Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://cybba.solutions

Overview

General Information

Sample URL:http://cybba.solutions
Analysis ID:1428430
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2144,i,1816836253766045866,4482234707161197817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cybba.solutions" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • rundll32.exe (PID: 7068 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: cybba.solutionsConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: unknownDNS traffic detected: queries for: cybba.solutions
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: classification engineClassification label: unknown0.win@18/5@6/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\eb76f244-1dc7-49cc-8f3d-8698e4139dd6.tmpJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2144,i,1816836253766045866,4482234707161197817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cybba.solutions"
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2144,i,1816836253766045866,4482234707161197817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Rundll32		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1428430 URL: http://cybba.solutions Startdate: 18/04/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 13 2->5         started        8 rundll32.exe 2->8         started        10 chrome.exe 2->10         started        dnsIp3 15 192.168.2.4, 138, 443, 49735 unknown unknown 5->15 17 239.255.255.250 unknown Reserved 5->17 12 chrome.exe 5->12         started        process4 dnsIp5 19 www.google.com 142.250.105.106, 443, 49738, 49748 GOOGLEUS United States 12->19 21 104.21.67.105, 443, 49735 CLOUDFLARENETUS United States 12->21 23 cybba.solutions 12->23

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cybba.solutions
172.67.221.94
truefalse
    		unknown
    www.google.com
    		142.250.105.106
    		truefalse
      		high
      fp2e7a.wpc.phicdn.net
      		192.229.211.108
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://cybba.solutions/false
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          142.250.105.106
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          104.21.67.105
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse

          Private

          IP
          192.168.2.4

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1428430
          Start date and time:2024-04-18 23:11:40 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 26s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://cybba.solutions
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:11
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:UNKNOWN
          Classification:unknown0.win@18/5@6/4
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0

          Errors

          • URL not reachable

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.105.94, 173.194.219.102, 173.194.219.101, 173.194.219.138, 173.194.219.100, 173.194.219.139, 173.194.219.113, 172.217.215.84, 34.104.35.123, 40.127.169.103, 72.21.81.240, 192.229.211.108, 13.85.23.206, 52.165.164.15, 108.177.122.94
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: http://cybba.solutions

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\Downloads\download (copy)

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6
          Entropy (8bit):2.251629167387823
          Encrypted:false
          SSDEEP:3:aGn:aGn
          MD5:09F7E02F1290BE211DA707A266F153B3
          SHA1:1D229271928D3F9E2BB0375BD6CE5DB6C6D348D9
          SHA-256:66A045B452102C59D840EC097D59D9467E13A3F34F6494E539FFD32C1BB35F18
          SHA-512:C2BAD2223811194582AF4D1508AC02CD69EEEEEDEEB98D54FCAE4DCEFB13CC882E7640328206603D3FB9CD5F949A9BE0DB054DD34FBFA190C498A5FE09750CEF
          Malicious:false
          Reputation:low
          Preview:Hello.

          C:\Users\user\Downloads\download.crdownload (copy)

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6
          Entropy (8bit):2.251629167387823
          Encrypted:false
          SSDEEP:3:aGn:aGn
          MD5:09F7E02F1290BE211DA707A266F153B3
          SHA1:1D229271928D3F9E2BB0375BD6CE5DB6C6D348D9
          SHA-256:66A045B452102C59D840EC097D59D9467E13A3F34F6494E539FFD32C1BB35F18
          SHA-512:C2BAD2223811194582AF4D1508AC02CD69EEEEEDEEB98D54FCAE4DCEFB13CC882E7640328206603D3FB9CD5F949A9BE0DB054DD34FBFA190C498A5FE09750CEF
          Malicious:false
          Reputation:low
          Preview:Hello.

          C:\Users\user\Downloads\eb76f244-1dc7-49cc-8f3d-8698e4139dd6.tmp

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):6
          Entropy (8bit):2.251629167387823
          Encrypted:false
          SSDEEP:3:aGn:aGn
          MD5:09F7E02F1290BE211DA707A266F153B3
          SHA1:1D229271928D3F9E2BB0375BD6CE5DB6C6D348D9
          SHA-256:66A045B452102C59D840EC097D59D9467E13A3F34F6494E539FFD32C1BB35F18
          SHA-512:C2BAD2223811194582AF4D1508AC02CD69EEEEEDEEB98D54FCAE4DCEFB13CC882E7640328206603D3FB9CD5F949A9BE0DB054DD34FBFA190C498A5FE09750CEF
          Malicious:false
          Reputation:low
          Preview:Hello.

