Edit tour

Windows Analysis Report
https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b

Overview

General Information

Sample URL:	https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b
Analysis ID:	1432214
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,14766983396249407254,12143301601303842695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundAlt-Svc: h3=":443"; ma=2592000Apx-Hit: trueContent-Length: 83Content-Type: application/json; charset=utf-8Date: Fri, 26 Apr 2024 15:32:45 GMTServer: CaddyServer: nginx/1.18.0 (Ubuntu)Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/4@4/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,14766983396249407254,12143301601303842695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,14766983396249407254,12143301601303842695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b	0%	Virustotal		Browse
https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://inst.boostfinally.io/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
prox.itrackly.com	213.188.223.109	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
www.google.com	142.250.217.196	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
inst.boostfinally.io	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b	false		unknown
https://inst.boostfinally.io/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.217.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
213.188.223.109	prox.itrackly.com	Italy	25400	TELIA-NORWAY-ASTeliaNorwayCoreNetworksNO	false

Private

IP
192.168.2.17
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432214
Start date and time:	2024-04-26 17:31:48 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/4@4/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.165.195, 172.217.3.78, 74.125.139.84, 34.104.35.123, 13.85.23.86, 23.45.182.107, 23.45.182.93, 23.45.182.77, 23.45.182.104, 23.45.182.85, 192.229.211.108, 20.166.126.56, 20.242.39.171, 142.250.189.131, 199.232.210.172
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

QR Codes

Source	URL
Screenshot	http://

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unknown
Category:	downloaded
Size (bytes):	83
Entropy (8bit):	4.577056908247908
Encrypted:	false
SSDEEP:	3:YIzXl0fELLMr7exaLjJp2ERh2in:YIjl0aLMr7exSJp2Eein
MD5:	40E091AE8A82A69BE213D095D414B1D5
SHA1:	674CC4D453E76E87D24AD971D001D16B5F7F81B1
SHA-256:	39865FBFC83556C699194CE30FF5B84B4D21EC54B1D2E4495F65352D83AF0657
SHA-512:	64A024B7160A1DBF17D4874250554AE394B766C95779B9F2FE473060328506ED4538E0A5EF268B55CCA7E5D1B8893F5ACA3AB6B2BC498FAC1266B83FB30533B3
Malicious:	false
Reputation:	low
URL:	https://inst.boostfinally.io/favicon.ico
Preview:	{"message":"Route GET:/favicon.ico not found","error":"Not Found","statusCode":404}

