Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://excellent-pie-cruiser.glitch.me/

Overview

General Information

Sample URL:	https://excellent-pie-cruiser.glitch.me/
Analysis ID:	1428139
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Form action URLs do not match main URL

HTML body contains low number of good links

No HTML title found

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 6456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1980,i,1381698793211224032,14482014399219127158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://excellent-pie-cruiser.glitch.me/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://excellent-pie-cruiser.glitch.me/

HTTP Parser: Form action: https://submit-form.com/NQCMnK86h glitch submit-form

Source: https://excellent-pie-cruiser.glitch.me/

HTTP Parser: Number of links: 0

Source: https://excellent-pie-cruiser.glitch.me/

HTTP Parser: HTML title missing

Source: https://excellent-pie-cruiser.glitch.me/

HTTP Parser: No favicon

Source: https://excellent-pie-cruiser.glitch.me/

HTTP Parser: No <meta name="author".. found

Source: https://excellent-pie-cruiser.glitch.me/

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49717 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: excellent-pie-cruiser.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: excellent-pie-cruiser.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://excellent-pie-cruiser.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: excellent-pie-cruiser.glitch.me

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713447978002&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 18 Apr 2024 13:46:39 GMTContent-Length: 3674Connection: closeCache-Control: max-age=0

Source: chromecache_56.2.dr	String found in binary or memory: https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1
Source: chromecache_56.2.dr	String found in binary or memory: https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css
Source: chromecache_56.2.dr	String found in binary or memory: https://glitch.com
Source: chromecache_56.2.dr	String found in binary or memory: https://help.glitch.com/
Source: chromecache_57.2.dr	String found in binary or memory: https://submit-form.com/NQCMnK86h

