 11 dc b7 f3 5b 5b b2 59 5e cc d3 34 14 a5 2a 60 50 0c 4a a2 56 33 b5 76 1d b4 82 f2 80 38 Data Ascii: PNGIHDR szzIDATXYuyof733fb aI@QRHSJ7MUHrU&R7fSd(ax+v<^f>\|=`us<s~:\7<S"qqEaP8XUy;. 1!F@11";[[Y^4*`PJV3v8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 06:41:53 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 06:41:54 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=209036 Date: Tue, 01 Oct 2024 06:41:54 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 06:41:54 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 06:41:55 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=208979 Date: Tue, 01 Oct 2024 06:41:55 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 06:41:55 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2924, Parent PID: 764

General

Target ID:	0
Start time:	02:41:43
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5252, Parent PID: 2924

General

Target ID:	2
Start time:	02:41:46
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2212,i,6028412850641485239,2812871127206669124,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6304, Parent PID: 764

General

Target ID:	3
Start time:	02:41:49
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2924, Parent PID: 764

General

Chronological Activities

Analysis Process: chrome.exePID: 5252, Parent PID: 2924

General

Chronological Activities

Analysis Process: chrome.exePID: 6304, Parent PID: 764

General

Chronological Activities

Disassembly

Windows Analysis Report
https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N