Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://notascam.lol/ATB/index.php

Overview

General Information

Sample URL:https://notascam.lol/ATB/index.php
Analysis ID:1428363
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

  • System is w7x64
  • chrome.exe (PID: 3056 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
    • chrome.exe (PID: 896 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1244,i,7575551553456251623,2389276529595666218,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
  • chrome.exe (PID: 260 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://notascam.lol/ATB/index.php" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
    • chrome.exe (PID: 3164 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1252,i,11435284649484426301,14648388080793655181,131072 /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
    • chrome.exe (PID: 3568 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 --field-trial-handle=1252,i,11435284649484426301,14648388080793655181,131072 /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://notascam.lol/ATB/index.phpSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_79359565Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_79359565\model-info.pbJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_79359565\model.tfliteJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1911038741Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1911038741\model-info.pbJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1911038741\model.tfliteJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1767797131Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1767797131\model-info.pbJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1767797131\model.tfliteJump to behavior
Source: unknownDNS traffic detected: queries for: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
Source: classification engineClassification label: mal48.win@37/0@15/5
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\ChromiumTemp260_79359565Jump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1244,i,7575551553456251623,2389276529595666218,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://notascam.lol/ATB/index.php"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1252,i,11435284649484426301,14648388080793655181,131072 /prefetch:8
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 --field-trial-handle=1252,i,11435284649484426301,14648388080793655181,131072 /prefetch:8
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1244,i,7575551553456251623,2389276529595666218,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1252,i,11435284649484426301,14648388080793655181,131072 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 --field-trial-handle=1252,i,11435284649484426301,14648388080793655181,131072 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_79359565Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_79359565\model-info.pbJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_79359565\model.tfliteJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1911038741Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1911038741\model-info.pbJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1911038741\model.tfliteJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1767797131Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1767797131\model-info.pbJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\ChromiumTemp260_1767797131\model.tfliteJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428363 URL: https://notascam.lol/ATB/in... Startdate: 18/04/2024 Architecture: WINDOWS Score: 48 30 Antivirus / Scanner detection for submitted sample 2->30 6 chrome.exe 10 2->6         started        8 chrome.exe 1 2->8         started        process3 dnsIp4 11 chrome.exe 6->11         started        14 chrome.exe 6->14         started        18 192.168.2.7 unknown unknown 8->18 20 239.255.255.250 unknown Reserved 8->20 16 chrome.exe 8->16         started        process5 dnsIp6 22 142.251.117.104, 443, 49169 GOOGLEUS United States 11->22 24 192.168.2.255, 137, 138 unknown unknown 11->24 28 2 other IPs or domains 11->28 26 www.google.com 142.251.117.103, 443, 49165 GOOGLEUS United States 16->26

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://notascam.lol/ATB/index.php100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.10.113
truefalse
    		high
    www.google.com
    		142.251.117.103
    		truefalse
      		high
      notascam.lol
      		unknown
      		unknownfalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        142.251.117.104
        		unknownUnited States
        		15169GOOGLEUSfalse
        142.251.117.103
        		www.google.comUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.7
        192.168.2.255

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1428363
        Start date and time:2024-04-18 21:24:35 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 3m 3s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:https://notascam.lol/ATB/index.php
        Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
        Number of analysed new started processes analysed:7
        Number of new started drivers analysed:6
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal48.win@37/0@15/5
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, vga.dll, svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.251.117.94, 172.253.112.101, 172.253.112.138, 172.253.112.113, 172.253.112.102, 172.253.112.100, 172.253.112.139, 173.194.209.84, 34.104.35.123, 142.251.117.95, 172.253.113.95, 142.250.11.95, 142.250.10.95, 172.253.112.95, 173.194.209.95
        • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtSetInformationFile calls found.
        • VT rate limit hit for: https://notascam.lol/ATB/index.php