          Chrome Cache Entry: 41

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:downloaded
          Size (bytes):6
          Entropy (8bit):2.251629167387823
          Encrypted:false
          SSDEEP:3:aGn:aGn
          MD5:09F7E02F1290BE211DA707A266F153B3
          SHA1:1D229271928D3F9E2BB0375BD6CE5DB6C6D348D9
          SHA-256:66A045B452102C59D840EC097D59D9467E13A3F34F6494E539FFD32C1BB35F18
          SHA-512:C2BAD2223811194582AF4D1508AC02CD69EEEEEDEEB98D54FCAE4DCEFB13CC882E7640328206603D3FB9CD5F949A9BE0DB054DD34FBFA190C498A5FE09750CEF
          Malicious:false
          Reputation:low
          URL:https://cybba.solutions/
          Preview:Hello.

          Static File Info

          No static file info

          File Icon

          Icon Hash:b29a8a8e86868381

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 18, 2024 23:12:26.935193062 CEST49675443192.168.2.4173.222.162.32
          Apr 18, 2024 23:12:36.543021917 CEST49675443192.168.2.4173.222.162.32
          Apr 18, 2024 23:12:37.004205942 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.004254103 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.004354954 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.004574060 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.004585981 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.235855103 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.236169100 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.236186981 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.237840891 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.237926960 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.238996029 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.239183903 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.239207983 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.239321947 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.372946024 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.372956038 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.420423031 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.526748896 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.526901960 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:37.526984930 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.530435085 CEST49735443192.168.2.4104.21.67.105
          Apr 18, 2024 23:12:37.530452967 CEST44349735104.21.67.105192.168.2.4
          Apr 18, 2024 23:12:38.306363106 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:38.306410074 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:38.306466103 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:38.307183027 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:38.307202101 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:38.535377979 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:38.535742998 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:38.535758972 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:38.537389040 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:38.537471056 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:38.539153099 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:38.539303064 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:38.592864037 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:38.592874050 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:38.639743090 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:39.997262955 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:39.997294903 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:39.997591972 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.001182079 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.001198053 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.222040892 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.222115993 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.225912094 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.225919008 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.226145029 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.266311884 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.312120914 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.429302931 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.429366112 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.429413080 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.429523945 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.429541111 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.429549932 CEST49739443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.429557085 CEST44349739184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.469469070 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.469551086 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.469665051 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.470091105 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.470166922 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.683625937 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.683851957 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.686120987 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.686151981 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.686496019 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.687613010 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.728188992 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.892004967 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.892087936 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.892199993 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.893193960 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.893193960 CEST49740443192.168.2.4184.31.62.93
          Apr 18, 2024 23:12:40.893258095 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:40.893292904 CEST44349740184.31.62.93192.168.2.4
          Apr 18, 2024 23:12:48.520807981 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:48.520981073 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:12:48.521029949 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:49.625011921 CEST49738443192.168.2.4142.250.105.106
          Apr 18, 2024 23:12:49.625044107 CEST44349738142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:38.249675989 CEST49748443192.168.2.4142.250.105.106
          Apr 18, 2024 23:13:38.249753952 CEST44349748142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:38.250091076 CEST49748443192.168.2.4142.250.105.106
          Apr 18, 2024 23:13:38.250091076 CEST49748443192.168.2.4142.250.105.106
          Apr 18, 2024 23:13:38.250160933 CEST44349748142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:38.463515043 CEST44349748142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:38.464131117 CEST49748443192.168.2.4142.250.105.106
          Apr 18, 2024 23:13:38.464171886 CEST44349748142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:38.464513063 CEST44349748142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:38.466198921 CEST49748443192.168.2.4142.250.105.106
          Apr 18, 2024 23:13:38.466274977 CEST44349748142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:38.513782978 CEST49748443192.168.2.4142.250.105.106
          Apr 18, 2024 23:13:48.470985889 CEST44349748142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:48.471052885 CEST44349748142.250.105.106192.168.2.4
          Apr 18, 2024 23:13:48.471174002 CEST49748443192.168.2.4142.250.105.106
          Apr 18, 2024 23:13:49.624670982 CEST49748443192.168.2.4142.250.105.106
          Apr 18, 2024 23:13:49.624706030 CEST44349748142.250.105.106192.168.2.4