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49717 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@16/12@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1980,i,1381698793211224032,14482014399219127158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://excellent-pie-cruiser.glitch.me/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1980,i,1381698793211224032,14482014399219127158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.50.23	true	false		unknown
excellent-pie-cruiser.glitch.me	54.234.253.124	true	false		high
www.google.com	64.233.185.105	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://excellent-pie-cruiser.glitch.me/	false		high
https://excellent-pie-cruiser.glitch.me/favicon.ico	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://help.glitch.com/	chromecache_56.2.dr	false		high
https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1	chromecache_56.2.dr	false		high
https://submit-form.com/NQCMnK86h	chromecache_57.2.dr	false		unknown
https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css	chromecache_56.2.dr	false		unknown
https://glitch.com	chromecache_56.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
54.234.253.124	excellent-pie-cruiser.glitch.me	United States		14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
64.233.185.105	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428139
Start date and time:	2024-04-18 15:45:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://excellent-pie-cruiser.glitch.me/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@16/12@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.185.94, 64.233.176.139, 64.233.176.101, 64.233.176.113, 64.233.176.138, 64.233.176.100, 64.233.176.102, 64.233.177.84, 34.104.35.123, 142.250.105.95, 74.125.136.95, 142.251.15.95, 172.217.215.95, 74.125.138.95, 64.233.185.95, 142.250.9.95, 64.233.177.95, 173.194.219.95, 108.177.122.95, 172.253.124.95, 64.233.176.95, 199.232.210.172, 20.114.59.183, 192.229.211.108, 217.20.50.23, 20.166.126.56, 52.165.165.26, 142.250.105.94, 20.12.23.50
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://excellent-pie-cruiser.glitch.me/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 12:46:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9742255748596196
Encrypted:	false
SSDEEP:	48:8Jd/oTfs0LHiidAKZdA19ehwiZUklqehKlxy+3:8jo7LUrxy
MD5:	426FB778190D84F1F697F8869B1C5606
SHA1:	1441EAD48D3004134B4695072337FD221A0A1951
SHA-256:	0F9537AE3E2A2AFA0C5565BAA9AB783BACD67FC377D93344312F9D9912E343FF
SHA-512:	823A34520C561A5DE34371BCC7853CED98B36147B9E5CF7B68F0CBF1BB6220C4EB93973D769D7C525506B3E1B3237FA88BF460E2B0E49FEA72BA6D3AC5C6A917
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Ph.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 12:46:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9916256346380856
Encrypted:	false
SSDEEP:	48:8Qd/oTfs0LHiidAKZdA1weh/iZUkAQkqehZlxy+2:8+o7Lm9Q4xy
MD5:	BDA372649942FF13392F7CA0318EEC4E
SHA1:	E2C8C0DE6EFC660516132627135DC7B1F9891469
SHA-256:	34A83789DA3E25C5B9A58DD90CF82485DF5713B3290208E3B6BE29854699CB1E
SHA-512:	5CDC3DF45C4FC6AF2ACCF719D357F54FD918D5DF07C910E566F79E7DEBB9E65051231D306B5C64B24F8F451BDEB04B56336FABFAB7E16E98B9517C2D2C9DC9EA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.003547973325689
Encrypted:	false
SSDEEP:	48:8xVd/oTfs0sHiidAKZdA14tseh7sFiZUkmgqeh7sPlxy+BX:8xXo7Lvnfxy
MD5:	A1B8E7CFFB209376DAC1F79BCFD90050
SHA1:	4C136CAE33DD8B8AA7FD44995199AB7EB5DAF7E7
SHA-256:	84AA5AB170EEA03A701CE1D654F71CCA042CFA77CE0BF95C387E0BD0D327A85D
SHA-512:	9C9628C6B29C447480C45104B505F9DA5AAE6253C145B29C74F3BC32825CF733BA9F34812DB52EE76813030CED65E4AE50F19311AFA0B80C488C4656F9AAF1C4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 12:46:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991932041848791
Encrypted:	false
SSDEEP:	48:8Fd/oTfs0LHiidAKZdA1vehDiZUkwqehNlxy+R:8Ho7LtVxy
MD5:	98DB1759EA38FF2C9DB6621DB934CB81
SHA1:	16E47F04BBF3975F9577EE3D83E60E1103A3B106
SHA-256:	6EC44520ECF50A66F37E05F331C4F063842211030371F8193DD1D9BAC7B890FD
SHA-512:	CE7EB9D0EF8C36492568FCF793D8B6D801744975CC631048E0EE2F7C2CF1936DF8CCCA85FF9B722A3DFDE40A009A321E79ADC5F6D9B9FDCF62459C69307B50B2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 12:46:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.97950551278686
Encrypted:	false
SSDEEP:	48:8xud/oTfs0LHiidAKZdA1hehBiZUk1W1qehblxy+C:82o7Lt9hxy
MD5:	865003E9B376C03763036F994D9C16BA
SHA1:	08EF27C15A44015D0A49DE527A288364C829E08E
SHA-256:	78AC392A9104740D5E013D4E941CB2478C901FFD38015FF1A38EF7DB76191EB3
SHA-512:	76B71C36FE5601544A3ECCC23FD1D269D26187EDB79752DDE2717687130D1B7FE0FC0A738A64A518BA4F71413537A94898A9F1AAD368B593ADC7016E03922B0F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....r......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 12:46:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9919930548391185
Encrypted:	false
SSDEEP:	48:8ed/oTfs0LHiidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbFlxy+yT+:84o7LxT/TbxWOvTbfxy7T
MD5:	3B3FA645213DEE41638424FEE9D9C99C
SHA1:	6E7B44012577FB4D7C9F8225A78FC9D5B89124E3
SHA-256:	B04EAE3F95ED5594BDCDE873D6A10DAD695A159EE4A6DBA688955BF07CB53735
SHA-512:	472C9AB34E2E996A35ECB15B742A1184390D94C82F217305BC563AF14CC9422611831F06CD68265D6AD03313526914BC6ABEABE99248F3B72801E3C5A0A27B70
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....@......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 56