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unknown
Category:	downloaded
Size (bytes):	5398
Entropy (8bit):	4.0337834564455095
Encrypted:	false
SSDEEP:	48:/Y9DOsGJSTt3D7jDZqqFikUL1BJ4DCm4Bv/v1QgFZy7pGVTVfFBJwkzwZb2TDO+w:Q8sGJSR3zDjz/4B9QKW+FBJ/zo+ibYM
MD5:	42C57F0B9E651EF070AE54493AF562F7
SHA1:	BE692209577A78D71A084FC1813EFEA26324AB36
SHA-256:	B446AF181BB6E04B94AA3E7C2826F765AF46DC0A9548DBE84055279DB8B9A9B4
SHA-512:	FC0B01D61A3E0982BBC48AA5F2B2C7E6E977AEE2E83EE19D14E86EED67286438265358F10E9CF4E8A03B1309E0F13FBAA9D0CB4647BAE249882C0DC27CB34595
Malicious:	false
Reputation:	low
URL:	https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b
Preview:	<!DOCTYPE html>.<html>..<head>. <style>. /------ Base styles ------/. body {. background: #f7f8f9;. font-family: arial;. background-color: #FFF9DE;. text-rendering: optimizeLegibility;. -webkit-font-smoothing: antialiased;. }.. .container {. max-width: 500px;. height: auto;. margin: 50px auto;. padding: 60px;. padding-bottom: 20px;. background-color: #fff;. box-sizing: border-box;. text-align: center;. border-radius: 10px;. box-shadow: 0px 15px 15px -12px rgba(0, 0, 0, 0.09);. }.. .btn {. cursor: pointer;. background-color: #f28e68;. text-decoration: none;. padding: 15px 20px;. font-weight: bold;. border-radius: 50px;. color: #fff;. }.. .btn-light {. background-color: #eee;.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:32:32.310627937 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:32:32.310635090 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:32:32.607484102 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:32:41.470829010 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:41.470853090 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:41.470921993 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:41.471472025 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:41.471489906 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:41.471544981 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:41.471998930 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:41.471998930 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:41.472012043 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:41.472012997 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:41.923295975 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:32:41.923296928 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:32:42.221894979 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:32:42.299766064 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.305711031 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.346817970 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.346838951 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.820014954 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.820038080 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.820400000 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.820421934 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.821507931 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.821544886 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.821572065 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.821630001 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.823147058 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.823215008 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.829879045 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.829989910 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.830079079 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.830111027 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.873054028 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.873054981 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:42.873068094 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:42.918569088 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:43.243201017 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:43.243240118 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:43.243349075 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:43.243366003 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:43.243413925 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:43.260266066 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:43.260361910 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:43.260603905 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:43.260665894 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:43.260708094 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:43.394808054 CEST	49704	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:43.394828081 CEST	443	49704	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:43.505675077 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:43.552124977 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:43.919895887 CEST	443	49698	173.222.162.64	192.168.2.6
Apr 26, 2024 17:32:43.920002937 CEST	49698	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:32:44.475949049 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:44.475974083 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:44.476067066 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:44.488451004 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:44.488466978 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:44.819685936 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:44.820002079 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:44.820038080 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:44.820907116 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:44.820991039 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:44.982971907 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:44.983170986 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:45.168279886 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:45.168293953 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:45.271699905 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:45.271785021 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:45.271922112 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:45.290226936 CEST	49705	443	192.168.2.6	213.188.223.109
Apr 26, 2024 17:32:45.290251970 CEST	443	49705	213.188.223.109	192.168.2.6