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 18, 2024 23:12:35.233289957 CEST53595111.1.1.1192.168.2.4
          Apr 18, 2024 23:12:35.244606972 CEST53509701.1.1.1192.168.2.4
          Apr 18, 2024 23:12:35.888571024 CEST53557421.1.1.1192.168.2.4
          Apr 18, 2024 23:12:36.780260086 CEST6418753192.168.2.41.1.1.1
          Apr 18, 2024 23:12:36.782427073 CEST5233653192.168.2.41.1.1.1
          Apr 18, 2024 23:12:36.888088942 CEST53641871.1.1.1192.168.2.4
          Apr 18, 2024 23:12:36.891470909 CEST53523361.1.1.1192.168.2.4
          Apr 18, 2024 23:12:36.894927025 CEST5463453192.168.2.41.1.1.1
          Apr 18, 2024 23:12:36.895250082 CEST5160253192.168.2.41.1.1.1
          Apr 18, 2024 23:12:37.001451015 CEST53516021.1.1.1192.168.2.4
          Apr 18, 2024 23:12:37.003643990 CEST53546341.1.1.1192.168.2.4
          Apr 18, 2024 23:12:38.198343039 CEST5199953192.168.2.41.1.1.1
          Apr 18, 2024 23:12:38.198503017 CEST5134453192.168.2.41.1.1.1
          Apr 18, 2024 23:12:38.303512096 CEST53519991.1.1.1192.168.2.4
          Apr 18, 2024 23:12:38.304259062 CEST53513441.1.1.1192.168.2.4
          Apr 18, 2024 23:12:52.994404078 CEST53502441.1.1.1192.168.2.4
          Apr 18, 2024 23:12:54.223202944 CEST138138192.168.2.4192.168.2.255
          Apr 18, 2024 23:13:11.956439972 CEST53602311.1.1.1192.168.2.4
          Apr 18, 2024 23:13:34.828864098 CEST53597131.1.1.1192.168.2.4
          Apr 18, 2024 23:13:34.996223927 CEST53652321.1.1.1192.168.2.4