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        No static file info

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Apr 18, 2024 21:25:28.118633986 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:28.118678093 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:28.118751049 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:28.119921923 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:28.119935989 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:28.352022886 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:28.434983969 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:28.435009956 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:28.436228991 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:28.436249971 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:28.436290979 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:28.441771030 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:28.441853046 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:28.660125017 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:28.660195112 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:38.372373104 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:38.372447014 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:25:38.372500896 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:40.083189964 CEST49165443192.168.2.22142.251.117.103
        Apr 18, 2024 21:25:40.083256006 CEST44349165142.251.117.103192.168.2.22
        Apr 18, 2024 21:26:28.817070007 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:28.817112923 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:28.817222118 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:28.817416906 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:28.817433119 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:29.042709112 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:29.043241978 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:29.043266058 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:29.044301033 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:29.044352055 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:29.046180010 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:29.046242952 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:29.246856928 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:29.246885061 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:29.446871042 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:39.062027931 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:39.062186956 CEST44349169142.251.117.104192.168.2.22
        Apr 18, 2024 21:26:39.062347889 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:40.531950951 CEST49169443192.168.2.22142.251.117.104
        Apr 18, 2024 21:26:40.531994104 CEST44349169142.251.117.104192.168.2.22

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Apr 18, 2024 21:25:20.819009066 CEST138138192.168.2.22192.168.2.255
        Apr 18, 2024 21:25:23.754451990 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:25:23.819935083 CEST53548218.8.8.8192.168.2.22
        Apr 18, 2024 21:25:23.827507973 CEST53527818.8.8.8192.168.2.22
        Apr 18, 2024 21:25:24.504092932 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:25:24.762459993 CEST53626728.8.8.8192.168.2.22
        Apr 18, 2024 21:25:25.256123066 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:25:28.002265930 CEST6492853192.168.2.228.8.8.8
        Apr 18, 2024 21:25:28.003295898 CEST5739053192.168.2.228.8.8.8
        Apr 18, 2024 21:25:28.110049009 CEST53649288.8.8.8192.168.2.22
        Apr 18, 2024 21:25:28.110805035 CEST53573908.8.8.8192.168.2.22
        Apr 18, 2024 21:26:24.258482933 CEST5056853192.168.2.228.8.8.8
        Apr 18, 2024 21:26:24.258483887 CEST6146753192.168.2.228.8.8.8
        Apr 18, 2024 21:26:24.378154993 CEST53505688.8.8.8192.168.2.22
        Apr 18, 2024 21:26:24.379488945 CEST53614678.8.8.8192.168.2.22
        Apr 18, 2024 21:26:24.381670952 CEST6182653192.168.2.228.8.8.8
        Apr 18, 2024 21:26:24.400572062 CEST53544228.8.8.8192.168.2.22
        Apr 18, 2024 21:26:24.403467894 CEST53503378.8.8.8192.168.2.22
        Apr 18, 2024 21:26:24.501548052 CEST53618268.8.8.8192.168.2.22
        Apr 18, 2024 21:26:24.502348900 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:25.252259016 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:26.002315998 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:26.776787043 CEST5182853192.168.2.228.8.8.8
        Apr 18, 2024 21:26:26.795633078 CEST5340653192.168.2.228.8.8.8
        Apr 18, 2024 21:26:26.882307053 CEST53518288.8.8.8192.168.2.22
        Apr 18, 2024 21:26:26.900486946 CEST53534068.8.8.8192.168.2.22
        Apr 18, 2024 21:26:27.042192936 CEST53518708.8.8.8192.168.2.22
        Apr 18, 2024 21:26:27.775042057 CEST6495653192.168.2.228.8.8.8
        Apr 18, 2024 21:26:27.776817083 CEST5452153192.168.2.228.8.8.8
        Apr 18, 2024 21:26:27.895478964 CEST53649568.8.8.8192.168.2.22
        Apr 18, 2024 21:26:27.899174929 CEST53545218.8.8.8192.168.2.22
        Apr 18, 2024 21:26:27.900665998 CEST4975053192.168.2.228.8.8.8
        Apr 18, 2024 21:26:28.005332947 CEST53497508.8.8.8192.168.2.22
        Apr 18, 2024 21:26:28.005943060 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:28.710763931 CEST6508453192.168.2.228.8.8.8
        Apr 18, 2024 21:26:28.711076975 CEST6337353192.168.2.228.8.8.8
        Apr 18, 2024 21:26:28.755877018 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:28.815838099 CEST53650848.8.8.8192.168.2.22
        Apr 18, 2024 21:26:28.815859079 CEST53633738.8.8.8192.168.2.22
        Apr 18, 2024 21:26:29.505924940 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:35.275504112 CEST4969053192.168.2.228.8.8.8
        Apr 18, 2024 21:26:35.280621052 CEST6016953192.168.2.228.8.8.8
        Apr 18, 2024 21:26:35.380584002 CEST53496908.8.8.8192.168.2.22
        Apr 18, 2024 21:26:35.386008978 CEST53601698.8.8.8192.168.2.22
        Apr 18, 2024 21:26:35.387537956 CEST5306053192.168.2.228.8.8.8
        Apr 18, 2024 21:26:35.507172108 CEST53530608.8.8.8192.168.2.22
        Apr 18, 2024 21:26:35.507662058 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:36.257642984 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:37.007688999 CEST137137192.168.2.22192.168.2.255
        Apr 18, 2024 21:26:40.638485909 CEST53582578.8.8.8192.168.2.22
        Apr 18, 2024 21:26:43.990086079 CEST53615988.8.8.8192.168.2.22