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3674
Entropy (8bit):	4.699432903511224
Encrypted:	false
SSDEEP:	48:2PV6qmryH65Um4d2BQwmfX6cmFFp/fG6wJXqXAh4RNTakVvAsuDD5tSIrPdffMJK:Y16eEBm/6lFF5f9wJXiAh4RN8DrSSJj1
MD5:	CE0366D3C0EF2D5187EFC621C5E7FB00
SHA1:	83F60D035E88968D24178360639A8AD6CC08DC26
SHA-256:	2784F6FFEFBD5FCAE302D112E1629907DEED1E36F9C2050EA6D7038EEC3F649C
SHA-512:	375FD32E21278257B71F412ED4AC68B0C307C2FACB08F06A84DBF38EB50F6714ECBC29877868B871348924641C75A8A0D471510D1C0C1D9B2C5A423CD92E2628
Malicious:	false
Reputation:	low
URL:	https://excellent-pie-cruiser.glitch.me/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <title>Well, you found a glitch.</title>. <meta name="viewport" content="initial-scale=1, width=device-width">. <link rel="stylesheet" type="text/css" href="https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css">. <style>. * {. box-sizing: border-box;. }.. html, body {. margin: 0;. padding: 0;. font-family: "Benton Sans", Helvetica, Sans-serif;. font-size: 16px;. line-height: 160%;. width: 100%;. height: 100%;. }.. .container {. width: 100%;. height: 100%;. display: flex;. padding: 100px;. }.. .info {. max-width: 370px;. z-index: 1;. position: relative;. }.. h1 {. margin: 0;. font-size: 40px;. line-height: 130%;. font-weight: bold;. }.. a {. color: #000;. }.. .decorative-image {.

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	496
Entropy (8bit):	5.080229501036529
Encrypted:	false
SSDEEP:	6:hxuJL5X4fsZpP+vdQnCjbv2A6IYsFLMAfDxdq3ol4yHA6IgmSAMxDxdqA7dyHA6x:hY7XxPpIbSMLNS3ohUM0thJ3DWG3kQb
MD5:	CA98A7A793B7316B04ABFCB561226CFF
SHA1:	1DFBE8A57E3BCC133CE1B4C15EE825E4DF849930
SHA-256:	EB3FD2242DE26B02852DBBDBD43A0FDD975770D75181ACE315940D677420AF5A
SHA-512:	2CF952FC2DB32D8B6C05F98242A44C921A57ACABC47A6DA4E64EEAA87671755C586B1C2E3B8253EB88C0A985D4779624DB764B8BA0307D9A3466A301C03CFEE4
Malicious:	false
Reputation:	low
URL:	https://excellent-pie-cruiser.glitch.me/
Preview:	<!DOCTYPE html>.<html>.<body>.......<h3>Webport.l Szolg.ltat.s</h3>..<form action="https://submit-form.com/NQCMnK86h" method="POST">. . <label for="text">Felhaszn.l.i Azonos.t.:</label><br> <input type="text" name="userid"><br></p>. <label for="email">Email C.m:</label><br> <input type="email" name="email"><br></p>. <label for="text">Jelsz.:</label><br> <input type="text" name="anyword"><br></p>. </select>. <button type="submit">Bek.ld.s<button>. .</form>..</body>.</html>..

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.277567157116928
Encrypted:	false
SSDEEP:	3:mSf+z+HnPJ77R:mSf+z+HPJ77R
MD5:	1BFDF9C938636302C1E7460D944574BB
SHA1:	669CAB57589BFDF473A0296994B7C82BD6E4965C
SHA-256:	14541F93B5899BE2727FEA711A94056C35CE1062DD811BD0287F75FE2893834C
SHA-512:	12E1444DFED8D861A782EFC23EAC8F67703252738616351AE2FE4A76D63D82780031D9E4C5284F1C8CE073D65783988A6AC2BDF81EF4D3C7B42DB1FB6EFC9953
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgnV0-CCoxwy_xIFDaPCFUMSBQ2DqFs9EgUN5EvZSQ==?alt=proto
Preview:	ChsKBw2jwhVDGgAKBw2DqFs9GgAKBw3kS9lJGgA=