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Apr 18, 2024 23:12:36.780260086 CEST192.168.2.41.1.1.10x40adStandard query (0)cybba.solutionsA (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:36.782427073 CEST192.168.2.41.1.1.10xaf97Standard query (0)cybba.solutions65IN (0x0001)false
          Apr 18, 2024 23:12:36.894927025 CEST192.168.2.41.1.1.10x3b1aStandard query (0)cybba.solutionsA (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:36.895250082 CEST192.168.2.41.1.1.10x1389Standard query (0)cybba.solutions65IN (0x0001)false
          Apr 18, 2024 23:12:38.198343039 CEST192.168.2.41.1.1.10x2380Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:38.198503017 CEST192.168.2.41.1.1.10xcd79Standard query (0)www.google.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Apr 18, 2024 23:12:36.888088942 CEST1.1.1.1192.168.2.40x40adNo error (0)cybba.solutions172.67.221.94A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:36.888088942 CEST1.1.1.1192.168.2.40x40adNo error (0)cybba.solutions104.21.67.105A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:36.891470909 CEST1.1.1.1192.168.2.40xaf97No error (0)cybba.solutions65IN (0x0001)false
          Apr 18, 2024 23:12:37.001451015 CEST1.1.1.1192.168.2.40x1389No error (0)cybba.solutions65IN (0x0001)false
          Apr 18, 2024 23:12:37.003643990 CEST1.1.1.1192.168.2.40x3b1aNo error (0)cybba.solutions104.21.67.105A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:37.003643990 CEST1.1.1.1192.168.2.40x3b1aNo error (0)cybba.solutions172.67.221.94A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:38.303512096 CEST1.1.1.1192.168.2.40x2380No error (0)www.google.com142.250.105.106A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:38.303512096 CEST1.1.1.1192.168.2.40x2380No error (0)www.google.com142.250.105.105A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:38.303512096 CEST1.1.1.1192.168.2.40x2380No error (0)www.google.com142.250.105.104A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:38.303512096 CEST1.1.1.1192.168.2.40x2380No error (0)www.google.com142.250.105.99A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:38.303512096 CEST1.1.1.1192.168.2.40x2380No error (0)www.google.com142.250.105.103A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:38.303512096 CEST1.1.1.1192.168.2.40x2380No error (0)www.google.com142.250.105.147A (IP address)IN (0x0001)false
          Apr 18, 2024 23:12:38.304259062 CEST1.1.1.1192.168.2.40xcd79No error (0)www.google.com65IN (0x0001)false
          Apr 18, 2024 23:12:50.856156111 CEST1.1.1.1192.168.2.40xeb93No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Apr 18, 2024 23:12:50.856156111 CEST1.1.1.1192.168.2.40xeb93No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
          Apr 18, 2024 23:13:03.162168980 CEST1.1.1.1192.168.2.40x50beNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Apr 18, 2024 23:13:03.162168980 CEST1.1.1.1192.168.2.40x50beNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
          Apr 18, 2024 23:13:27.041197062 CEST1.1.1.1192.168.2.40x2685No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Apr 18, 2024 23:13:27.041197062 CEST1.1.1.1192.168.2.40x2685No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
          Apr 18, 2024 23:13:48.026283979 CEST1.1.1.1192.168.2.40x2b05No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Apr 18, 2024 23:13:48.026283979 CEST1.1.1.1192.168.2.40x2b05No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • cybba.solutions
          • fs.microsoft.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.449735104.21.67.1054435352C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-04-18 21:12:37 UTC658OUTGET / HTTP/1.1
          Host: cybba.solutions
          Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-04-18 21:12:37 UTC658INHTTP/1.1 200 OK
          Date: Thu, 18 Apr 2024 21:12:37 GMT
          Content-Type: application/octet-stream
          Content-Length: 6
          Connection: close
          Strict-Transport-Security: max-age=3600
          X-Robots-Tag: noindex
          X-Frame-Options: deny
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PcG7SLxMm7Bwp7Dz4EDfYiCgDLVQHUSvwaWQBuZu%2FN3qTRhnzWj%2B%2B6gy%2Fgocn3jdzbQRx0fyzL6%2FG7iL1zZFV2tyJttbbFNC5BU0UZUVFjKz3yI%2FOAn71Swqgf8R0mt6nsQ%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8767a771e9da4593-ATL
          alt-svc: h3=":443"; ma=86400
          2024-04-18 21:12:37 UTC6INData Raw: 48 65 6c 6c 6f 0a
          Data Ascii: Hello


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.449739184.31.62.93443
          TimestampBytes transferredDirectionData
          2024-04-18 21:12:40 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-04-18 21:12:40 UTC467INHTTP/1.1 200 OK
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (chd/079C)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-eus-z1
          Cache-Control: public, max-age=208241
          Date: Thu, 18 Apr 2024 21:12:40 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.449740184.31.62.93443
          TimestampBytes transferredDirectionData
          2024-04-18 21:12:40 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-04-18 21:12:40 UTC805INHTTP/1.1 200 OK
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (chd/0778)
          X-CID: 11
          X-CCC: US
          X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z
          X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z
          Content-Type: application/octet-stream
          X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
          Cache-Control: public, max-age=208262
          Date: Thu, 18 Apr 2024 21:12:40 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-04-18 21:12:40 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:23:12:29
          Start date:18/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:23:12:33
          Start date:18/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2144,i,1816836253766045866,4482234707161197817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:23:12:36
          Start date:18/04/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cybba.solutions"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:4
          Start time:23:12:40
          Start date:18/04/2024
          Path:C:\Windows\System32\rundll32.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
          Imagebase:0x7ff6d2cb0000
          File size:71'680 bytes
          MD5 hash:EF3179D498793BF4234F708D3BE28633
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly