Edit tour

Windows Analysis Report
https://clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUt

Overview

General Information

Sample URL:	https://clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_dev
Analysis ID:	1432336
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2292,i,15301295497749687114,2650567639006847321,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ==" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.104
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.104
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.104
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.104
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ== HTTP/1.1Host: clickserve.dartsearch.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ== HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: clickserve.dartsearch.net
Source: global traffic	DNS traffic detected: DNS query: ad.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ds5l29de4j.virtualbotz.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@20/0@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2292,i,15301295497749687114,2650567639006847321,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2292,i,15301295497749687114,2650567639006847321,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ==	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ds5l29de4j.virtualbotz.com	192.185.148.151	true	false	unknown
ad.doubleclick.net	192.178.50.70	true	false	high
www.google.com	142.250.217.196	true	false	high
clickserve.dartsearch.net	192.178.50.78	true	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.78	clickserve.dartsearch.net	United States	15169	GOOGLEUS	false
142.250.217.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.185.148.151	ds5l29de4j.virtualbotz.com	United States	46606	UNIFIEDLAYER-AS-1US	false
192.178.50.70	ad.doubleclick.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432336
Start date and time:	2024-04-26 21:39:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ==
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@20/0@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.45.182.100, 172.217.2.195, 142.250.217.206, 142.251.107.84, 34.104.35.123, 40.127.169.103, 52.165.164.15, 13.95.31.18, 20.12.23.50, 20.3.187.198, 23.45.182.85, 23.45.182.97, 23.45.182.83, 23.45.182.80, 23.45.182.98, 23.45.182.95, 23.45.182.93, 23.45.182.103, 142.250.64.227, 172.217.165.195, 23.45.182.86, 23.45.182.96, 23.45.182.78, 23.45.182.79
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ==

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 21:40:12.303947926 CEST	443	49730	173.222.162.32	192.168.2.4
Apr 26, 2024 21:40:25.259574890 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.259655952 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.259736061 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.260050058 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.260087013 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.260139942 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.260361910 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.260399103 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.260843039 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.260862112 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.603195906 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.603584051 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.603610039 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.604526997 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.604552984 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.604604959 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.604624033 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.604657888 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.604696035 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.605550051 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.606637955 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.606731892 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.606811047 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.606826067 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.648318052 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.648766041 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.648783922 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.649164915 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.649177074 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.649336100 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.649336100 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.649344921 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.649385929 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.649770021 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.650518894 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.650573015 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.660144091 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.760546923 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.760565042 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:25.862580061 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:25.999732018 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:26.007184982 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:26.007364988 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:26.008004904 CEST	49740	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:40:26.008034945 CEST	443	49740	192.178.50.78	192.168.2.4
Apr 26, 2024 21:40:26.138341904 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.138406038 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.138494968 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.138755083 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.138777018 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.548019886 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.548479080 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.548506021 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.550023079 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.550106049 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.553998947 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.554069042 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.554506063 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.554516077 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.722918987 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.812797070 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:26.812840939 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:26.812907934 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:26.813127995 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:26.813144922 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:26.937006950 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.937206030 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:26.937300920 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.937822104 CEST	49744	443	192.168.2.4	192.178.50.70
Apr 26, 2024 21:40:26.937848091 CEST	443	49744	192.178.50.70	192.168.2.4
Apr 26, 2024 21:40:27.208734989 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:27.209055901 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:27.209069014 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:27.209914923 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:27.209980965 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:27.263370991 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:27.263464928 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:27.317470074 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:27.317485094 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:27.361675978 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:27.493736982 CEST	49746	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:27.493778944 CEST	443	49746	192.185.148.151	192.168.2.4
Apr 26, 2024 21:40:27.493936062 CEST	49746	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:27.497876883 CEST	49746	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:27.497890949 CEST	443	49746	192.185.148.151	192.168.2.4
Apr 26, 2024 21:40:29.523361921 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:29.523438931 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:29.523643970 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:29.525748968 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:29.525779963 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:29.788248062 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:29.788350105 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:29.793580055 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:29.793596983 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:29.794007063 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:29.833121061 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:29.876140118 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.031132936 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.031212091 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.031322002 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.031363964 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.031394958 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.031394958 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.031416893 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.031436920 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.059468031 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.059505939 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.059570074 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.059849024 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.059861898 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.319894075 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.319971085 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.321890116 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.321897984 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.322657108 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.324259043 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.372118950 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.567209959 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.567365885 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.567430973 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.569598913 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.569613934 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:30.569674015 CEST	49748	443	192.168.2.4	23.204.76.112
Apr 26, 2024 21:40:30.569679022 CEST	443	49748	23.204.76.112	192.168.2.4