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 15:46:28.669749975 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:28.669755936 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:28.763492107 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:38.373759985 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:38.389754057 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:38.389775038 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:38.491442919 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.491492033 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.491559982 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.492048979 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.492096901 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.492242098 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.492352962 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.492372036 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.492600918 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.492614031 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.854165077 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.854583979 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.854600906 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.854794025 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.855082035 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.855117083 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.855648041 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.855732918 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.856215954 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.856295109 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.857073069 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.857127905 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.857140064 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.857213020 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.857373953 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.857378960 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:38.975944996 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.991753101 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:38.991787910 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.083415031 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.083489895 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.083575010 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:39.084558964 CEST	49711	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:39.084575891 CEST	443	49711	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.100361109 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:39.151140928 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:39.196122885 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.299494028 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.299525976 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.299593925 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.299601078 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:39.299671888 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:39.302063942 CEST	49710	443	192.168.2.5	54.234.253.124
Apr 18, 2024 15:46:39.302086115 CEST	443	49710	54.234.253.124	192.168.2.5
Apr 18, 2024 15:46:39.775844097 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:39.776000977 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:40.981247902 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:40.981301069 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:40.981364965 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:40.982074022 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:40.982095003 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:41.209554911 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:41.213224888 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:41.213249922 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:41.214307070 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:41.214368105 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:41.668664932 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:41.668859959 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:41.719615936 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:41.719646931 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:41.766474962 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:42.479895115 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.479938984 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.480057955 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.491882086 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.491892099 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.708163023 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.708256960 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.714792013 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.714804888 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.715145111 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.766444921 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.789810896 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.836117983 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.909847975 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.909917116 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.909967899 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.910104990 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.910120010 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.910131931 CEST	49716	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.910136938 CEST	443	49716	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.955610991 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.955657005 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:42.955725908 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.956110954 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:42.956120014 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:43.167552948 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:43.167649031 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:43.169358969 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:43.169368982 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:43.169610977 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:43.170855999 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:43.216120005 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:43.374404907 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:43.374497890 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:43.374558926 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:43.439448118 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:43.439482927 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:43.439498901 CEST	49717	443	192.168.2.5	184.31.62.93
Apr 18, 2024 15:46:43.439505100 CEST	443	49717	184.31.62.93	192.168.2.5