Apr 26, 2024 17:32:45.371408939 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:45.517066002 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:45.517107010 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:45.517190933 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:47.008462906 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:47.008505106 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:47.275825977 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:47.275926113 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:48.425760031 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:48.425786018 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:48.426862955 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:48.522075891 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:48.568120003 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:48.650824070 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:48.650986910 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:48.651051044 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.119004965 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.119044065 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.119059086 CEST	49710	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.119066954 CEST	443	49710	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.221261978 CEST	49711	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.221297979 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.221371889 CEST	49711	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.221787930 CEST	49711	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.221792936 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.483369112 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.483463049 CEST	49711	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.485965014 CEST	49711	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.485984087 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.486237049 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.488672018 CEST	49711	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.536123991 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.731844902 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.731905937 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:50.731950998 CEST	49711	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.740454912 CEST	49711	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:32:50.740478992 CEST	443	49711	23.204.76.112	192.168.2.6
Apr 26, 2024 17:32:54.800230980 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:54.800288916 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:32:54.800436974 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:56.357476950 CEST	49709	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:32:56.357500076 CEST	443	49709	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:44.327970028 CEST	49721	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:33:44.328052998 CEST	443	49721	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:44.328258038 CEST	49721	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:33:44.328677893 CEST	49721	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:33:44.328706026 CEST	443	49721	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:44.655575037 CEST	443	49721	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:44.656122923 CEST	49721	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:33:44.656183004 CEST	443	49721	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:44.656533003 CEST	443	49721	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:44.657562017 CEST	49721	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:33:44.657628059 CEST	443	49721	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:44.700586081 CEST	49721	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:33:54.642687082 CEST	443	49721	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:54.642760992 CEST	443	49721	142.250.217.196	192.168.2.6
Apr 26, 2024 17:33:54.642899990 CEST	49721	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:33:56.358253956 CEST	49721	443	192.168.2.6	142.250.217.196
Apr 26, 2024 17:33:56.358294964 CEST	443	49721	142.250.217.196	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:32:39.967144966 CEST	53	62599	1.1.1.1	192.168.2.6
Apr 26, 2024 17:32:40.118954897 CEST	53	59189	1.1.1.1	192.168.2.6
Apr 26, 2024 17:32:41.094295025 CEST	53	64079	1.1.1.1	192.168.2.6
Apr 26, 2024 17:32:41.246510029 CEST	49733	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:32:41.246742964 CEST	59573	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:32:41.444396973 CEST	53	49733	1.1.1.1	192.168.2.6
Apr 26, 2024 17:32:41.469783068 CEST	53	59573	1.1.1.1	192.168.2.6
Apr 26, 2024 17:32:44.313110113 CEST	65223	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:32:44.314095974 CEST	61288	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:32:44.441844940 CEST	53	65223	1.1.1.1	192.168.2.6
Apr 26, 2024 17:32:44.442382097 CEST	53	61288	1.1.1.1	192.168.2.6
Apr 26, 2024 17:33:02.280889988 CEST	53	54269	1.1.1.1	192.168.2.6
Apr 26, 2024 17:33:21.514187098 CEST	53	51585	1.1.1.1	192.168.2.6
Apr 26, 2024 17:33:39.687164068 CEST	53	57013	1.1.1.1	192.168.2.6
Apr 26, 2024 17:33:43.858021975 CEST	53	52262	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 17:32:41.246510029 CEST	192.168.2.6	1.1.1.1	0x8074	Standard query (0)	inst.boostfinally.io	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:32:41.246742964 CEST	192.168.2.6	1.1.1.1	0x86e7	Standard query (0)	inst.boostfinally.io	65	IN (0x0001)	false
Apr 26, 2024 17:32:44.313110113 CEST	192.168.2.6	1.1.1.1	0xf2e9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:32:44.314095974 CEST	192.168.2.6	1.1.1.1	0x6fe7	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 17:32:41.444396973 CEST	1.1.1.1	192.168.2.6	0x8074	No error (0)	inst.boostfinally.io	prox.itrackly.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 17:32:41.444396973 CEST	1.1.1.1	192.168.2.6	0x8074	No error (0)	prox.itrackly.com		213.188.223.109	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:32:41.469783068 CEST	1.1.1.1	192.168.2.6	0x86e7	No error (0)	inst.boostfinally.io	prox.itrackly.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 17:32:44.441844940 CEST	1.1.1.1	192.168.2.6	0xf2e9	No error (0)	www.google.com		142.250.217.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:32:44.442382097 CEST	1.1.1.1	192.168.2.6	0x6fe7	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 17:32:53.716149092 CEST	1.1.1.1	192.168.2.6	0x717b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 17:32:53.716149092 CEST	1.1.1.1	192.168.2.6	0x717b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:33:06.534614086 CEST	1.1.1.1	192.168.2.6	0x7fab	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 17:33:06.534614086 CEST	1.1.1.1	192.168.2.6	0x7fab	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:33:36.635683060 CEST	1.1.1.1	192.168.2.6	0x58a6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 17:33:36.635683060 CEST	1.1.1.1	192.168.2.6	0x58a6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:33:52.610563040 CEST	1.1.1.1	192.168.2.6	0xff64	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 17:33:52.610563040 CEST	1.1.1.1	192.168.2.6	0xff64	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:33:55.086168051 CEST	1.1.1.1	192.168.2.6	0x3f35	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:33:55.086168051 CEST	1.1.1.1	192.168.2.6	0x3f35	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