Apr 26, 2024 21:40:37.187716007 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:37.187886953 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:37.187949896 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:39.348242044 CEST	49745	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:40:39.348262072 CEST	443	49745	142.250.217.196	192.168.2.4
Apr 26, 2024 21:40:57.503979921 CEST	49746	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:57.544125080 CEST	443	49746	192.185.148.151	192.168.2.4
Apr 26, 2024 21:40:59.303658962 CEST	49750	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:59.303690910 CEST	443	49750	192.185.148.151	192.168.2.4
Apr 26, 2024 21:40:59.303766966 CEST	49750	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:59.303873062 CEST	49751	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:59.303960085 CEST	443	49751	192.185.148.151	192.168.2.4
Apr 26, 2024 21:40:59.304025888 CEST	49751	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:59.306989908 CEST	49750	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:59.307002068 CEST	443	49750	192.185.148.151	192.168.2.4
Apr 26, 2024 21:40:59.308175087 CEST	49751	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:40:59.308207989 CEST	443	49751	192.185.148.151	192.168.2.4
Apr 26, 2024 21:41:10.768518925 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:41:10.768542051 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:41:12.344149113 CEST	49723	80	192.168.2.4	23.45.182.104
Apr 26, 2024 21:41:12.344203949 CEST	49724	80	192.168.2.4	23.45.182.104
Apr 26, 2024 21:41:12.468936920 CEST	80	49724	23.45.182.104	192.168.2.4
Apr 26, 2024 21:41:12.468962908 CEST	80	49723	23.45.182.104	192.168.2.4
Apr 26, 2024 21:41:12.469007969 CEST	49724	80	192.168.2.4	23.45.182.104
Apr 26, 2024 21:41:12.469037056 CEST	49723	80	192.168.2.4	23.45.182.104
Apr 26, 2024 21:41:26.106829882 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:41:26.106935978 CEST	443	49741	192.178.50.78	192.168.2.4
Apr 26, 2024 21:41:26.106990099 CEST	49741	443	192.168.2.4	192.178.50.78
Apr 26, 2024 21:41:26.929712057 CEST	49755	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:41:26.929743052 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:26.933777094 CEST	49755	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:41:26.937705040 CEST	49755	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:41:26.937716961 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:27.768522978 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:27.771277905 CEST	49755	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:41:27.771290064 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:27.771576881 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:27.772021055 CEST	49755	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:41:27.772075891 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:27.814860106 CEST	49755	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:41:29.316905022 CEST	49750	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:29.316977024 CEST	49751	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:29.335525036 CEST	49732	80	192.168.2.4	192.229.211.108
Apr 26, 2024 21:41:29.360121012 CEST	443	49750	192.185.148.151	192.168.2.4
Apr 26, 2024 21:41:29.360125065 CEST	443	49751	192.185.148.151	192.168.2.4
Apr 26, 2024 21:41:29.460184097 CEST	80	49732	192.229.211.108	192.168.2.4
Apr 26, 2024 21:41:29.461908102 CEST	49732	80	192.168.2.4	192.229.211.108
Apr 26, 2024 21:41:34.335834980 CEST	49758	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:34.335923910 CEST	443	49758	192.185.148.151	192.168.2.4
Apr 26, 2024 21:41:34.335989952 CEST	49758	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:34.336600065 CEST	49759	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:34.336678982 CEST	443	49759	192.185.148.151	192.168.2.4
Apr 26, 2024 21:41:34.336770058 CEST	49759	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:34.337614059 CEST	49759	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:34.337651014 CEST	443	49759	192.185.148.151	192.168.2.4
Apr 26, 2024 21:41:34.338303089 CEST	49758	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:34.338336945 CEST	443	49758	192.185.148.151	192.168.2.4
Apr 26, 2024 21:41:37.271850109 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:37.271903992 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:37.271955967 CEST	49755	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:41:38.375128984 CEST	49755	443	192.168.2.4	142.250.217.196
Apr 26, 2024 21:41:38.375149965 CEST	443	49755	142.250.217.196	192.168.2.4
Apr 26, 2024 21:41:42.549470901 CEST	49746	443	192.168.2.4	192.185.148.151
Apr 26, 2024 21:41:42.549484015 CEST	443	49746	192.185.148.151	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 21:40:23.055526972 CEST	53	56609	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:23.056200981 CEST	53	52609	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:25.024224997 CEST	58081	53	192.168.2.4	1.1.1.1
Apr 26, 2024 21:40:25.024379015 CEST	50310	53	192.168.2.4	1.1.1.1
Apr 26, 2024 21:40:25.080885887 CEST	53	65319	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:25.151741982 CEST	53	50310	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:25.152721882 CEST	53	58081	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:26.011240959 CEST	64134	53	192.168.2.4	1.1.1.1
Apr 26, 2024 21:40:26.011540890 CEST	58427	53	192.168.2.4	1.1.1.1
Apr 26, 2024 21:40:26.136760950 CEST	53	64134	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:26.137478113 CEST	53	58427	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:26.664865017 CEST	65364	53	192.168.2.4	1.1.1.1
Apr 26, 2024 21:40:26.665544033 CEST	55362	53	192.168.2.4	1.1.1.1
Apr 26, 2024 21:40:26.790627003 CEST	53	65364	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:26.791995049 CEST	53	55362	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:27.275309086 CEST	62467	53	192.168.2.4	1.1.1.1
Apr 26, 2024 21:40:27.276040077 CEST	51317	53	192.168.2.4	1.1.1.1
Apr 26, 2024 21:40:27.454436064 CEST	53	62467	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:27.485769987 CEST	53	51317	1.1.1.1	192.168.2.4
Apr 26, 2024 21:40:40.952496052 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 21:40:43.099518061 CEST	53	51845	1.1.1.1	192.168.2.4
Apr 26, 2024 21:41:03.821154118 CEST	53	50102	1.1.1.1	192.168.2.4
Apr 26, 2024 21:41:22.521439075 CEST	53	51796	1.1.1.1	192.168.2.4
Apr 26, 2024 21:41:26.232992887 CEST	53	52984	1.1.1.1	192.168.2.4
Apr 26, 2024 21:41:29.297610998 CEST	53	58757	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 21:40:25.024224997 CEST	192.168.2.4	1.1.1.1	0xfabe	Standard query (0)	clickserve.dartsearch.net	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:40:25.024379015 CEST	192.168.2.4	1.1.1.1	0x66b6	Standard query (0)	clickserve.dartsearch.net	65	IN (0x0001)	false
Apr 26, 2024 21:40:26.011240959 CEST	192.168.2.4	1.1.1.1	0x69c0	Standard query (0)	ad.doubleclick.net	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:40:26.011540890 CEST	192.168.2.4	1.1.1.1	0x1cec	Standard query (0)	ad.doubleclick.net	65	IN (0x0001)	false
Apr 26, 2024 21:40:26.664865017 CEST	192.168.2.4	1.1.1.1	0xc08b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:40:26.665544033 CEST	192.168.2.4	1.1.1.1	0x889	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 21:40:27.275309086 CEST	192.168.2.4	1.1.1.1	0xb2ad	Standard query (0)	ds5l29de4j.virtualbotz.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:40:27.276040077 CEST	192.168.2.4	1.1.1.1	0xcdc8	Standard query (0)	ds5l29de4j.virtualbotz.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 21:40:25.152721882 CEST	1.1.1.1	192.168.2.4	0xfabe	No error (0)	clickserve.dartsearch.net	192.178.50.78	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:40:26.136760950 CEST	1.1.1.1	192.168.2.4	0x69c0	No error (0)	ad.doubleclick.net	192.178.50.70	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:40:26.137478113 CEST	1.1.1.1	192.168.2.4	0x1cec	No error (0)	ad.doubleclick.net		65	IN (0x0001)	false
Apr 26, 2024 21:40:26.790627003 CEST	1.1.1.1	192.168.2.4	0xc08b	No error (0)	www.google.com	142.250.217.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:40:26.791995049 CEST	1.1.1.1	192.168.2.4	0x889	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 26, 2024 21:40:27.454436064 CEST	1.1.1.1	192.168.2.4	0xb2ad	No error (0)	ds5l29de4j.virtualbotz.com	192.185.148.151	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