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Apr 18, 2024 21:25:28.002265930 CEST192.168.2.228.8.8.80x4ae0Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Apr 18, 2024 21:25:28.003295898 CEST192.168.2.228.8.8.80x5842Standard query (0)www.google.com65IN (0x0001)false
        Apr 18, 2024 21:26:24.258482933 CEST192.168.2.228.8.8.80x1bStandard query (0)notascam.lolA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:24.258483887 CEST192.168.2.228.8.8.80x9dd2Standard query (0)notascam.lol65IN (0x0001)false
        Apr 18, 2024 21:26:24.381670952 CEST192.168.2.228.8.8.80xcf03Standard query (0)notascam.lolA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.776787043 CEST192.168.2.228.8.8.80xb519Standard query (0)google.comA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.795633078 CEST192.168.2.228.8.8.80xec6Standard query (0)google.comA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:27.775042057 CEST192.168.2.228.8.8.80x8f0bStandard query (0)notascam.lolA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:27.776817083 CEST192.168.2.228.8.8.80x92bdStandard query (0)notascam.lol65IN (0x0001)false
        Apr 18, 2024 21:26:27.900665998 CEST192.168.2.228.8.8.80xe86dStandard query (0)notascam.lolA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.710763931 CEST192.168.2.228.8.8.80x300dStandard query (0)www.google.comA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.711076975 CEST192.168.2.228.8.8.80x457eStandard query (0)www.google.com65IN (0x0001)false
        Apr 18, 2024 21:26:35.275504112 CEST192.168.2.228.8.8.80xab68Standard query (0)notascam.lolA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:35.280621052 CEST192.168.2.228.8.8.80xb07aStandard query (0)notascam.lol65IN (0x0001)false
        Apr 18, 2024 21:26:35.387537956 CEST192.168.2.228.8.8.80xc6bfStandard query (0)notascam.lolA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Apr 18, 2024 21:25:28.110049009 CEST8.8.8.8192.168.2.220x4ae0No error (0)www.google.com142.251.117.103A (IP address)IN (0x0001)false
        Apr 18, 2024 21:25:28.110049009 CEST8.8.8.8192.168.2.220x4ae0No error (0)www.google.com142.251.117.147A (IP address)IN (0x0001)false
        Apr 18, 2024 21:25:28.110049009 CEST8.8.8.8192.168.2.220x4ae0No error (0)www.google.com142.251.117.106A (IP address)IN (0x0001)false
        Apr 18, 2024 21:25:28.110049009 CEST8.8.8.8192.168.2.220x4ae0No error (0)www.google.com142.251.117.99A (IP address)IN (0x0001)false
        Apr 18, 2024 21:25:28.110049009 CEST8.8.8.8192.168.2.220x4ae0No error (0)www.google.com142.251.117.104A (IP address)IN (0x0001)false
        Apr 18, 2024 21:25:28.110049009 CEST8.8.8.8192.168.2.220x4ae0No error (0)www.google.com142.251.117.105A (IP address)IN (0x0001)false
        Apr 18, 2024 21:25:28.110805035 CEST8.8.8.8192.168.2.220x5842No error (0)www.google.com65IN (0x0001)false
        Apr 18, 2024 21:26:24.378154993 CEST8.8.8.8192.168.2.220x1bName error (3)notascam.lolnonenoneA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:24.379488945 CEST8.8.8.8192.168.2.220x9dd2Name error (3)notascam.lolnonenone65IN (0x0001)false
        Apr 18, 2024 21:26:24.501548052 CEST8.8.8.8192.168.2.220xcf03Name error (3)notascam.lolnonenoneA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.882307053 CEST8.8.8.8192.168.2.220xb519No error (0)google.com142.250.10.113A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.882307053 CEST8.8.8.8192.168.2.220xb519No error (0)google.com142.250.10.139A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.882307053 CEST8.8.8.8192.168.2.220xb519No error (0)google.com142.250.10.101A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.882307053 CEST8.8.8.8192.168.2.220xb519No error (0)google.com142.250.10.100A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.882307053 CEST8.8.8.8192.168.2.220xb519No error (0)google.com142.250.10.102A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.882307053 CEST8.8.8.8192.168.2.220xb519No error (0)google.com142.250.10.138A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.900486946 CEST8.8.8.8192.168.2.220xec6No