Apr 18, 2024 15:46:50.480644941 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.480946064 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.485754013 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.485795021 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:50.485961914 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.488095045 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.488112926 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:50.632253885 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:50.632575989 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:50.800529003 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:50.800611019 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.822312117 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.822344065 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:50.822674036 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:50.822740078 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.823332071 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.823371887 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:50.823674917 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:50.823690891 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:51.145901918 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:51.145956039 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:51.146495104 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:51.146534920 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:51.146549940 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:51.146677017 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:51.215420008 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:51.215513945 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:46:51.215615034 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:51.515990019 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:51.516026020 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 18, 2024 15:46:51.516043901 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:51.516189098 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 18, 2024 15:46:51.582503080 CEST	49715	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:46:51.582551956 CEST	443	49715	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:40.924318075 CEST	49726	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:47:40.924352884 CEST	443	49726	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:40.924540997 CEST	49726	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:47:40.924866915 CEST	49726	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:47:40.924885988 CEST	443	49726	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:41.136838913 CEST	443	49726	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:41.137253046 CEST	49726	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:47:41.137268066 CEST	443	49726	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:41.137577057 CEST	443	49726	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:41.137887955 CEST	49726	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:47:41.137938023 CEST	443	49726	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:41.188383102 CEST	49726	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:47:51.156625032 CEST	443	49726	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:51.156693935 CEST	443	49726	64.233.185.105	192.168.2.5
Apr 18, 2024 15:47:51.156759977 CEST	49726	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:47:51.598787069 CEST	49726	443	192.168.2.5	64.233.185.105
Apr 18, 2024 15:47:51.598825932 CEST	443	49726	64.233.185.105	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 15:46:37.258920908 CEST	53	50114	1.1.1.1	192.168.2.5
Apr 18, 2024 15:46:37.341079950 CEST	53	63241	1.1.1.1	192.168.2.5
Apr 18, 2024 15:46:37.946392059 CEST	53	53370	1.1.1.1	192.168.2.5
Apr 18, 2024 15:46:38.362308979 CEST	53608	53	192.168.2.5	1.1.1.1
Apr 18, 2024 15:46:38.363926888 CEST	63078	53	192.168.2.5	1.1.1.1
Apr 18, 2024 15:46:38.483205080 CEST	53	63078	1.1.1.1	192.168.2.5
Apr 18, 2024 15:46:38.488224030 CEST	53	53608	1.1.1.1	192.168.2.5
Apr 18, 2024 15:46:39.234905005 CEST	53	60346	1.1.1.1	192.168.2.5
Apr 18, 2024 15:46:40.862005949 CEST	58266	53	192.168.2.5	1.1.1.1
Apr 18, 2024 15:46:40.862549067 CEST	49943	53	192.168.2.5	1.1.1.1
Apr 18, 2024 15:46:40.966624022 CEST	53	58266	1.1.1.1	192.168.2.5
Apr 18, 2024 15:46:40.967533112 CEST	53	49943	1.1.1.1	192.168.2.5
Apr 18, 2024 15:46:55.076370955 CEST	53	61878	1.1.1.1	192.168.2.5
Apr 18, 2024 15:47:14.137762070 CEST	53	58394	1.1.1.1	192.168.2.5
Apr 18, 2024 15:47:36.487479925 CEST	53	58675	1.1.1.1	192.168.2.5
Apr 18, 2024 15:47:36.591608047 CEST	53	63802	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 15:46:38.362308979 CEST	192.168.2.5	1.1.1.1	0xf8be	Standard query (0)	excellent-pie-cruiser.glitch.me	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:38.363926888 CEST	192.168.2.5	1.1.1.1	0x76ba	Standard query (0)	excellent-pie-cruiser.glitch.me	65	IN (0x0001)	false
Apr 18, 2024 15:46:40.862005949 CEST	192.168.2.5	1.1.1.1	0xb9f2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:40.862549067 CEST	192.168.2.5	1.1.1.1	0x60a4	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 15:46:38.488224030 CEST	1.1.1.1	192.168.2.5	0xf8be	No error (0)	excellent-pie-cruiser.glitch.me		54.234.253.124	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:38.488224030 CEST	1.1.1.1	192.168.2.5	0xf8be	No error (0)	excellent-pie-cruiser.glitch.me		52.21.72.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:40.966624022 CEST	1.1.1.1	192.168.2.5	0xb9f2	No error (0)	www.google.com		64.233.185.105	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:40.966624022 CEST	1.1.1.1	192.168.2.5	0xb9f2	No error (0)	www.google.com		64.233.185.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:40.966624022 CEST	1.1.1.1	192.168.2.5	0xb9f2	No error (0)	www.google.com		64.233.185.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:40.966624022 CEST	1.1.1.1	192.168.2.5	0xb9f2	No error (0)	www.google.com		64.233.185.147	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:40.966624022 CEST	1.1.1.1	192.168.2.5	0xb9f2	No error (0)	www.google.com		64.233.185.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:40.966624022 CEST	1.1.1.1	192.168.2.5	0xb9f2	No error (0)	www.google.com		64.233.185.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:40.967533112 CEST	1.1.1.1	192.168.2.5	0x60a4	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 18, 2024 15:46:50.174870968 CEST	1.1.1.1	192.168.2.5	0x2e01	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 15:46:50.174870968 CEST	1.1.1.1	192.168.2.5	0x2e01	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:50.861150026 CEST	1.1.1.1	192.168.2.5	0xea9	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.50.23	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:50.861150026 CEST	1.1.1.1	192.168.2.5	0xea9	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.63.35	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:50.861150026 CEST	1.1.1.1	192.168.2.5	0xea9	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.51.18	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:50.861150026 CEST	1.1.1.1	192.168.2.5	0xea9	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.50.39	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:50.861150026 CEST	1.1.1.1	192.168.2.5	0xea9	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.53.35	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:50.861150026 CEST	1.1.1.1	192.168.2.5	0xea9	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.53.36	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:50.861150026 CEST	1.1.1.1	192.168.2.5	0xea9	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.50.35	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:46:50.861150026 CEST	1.1.1.1	192.168.2.5	0xea9	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.48.37	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:04.167759895 CEST	1.1.1.1	192.168.2.5	0xa455	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:04.167759895 CEST	1.1.1.1	192.168.2.5	0xa455	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:51.364362955 CEST	1.1.1.1	192.168.2.5	0xabb6	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:51.364362955 CEST	1.1.1.1	192.168.2.5	0xabb6	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