clickserve.dartsearch.net

ad.doubleclick.net

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	192.178.50.78	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:40:25 UTC	1184	OUT	GET /link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ== HTTP/1.1 Host: clickserve.dartsearch.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:40:25 UTC	1056	IN	HTTP/1.1 301 Moved Permanently Location: https://ad.doubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ== Content-Type: text/html; charset=UTF-8 Date: Fri, 26 Apr 2024 19:40:25 GMT Expires: Fri, 26 Apr 2024 19:40:25 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-26 19:40:25 UTC	199	IN	Data Raw: 33 33 36 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 21 2d 2d 20 47 53 45 20 44 65 66 61 75 6c 74 20 45 72 72 6f 72 20 2d 2d 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 61 64 2e 64 6f Data Ascii: 336<HTML><HEAD><TITLE>Moved Permanently</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000">... GSE Default Error --><H1>Moved Permanently</H1>The document has moved <A HREF="https://ad.do
2024-04-26 19:40:25 UTC	630	IN	Data Raw: 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 73 65 61 72 63 68 61 64 73 2f 6c 69 6e 6b 2f 63 6c 69 63 6b 3f 26 61 6d 70 3b 64 73 5f 61 5f 63 69 64 3d 37 38 36 34 35 36 33 31 26 61 6d 70 3b 64 73 5f 61 5f 63 61 69 64 3d 31 36 38 36 34 34 30 33 34 37 39 26 61 6d 70 3b 64 73 5f 61 5f 61 67 69 64 3d 31 33 36 32 31 33 36 33 35 30 36 30 26 61 6d 70 3b 64 73 5f 61 5f 66 69 69 64 3d 26 61 6d 70 3b 64 73 5f 61 5f 6c 69 64 3d 6b 77 64 2d 33 33 37 39 35 34 33 31 31 39 37 30 26 61 6d 70 3b 26 61 6d 70 3b 64 73 5f 65 5f 61 64 69 64 3d 35 39 32 34 31 35 31 34 35 33 31 35 26 61 6d 70 3b 64 73 5f 65 5f 6d 61 74 63 68 74 79 70 65 3d 73 65 61 72 63 68 26 61 6d 70 3b 64 73 5f 65 5f 64 65 76 69 63 65 3d 63 26 61 6d 70 3b 64 73 5f 65 5f 6e 65 74 77 6f 72 6b 3d 67 26 61 6d 70 3b Data Ascii: ubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&
2024-04-26 19:40:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	192.178.50.70	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:40:26 UTC	1187	OUT	GET /searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ== HTTP/1.1 Host: ad.doubleclick.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:40:26 UTC	983	IN	HTTP/1.1 302 Found P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Location: https://ds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ== Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 19:40:26 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: IDE=AHWqTUlATzhFVmW-gyNWkyTioFIK5Mdh0XfUpX94jVj4BVMRe9eOvl76WEsX9YvhbGQ; expires=Sun, 26-Apr-2026 19:40:26 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Set-Cookie: FLC=CPelNRCHpcI9GKn7-o8BKLH8xAIwqoawsQZwANq4BBoyGDoWChQoMJgX0ezzKpobBgjwspqxBqAbAQ; expires=Fri, 26-Apr-2024 19:40:36 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49747	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:40:29 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 19:40:30 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=40996 Date: Fri, 26 Apr 2024 19:40:29 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49748	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:40:30 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 19:40:30 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=40989 Date: Fri, 26 Apr 2024 19:40:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 19:40:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3196, Parent PID: 3720

General

Target ID:	0
Start time:	21:40:16
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1668, Parent PID: 3196

General

Target ID:	2
Start time:	21:40:21
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2292,i,15301295497749687114,2650567639006847321,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6512, Parent PID: 3720

General

Target ID:	3
Start time:	21:40:23
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https%3A%2F%2Fds5l29de4j.virtualbotz.com/dyvacwws/Ridgelineintl/cmhhcmtleUByaWRnZWxpbmVpbnRsLmNvbQ=="
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3196, Parent PID: 3720

General

Chronological Activities

Analysis Process: chrome.exePID: 1668, Parent PID: 3196

General

Chronological Activities

Analysis Process: chrome.exePID: 6512, Parent PID: 3720

General

Chronological Activities

Disassembly