error (0)google.com142.250.10.113A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.900486946 CEST8.8.8.8192.168.2.220xec6No error (0)google.com142.250.10.139A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.900486946 CEST8.8.8.8192.168.2.220xec6No error (0)google.com142.250.10.101A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.900486946 CEST8.8.8.8192.168.2.220xec6No error (0)google.com142.250.10.100A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.900486946 CEST8.8.8.8192.168.2.220xec6No error (0)google.com142.250.10.102A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:26.900486946 CEST8.8.8.8192.168.2.220xec6No error (0)google.com142.250.10.138A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:27.895478964 CEST8.8.8.8192.168.2.220x8f0bName error (3)notascam.lolnonenoneA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:27.899174929 CEST8.8.8.8192.168.2.220x92bdName error (3)notascam.lolnonenone65IN (0x0001)false
        Apr 18, 2024 21:26:28.005332947 CEST8.8.8.8192.168.2.220xe86dName error (3)notascam.lolnonenoneA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.815838099 CEST8.8.8.8192.168.2.220x300dNo error (0)www.google.com142.251.117.104A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.815838099 CEST8.8.8.8192.168.2.220x300dNo error (0)www.google.com142.251.117.147A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.815838099 CEST8.8.8.8192.168.2.220x300dNo error (0)www.google.com142.251.117.105A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.815838099 CEST8.8.8.8192.168.2.220x300dNo error (0)www.google.com142.251.117.106A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.815838099 CEST8.8.8.8192.168.2.220x300dNo error (0)www.google.com142.251.117.103A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.815838099 CEST8.8.8.8192.168.2.220x300dNo error (0)www.google.com142.251.117.99A (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:28.815859079 CEST8.8.8.8192.168.2.220x457eNo error (0)www.google.com65IN (0x0001)false
        Apr 18, 2024 21:26:35.380584002 CEST8.8.8.8192.168.2.220xab68Name error (3)notascam.lolnonenoneA (IP address)IN (0x0001)false
        Apr 18, 2024 21:26:35.386008978 CEST8.8.8.8192.168.2.220xb07aName error (3)notascam.lolnonenone65IN (0x0001)false
        Apr 18, 2024 21:26:35.507172108 CEST8.8.8.8192.168.2.220xc6bfName error (3)notascam.lolnonenoneA (IP address)IN (0x0001)false

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:21:25:21
        Start date:18/04/2024
        Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x13fd00000
        File size:3'151'128 bytes
        MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        General

        Target ID:1
        Start time:21:25:22
        Start date:18/04/2024
        Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1244,i,7575551553456251623,2389276529595666218,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x13fd00000
        File size:3'151'128 bytes
        MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        General

        Target ID:4
        Start time:21:25:25
        Start date:18/04/2024
        Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://notascam.lol/ATB/index.php"
        Imagebase:0x13fd00000
        File size:3'151'128 bytes
        MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:5
        Start time:21:25:25
        Start date:18/04/2024
        Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1252,i,11435284649484426301,14648388080793655181,131072 /prefetch:8
        Imagebase:0x13fd00000
        File size:3'151'128 bytes
        MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        General

        Target ID:12
        Start time:21:26:23
        Start date:18/04/2024
        Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 --field-trial-handle=1252,i,11435284649484426301,14648388080793655181,131072 /prefetch:8
        Imagebase:0x13fd00000
        File size:3'151'128 bytes
        MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Disassembly

        No disassembly