inst.boostfinally.io

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49704	213.188.223.109	443	7132	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:32:42 UTC	707	OUT	GET /unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b HTTP/1.1 Host: inst.boostfinally.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:32:43 UTC	348	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Alt-Svc: h3=":443"; ma=2592000 Apx-Hit: true Cache-Control: public, max-age=0 Content-Length: 5398 Content-Type: Content-Type Date: Fri, 26 Apr 2024 15:32:43 GMT Etag: W/"1516-1821921df60" Last-Modified: Wed, 20 Jul 2022 01:03:46 GMT Server: Caddy Server: nginx/1.18.0 (Ubuntu) Connection: close
2024-04-26 15:32:43 UTC	838	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 2d 2d 2d 2d 2d 2d 20 42 61 73 65 20 73 74 79 6c 65 73 20 2d 2d 2d 2d 2d 2d 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 37 66 38 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 39 44 45 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 72 65 6e 64 65 72 69 6e 67 3a 20 6f 70 74 69 6d 69 7a 65 4c 65 67 69 62 69 6c 69 74 79 3b 0a 20 20 20 20 20 20 20 Data Ascii: <!DOCTYPE html><html><head> <style> /------ Base styles ------/ body { background: #f7f8f9; font-family: arial; background-color: #FFF9DE; text-rendering: optimizeLegibility;
2024-04-26 15:32:43 UTC	2372	IN	Data Raw: 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 62 74 6e 2d 6c 69 67 68 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 65 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 33 38 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 Data Ascii: ; font-weight: bold; border-radius: 50px; color: #fff; } .btn-light { background-color: #eee; color: #222; } @media only screen and (max-width: 380px) {
2024-04-26 15:32:43 UTC	538	IN	Data Raw: 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 20 30 20 37 30 70 78 20 37 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 39 39 35 37 31 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 30 2e 33 73 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6d 6f 75 74 68 3a 62 65 66 6f 72 65 2c 0a 20 20 20 20 20 20 20 20 2e 6d 6f 75 74 68 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 27 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b Data Ascii: auto; border-radius: 0 0 70px 70px; overflow: hidden; background: #995710; transition: 0.3s; } .mouth:before, .mouth:after { content: ''; position: absolute;
2024-04-26 15:32:43 UTC	1650	IN	Data Raw: 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 20 30 20 37 30 70 78 20 37 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 39 39 35 37 31 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 75 6e 73 75 62 73 63 72 69 62 65 3a 68 6f 76 65 72 7e 2e 65 6d 6f 6a 69 20 2e 6d 6f 75 74 68 20 7b 0a 20 20 20 20 Data Ascii: z-index: 1; width: 50px; height: 25px; margin: 0 auto; border-radius: 0 0 70px 70px; overflow: hidden; background: #995710; } #unsubscribe:hover~.emoji .mouth {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49705	213.188.223.109	443	7132	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:32:43 UTC	640	OUT	GET /favicon.ico HTTP/1.1 Host: inst.boostfinally.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:32:45 UTC	242	IN	HTTP/1.1 404 Not Found Alt-Svc: h3=":443"; ma=2592000 Apx-Hit: true Content-Length: 83 Content-Type: application/json; charset=utf-8 Date: Fri, 26 Apr 2024 15:32:45 GMT Server: Caddy Server: nginx/1.18.0 (Ubuntu) Connection: close
2024-04-26 15:32:45 UTC	83	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 52 6f 75 74 65 20 47 45 54 3a 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 20 6e 6f 74 20 66 6f 75 6e 64 22 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 34 7d Data Ascii: {"message":"Route GET:/favicon.ico not found","error":"Not Found","statusCode":404}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49710	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:32:48 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 15:32:48 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=55857 Date: Fri, 26 Apr 2024 15:32:48 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49711	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:32:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 15:32:50 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=55849 Date: Fri, 26 Apr 2024 15:32:50 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 15:32:50 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2524, Parent PID: 6036

General

Target ID:	0
Start time:	17:32:32
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7132, Parent PID: 2524

General

Target ID:	2
Start time:	17:32:38
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2012,i,14766983396249407254,12143301601303842695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6664, Parent PID: 6036

General

Target ID:	3
Start time:	17:32:40
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET /unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b HTTP/1.1Host: inst.boostfinally.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: inst.boostfinally.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: inst.boostfinally.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2524, Parent PID: 6036

General

Chronological Activities

Analysis Process: chrome.exePID: 7132, Parent PID: 2524

General

Chronological Activities

Analysis Process: chrome.exePID: 6664, Parent PID: 6036

General

Chronological Activities

Disassembly

Windows Analysis Report
https://inst.boostfinally.io/unsub/1/6d9a2996-a247-4306-be6f-6b2b3b86302b