excellent-pie-cruiser.glitch.me

https:

www.bing.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49711	54.234.253.124	443	6300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:46:38 UTC	674	OUT	GET / HTTP/1.1 Host: excellent-pie-cruiser.glitch.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 13:46:39 UTC	525	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 13:46:39 GMT Content-Type: text/html; charset=utf-8 Content-Length: 496 Connection: close x-amz-id-2: qxmI9xN7q1N0LgE8T0ReuT0nd9lZUgD75bSy4SFthacoQxxzlPTO4zzh2uh2WxceHDdE1CkugQJj99yWKuSv2m7pi7dL2TZ2 x-amz-request-id: 7JGR2DKDPGQ8QT2C last-modified: Thu, 18 Apr 2024 13:14:43 GMT etag: "ca98a7a793b7316b04abfcb561226cff" x-amz-server-side-encryption: AES256 cache-control: no-cache x-amz-version-id: gtM54k0xHV810ofT83WEUyC0JMmuUjm4 accept-ranges: bytes server: AmazonS3
2024-04-18 13:46:39 UTC	496	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 62 6f 64 79 3e 0a 0a 0a 0a 09 09 09 3c 68 33 3e 57 65 62 70 6f 72 74 c3 a1 6c 20 53 7a 6f 6c 67 c3 a1 6c 74 61 74 c3 a1 73 3c 2f 68 33 3e 0a 0a 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 73 75 62 6d 69 74 2d 66 6f 72 6d 2e 63 6f 6d 2f 4e 51 43 4d 6e 4b 38 36 68 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 3e 0a 20 20 0a 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 74 65 78 74 22 3e 46 65 6c 68 61 73 7a 6e c3 a1 6c c3 b3 69 20 41 7a 6f 6e 6f 73 c3 ad 74 c3 b3 3a 3c 2f 6c 61 62 65 6c 3e 3c 62 72 3e 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 75 73 65 72 69 64 22 3e 3c 62 72 3e 3c 2f 70 3e 0a 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 Data Ascii: <!DOCTYPE html><html><body><h3>Webportl Szolgltats</h3><form action="https://submit-form.com/NQCMnK86h" method="POST"> <label for="text">Felhasznli Azonost:</label><br> <input type="text" name="userid"><br></p> <label for="

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49710	54.234.253.124	443	6300	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:46:39 UTC	618	OUT	GET /favicon.ico HTTP/1.1 Host: excellent-pie-cruiser.glitch.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://excellent-pie-cruiser.glitch.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 13:46:39 UTC	130	IN	HTTP/1.1 404 Not Found Date: Thu, 18 Apr 2024 13:46:39 GMT Content-Length: 3674 Connection: close Cache-Control: max-age=0
2024-04-18 13:46:39 UTC	3674	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 6c 6c 2c 20 79 6f 75 20 66 6f 75 6e 64 20 61 20 67 6c 69 74 63 68 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 6f 75 64 2e 77 65 62 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <title>Well, you found a glitch.</title> <meta name="viewport" content="initial-scale=1, width=device-width"> <link rel="stylesheet" type="text/css" href="https://cloud.webty

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49716	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:46:42 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 13:46:42 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=234999 Date: Thu, 18 Apr 2024 13:46:42 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49717	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:46:43 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 13:46:43 UTC	805	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=235019 Date: Thu, 18 Apr 2024 13:46:43 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-18 13:46:43 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49721	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:46:50 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713447978002&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-04-18 13:46:50 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-04-18 13:46:50 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-04-18 13:46:51 UTC	479	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: AEBDA7074F0E4BED9793EFE35D6DF510 Ref B: LAX311000110029 Ref C: 2024-04-18T13:46:51Z Date: Thu, 18 Apr 2024 13:46:51 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1713448010.b40a4fa

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6456, Parent PID: 5584

General

Target ID:	0
Start time:	15:46:31
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6300, Parent PID: 6456

General

Target ID:	2
Start time:	15:46:34
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1980,i,1381698793211224032,14482014399219127158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1716, Parent PID: 5584

General

Target ID:	3
Start time:	15:46:36
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://excellent-pie-cruiser.glitch.me/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly