Edit tour

Windows Analysis Report
https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4|mail%2F90%2F1702548600%2F1rDinR-0008H3-4u|in12i|57e1b682|21208867|12850088|657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14

Overview

General Information

Sample URL:	https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4\|mail%2F90%2F1702548600%2F1rDinR-0008H3-4u\|in12i\|57e1b682\|21208867\|12850088\|657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%
Analysis ID:	1362084
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4348 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2524,i,12313867052400908130,11082874903438387883,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6328 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4%7Cmail%2F90%2F1702548600%2F1rDinR-0008H3-4u%7Cin12i%7C57e1b682%7C21208867%7C12850088%7C657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

• AV Detection
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4%7Cmail%2F90%2F1702548600%2F1rDinR-0008H3-4u%7Cin12i%7C57e1b682%7C21208867%7C12850088%7C657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14

Avira URL Cloud: detection malicious, Label: phishing

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49765 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /r/h0n4L/ HTTP/1.1Host: tx.glConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://url12.mailanyone.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dk/gls-group/ HTTP/1.1Host: gps.adw.mybluehost.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: dhl.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rdDTsyA+RvWn78V&MD=X6a85P71 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rdDTsyA+RvWn78V&MD=X6a85P71 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /r/h0n4L HTTP/1.1Host: tx.glConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: route=23121fdb488b2c660c41bd2881418abb

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49765 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_4348_1053403556

Jump to behavior

Source: classification engine

Classification label: mal48.win@17/10@22/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2524,i,12313867052400908130,11082874903438387883,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4%7Cmail%2F90%2F1702548600%2F1rDinR-0008H3-4u%7Cin12i%7C57e1b682%7C21208867%7C12850088%7C657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2524,i,12313867052400908130,11082874903438387883,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4%7Cmail%2F90%2F1702548600%2F1rDinR-0008H3-4u%7Cin12i%7C57e1b682%7C21208867%7C12850088%7C657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
tx.gl	3%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://tx.gl/r/h0n4L/	0%	Avira URL Cloud	safe
http://tx.gl/r/h0n4L	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	192.178.50.45	true	false		high
dhl.com	156.137.3.32	true	false		high
tx.gl	59.162.167.84	true	false	3%, Virustotal, Browse	unknown
gps.adw.mybluehost.me	66.235.200.146	true	false		high
www.google.com	142.250.189.132	true	false		high
clients.l.google.com	192.178.50.46	true	false		high
clients2.google.com	unknown	unknown	false		high
www.dhl.com	unknown	unknown	false		high
url12.mailanyone.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4%7Cmail%2F90%2F1702548600%2F1rDinR-0008H3-4u%7Cin12i%7C57e1b682%7C21208867%7C12850088%7C657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14	false		high
https://tx.gl/r/h0n4L/	false	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://gps.adw.mybluehost.me/dk/gls-group/	false		high
https://dhl.com/	false		high
http://tx.gl/r/h0n4L	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.45	accounts.google.com	United States	15169	GOOGLEUS	false
192.178.50.46	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.189.132	www.google.com	United States	15169	GOOGLEUS	false
59.162.167.84	tx.gl	India	4755	TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISP	false
66.235.200.146	gps.adw.mybluehost.me	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
156.137.3.32	dhl.com	Czech Republic	2571	DHLNETCZ	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1362084
Start date and time:	2023-12-14 11:59:01 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4\|mail%2F90%2F1702548600%2F1rDinR-0008H3-4u\|in12i\|57e1b682\|21208867\|12850088\|657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/10@22/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.50.35, 34.104.35.123, 104.18.38.204, 172.64.149.52, 23.37.77.94, 104.91.175.23, 192.229.211.108, 104.91.175.30, 142.250.217.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, www.dhl.com.edgekey.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, url12.mailanyone.net.cdn.cloudflare.net, e19263.dsca.akamaiedge.net, www.dhl.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (3999), with no line terminators
Category:	downloaded
Size (bytes):	3999
Entropy (8bit):	5.384768440412467
Encrypted:	false
SSDEEP:	96:zPIuC7Rem55iH+CBiTlQhQ1oR8znTLmoCcZeX6pR:0uqRViH+CITlQhQ1oyznT+cw6H
MD5:	CAB6057F3FB0BD14FDB154C9636F2ACD
SHA1:	DEE42B01B6C0C8C4244309249BED3DAC8A875CAF
SHA-256:	48CC5FBCA021072CF7BE4F476DDF522623AA9ABF483623E1722A92F074644324
SHA-512:	7363C7604577AB5FFFE08D60BCD92852FB9724B8B95A08D8CD910859EC17EE7C57ADFB7AA39B54344CA89C830E0EDD94776DA47D924AA389C48FEF5C6C7D814E
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4%7Cmail%2F90%2F1702548600%2F1rDinR-0008H3-4u%7Cin12i%7C57e1b682%7C21208867%7C12850088%7C657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14
Preview:	<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="VIPRE Email Security URL Protection"/><title>URL Protection \| VIPRE Email Security</title><link href="/static/css/main.2768b4bf.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(e){function t(t){for(var n,o,c=t[0],i=t[1],l=t[2],f=0,p=[];f<c.length;f++)o=c[f],Object.prototype.hasOwnProperty.call(a,o)&&a[o]&&p.push(a[o][0]),a[o]=0;for(n in i)Object.prototype.hasOwnProperty.call(i,n)&&(e[n]=i[n]);for(s&&s(t);p.length;)p.shift()();return u.push.apply(u,l\|\|[]),r()}function r(){for(var e,t=0;t<u.length;t++){for(var r=u[t],n=!0,o=1;o<r.length;o++){var i=r[o];0!==a[i]&&(n=!1)}n&&(u.splice(t--,1),e=c(c.s=r[0]))}return e}var n={},o={1:0},a={1:0},u=[];function c

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8127)
Category:	downloaded
Size (bytes):	8176
Entropy (8bit):	5.354303077210023
Encrypted:	false
SSDEEP:	48:06ljerKZ8o6Z9ODdsd8HX02I2pNp7CpXLxJBEsE4LJTENV0sLR5NnjFARezY5+xH:0Df5dBE2gftF3YoCEXOVIsgAY
MD5:	131871CE596EE77AA51129C134336F00
SHA1:	9BE571424EA29C4EA834981098C3924B6C19453A
SHA-256:	92C546D42EA275C73117FA125AF64A342BAC8E0E921EC11280861D905719BEB8
SHA-512:	C60FBC5BB31A6ACAD2FDFF5BC366E83FC772493B43B49A4A9AA4F4AF213673BB0F04781134A6ACDF11456DF6841A705DCCD5FB0979A94F7E75C09A89D487EBE5
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/static/css/4.6f882ee5.chunk.css
Preview:	.FloatingCircle_FloatingCircleContainer__13Pwx{height:0}.FloatingCircle_FloatingCircle__1mZQc,.FloatingCircle_FloatingCircleContainer__13Pwx{display:-webkit-flex;display:flex;-webkit-justify-content:center;justify-content:center}.FloatingCircle_FloatingCircle__1mZQc{position:relative;overflow:hidden;border-radius:50%;box-shadow:0 3px 6px rgba(0,0,0,.161);z-index:1}.FloatingCircle_FloatingCircle__MD__3w-8L{top:-2.333rem;height:4.666rem;width:4.666rem}.FloatingCircle_FloatingCircle__LG__2ewqP{top:-3rem;height:6rem;width:6rem}.FloatingCircle_FloatingCircle__Icon__3stnW{display:-webkit-flex;display:flex;-webkit-align-items:center;align-items:center}.FloatingCircle_FloatingCircle__Icon__MD__2UABm{font-size:2.333rem}.FloatingCircle_FloatingCircle__Icon__LG__3JGnf{font-size:3rem}.FloatingCircle_FloatingCircleDanger__3anuh{background-color:#f2d9d3}.FloatingCircle_FloatingCircleDanger__3anuh .FloatingCircle_FloatingCircle__Icon__3stnW{color:#ba2d0c}.FloatingCircle_FloatingCircleWarning__3JlQ0{b

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65462)
Category:	downloaded
Size (bytes):	423046
Entropy (8bit):	5.438572506520833
Encrypted:	false
SSDEEP:	3072:/6UQptC+C+OgOh2nXQbyDlgVeeqWxtZE5XIaQ0Sh2qC6k8ukH8UmXS1ooW1Kz:/6ez+OwieOmqTky8U81K
MD5:	FED72784CBCB19D9375B283B432D7B3B
SHA1:	3012BE15099BEE5AFC416D150C4616A0A418A8D0
SHA-256:	A9DBEF011641348EC3C7A812DD3EB4871E6C971A66870630D8641C56DE39AF69
SHA-512:	DDC9DCF5C63468694A1CD752DB8B1E2B2A7562DCF6BBEBFCEABEDFB2848FDA4496EFFC6923BA86BD5F0BB3A32B6044292167A97AC8E9330F84D42BF991160015
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/static/js/2.fde2ca04.chunk.js
Preview:	/! For license information please see 2.fde2ca04.chunk.js.LICENSE.txt /.(this["webpackJsonpvp-webapp-clicksmart"]=this["webpackJsonpvp-webapp-clicksmart"]\|\|[]).push([[2],[function(e,t,n){"use strict";e.exports=n(420)},function(e,t,n){var r=n(3),o=n(18).f,i=n(24),a=n(20),u=n(106),c=n(147),s=n(68);e.exports=function(e,t){var n,l,f,p,d,h=e.target,v=e.global,g=e.stat;if(n=v?r:g?r[h]\|\|u(h,{}):(r[h]\|\|{}).prototype)for(l in t){if(p=t[l],f=e.noTargetGet?(d=o(n,l))&&d.value:n[l],!s(v?l:h+(g?".":"#")+l,e.forced)&&void 0!==f){if(typeof p===typeof f)continue;c(p,f)}(e.sham\|\|f&&f.sham)&&i(p,"sham",!0),a(n,l,p,e)}}},function(e,t){e.exports=function(e){try{return!!e()}catch(t){return!0}}},function(e,t,n){(function(t){var n=function(e){return e&&e.Math==Math&&e};e.exports=n("object"==typeof globalThis&&globalThis)\|\|n("object"==typeof window&&window)\|\|n("object"==typeof self&&self)\|\|n("object"==typeof t&&t)\|\|function(){return this}()\|\|Function("return this")()}).call(this,n(56))},function(e,t,n){e.ex

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15406
Entropy (8bit):	2.932954551863506
Encrypted:	false
SSDEEP:	48:M7yRB52gkEWMIII9UzVK+KZ72p56tQOPk9GPU5NX5uezdAhllSM0H:6/g9pviRw62F4SNX5K0
MD5:	9D62DCC244C0F3D88367A943BA4D4FED
SHA1:	5FC5EC953D4344422EB686B9FC61EA31CAED360E
SHA-256:	FDDF75D3376BB911DB3189AA149F508317799B10611438B23D688B89DB208DA7
SHA-512:	78CD9A7A2CDAFCC378A3CB1215325BE78D54A4459D5C4C7271DE617A272AAD10A951BD7F2EFE15EBF4E70A059420D988AC093C481AF02C788D864AA9E316DF22
Malicious:	false
Reputation:	low
Preview:	............ .h...6... .... .(.......00.... .h&......(....... ..... .....................................................................................................................C!!.........................................................U.G%..H% Y....................................................I%..G$..G%..UU..............................................F##.H$..G$..H$..N''.............................................H%..G$..G$..H%..............................................G&!6H$..G$..H$..L"".............................................H$..G$..G$..H%..%q.%r.%r.'o.'............................G'.VG$..G$..G%..U.$q.~$q..$q..$q..3f..........................H$..G$..G$..I$.b.... ...$q..$q..$q..&q.s........................G$..G$..H$..UU..........$q.M$q..$q..$q..'l......................H% YG$..G#.A................%r.$q..$q..$r..................`..f.V2$\.q..q..q..q..q.>\|.)$r..$q..$q..%s.>........j..j..j..j..j..j..j..j..j..k.(s.$q..$q..%q..@....jv.j..

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4962)
Category:	downloaded
Size (bytes):	5010
Entropy (8bit):	5.3247438309708635
Encrypted:	false
SSDEEP:	96:t73pKmDZxs9Iwbfln62gb0ZZRiiB4hA/27A3hGj60nV:ZsCZe9IwLlnRgb0HUCy7+fk
MD5:	49864A8E125D378BCB2C452E5F949AB9
SHA1:	16813CF45B19A19293AE85ECC3D7E6E18F95E75C
SHA-256:	0ED4CE10806A4CFFBC0A283BEF8AD076EDF2D070A3F72979F825595790966EEE
SHA-512:	B375DFE76BDB7DC954CC68A451EE7AA166709A0735970DCFAA2B60EEEA3C7C83C1040288D96318131716A3B573DF2D1BD1A0803115784BD6E428F7EF2C97975A
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/static/js/main.fbcc4ef1.chunk.js
Preview:	(this["webpackJsonpvp-webapp-clicksmart"]=this["webpackJsonpvp-webapp-clicksmart"]\|\|[]).push([[0],{134:function(n,t,e){"use strict";function c(n){window.location.href=n}e.d(t,"a",(function(){return c})),e.d(t,"b",(function(){return r})),e.d(t,"c",(function(){return s}));var o=e(0),a=e(97);function r(n,t){Object(o.useEffect)((function(){!function(n,t){var e=a.a.t("URL Protection"),c=a.a.t("VIPRE Email Security");document.title="".concat(null!==n&&void 0!==n?n:e," \| ").concat(null!==t&&void 0!==t?t:c)}(n,t)}),[n,t])}function s(n,t){var e=Object(o.useRef)(),c=Object(o.useRef)((function(){}));return Object(o.useEffect)((function(){e.current=n}),[n]),Object(o.useEffect)((function(){if(null!==t){var n=setInterval((function(){e.current&&e.current()}),t),o=function(){clearInterval(n)};return c.current=o,o}}),[t]),{clear:c.current}}},138:function(n,t,e){"use strict";var c;e.d(t,"a",(function(){return c})),function(n){n.INFO="INFO",n.WARNING="WARNING",n.DANGER="DANGER"}(c\|\|(c={}))},207:function(

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Category:	downloaded
Size (bytes):	89423
Entropy (8bit):	5.054632846981616
Encrypted:	false
SSDEEP:	768:invrjDVn5zUGaLV5f1x/hHCwxkn42k43SYim1gtd5xENM6HN26zdwbhB:invDaLJBhHCwc3SYiRENM6HN26BwbhB
MD5:	5ED8A5EC7C2F3373DAB40F406BE4E1E6
SHA1:	B28BAF01ED6D1017AACF302343E6C0C675D8127D
SHA-256:	E3526F688F0037EB9818B78E5096B7ED43AEC8D0A9A1CBEA6C7FEA39D812291D
SHA-512:	E6278C8F3961C16FBF963B4293C22FA504258112BFA3DF108B04BD5366E758515E268D5766493A684708854B6E02F0948D983C29E536FBC54E757D8649C4C27B
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/static/css/main.2768b4bf.chunk.css
Preview:	.Toast_ToastContainer__3e1f-{position:fixed;z-index:2}.Toast_ToastContainer__3e1f- .Toast_Toast__1Ovpv{position:fixed;top:3.66rem;right:1rem;width:16.25rem;background-color:#ba2d0c;color:#fff;border-radius:0;border:0}.Toast_ToastContainer__3e1f- .Toast_ToastBody__JebBI{display:-webkit-flex;display:flex;padding:.625rem}.Toast_ToastContainer__3e1f- .Toast_Message__2sc2J{-webkit-flex:1 1;flex:1 1;font-size:.75rem;letter-spacing:-.011rem;text-align:left}.Toast_ToastContainer__3e1f- .Toast_CircleIcon__2DqTx{margin:.2rem .313rem}.Toast_ToastContainer__3e1f- .Toast_Close__2qAvD{display:-webkit-inline-flex;display:inline-flex;margin:.2rem .313rem;font-size:.74rem;padding:0;color:#fff;line-height:1rem;border:0}.Toast_ToastContainer__3e1f- .Toast_Close__2qAvD:hover{color:#fff;text-decoration:none}:root{--blue:#407198;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#ba2d0c;--orange:#fd7e14;--yellow:#dd9600;--green:#3bb273;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dar

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	81132
Entropy (8bit):	5.268395104711514
Encrypted:	false
SSDEEP:	768:vtQFeEpeHVEmulFGCFPcP9efMgTKgi3kqMUmUZGH41qtCuC9lECaCyMpdmlTjFH/:VQMy6CFOwGmUh1qoolXFHGH/uXUUp
MD5:	A5AF6842BF26FC8A4BCB71E4FA55C0CA
SHA1:	6D297D38D8291F5BFC5582C6032597449ECC9250
SHA-256:	22F86A3F92002829B79768B323C877434B256A0B49C10CF370EA22B3B9336B36
SHA-512:	F293A29DF6F16839CB6BE585E887242AF7516D4F6067B66707F3926FDE8E81CC711444124C6659B1867AA6E5BF4D659753CAFCD1F101F24C89D3F8F3F5FC8AEB
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/static/js/3.51e54426.chunk.js
Preview:	(this["webpackJsonpvp-webapp-clicksmart"]=this["webpackJsonpvp-webapp-clicksmart"]\|\|[]).push([[3],{442:function(e,t,n){"use strict";var r=n(451),o=Object.prototype.toString;function a(e){return"[object Array]"===o.call(e)}function i(e){return"undefined"===typeof e}function s(e){return null!==e&&"object"===typeof e}function c(e){if("[object Object]"!==o.call(e))return!1;var t=Object.getPrototypeOf(e);return null===t\|\|t===Object.prototype}function u(e){return"[object Function]"===o.call(e)}function l(e,t){if(null!==e&&"undefined"!==typeof e)if("object"!==typeof e&&(e=[e]),a(e))for(var n=0,r=e.length;n<r;n++)t.call(null,e[n],n,e);else for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.call(null,e[o],o,e)}e.exports={isArray:a,isArrayBuffer:function(e){return"[object ArrayBuffer]"===o.call(e)},isBuffer:function(e){return null!==e&&!i(e)&&null!==e.constructor&&!i(e.constructor)&&"function"===typeof e.constructor.isBuffer&&e.constructor.isBuffer(e)},isFormData:function(e){return"unde

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33677)
Category:	downloaded
Size (bytes):	33722
Entropy (8bit):	5.505158473326853
Encrypted:	false
SSDEEP:	768:IQHxQlhfD/EKGzY+4b4tdyXmeI8Nr71aO:repEjYXmeTN/1aO
MD5:	0A3A58F308CD683A742C13B16D3BC35B
SHA1:	1C175D968B6892D6B431B5F40309C844E654D580
SHA-256:	B0DDAAD28F9246458C037B59F4BA5620A8432C6BE41B10B235E36B42B665ECFA
SHA-512:	F7335935529D9517B1934E907B1F62AE7577AB091341F590B808D936AB610839F7D945CFCAC7A33FFA0ABEFCA91ADE98014BDF8259C180F8B328EC1F3C5BF0EC
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/static/js/4.2245794f.chunk.js
Preview:	(this["webpackJsonpvp-webapp-clicksmart"]=this["webpackJsonpvp-webapp-clicksmart"]\|\|[]).push([[4],{443:function(e,t,n){"use strict";var a=n(460);n.d(t,"AnalysisErrorCode",(function(){return a.a}));var c=n(461);n.o(c,"ScannerStep")&&n.d(t,"ScannerStep",(function(){return c.ScannerStep})),n.o(c,"Verdict")&&n.d(t,"Verdict",(function(){return c.Verdict}));var r=n(462);n.o(r,"ScannerStep")&&n.d(t,"ScannerStep",(function(){return r.ScannerStep})),n.o(r,"Verdict")&&n.d(t,"Verdict",(function(){return r.Verdict}));var i=n(463);n.o(i,"ScannerStep")&&n.d(t,"ScannerStep",(function(){return i.ScannerStep})),n.o(i,"Verdict")&&n.d(t,"Verdict",(function(){return i.Verdict}));var s=n(464);n.o(s,"ScannerStep")&&n.d(t,"ScannerStep",(function(){return s.ScannerStep})),n.o(s,"Verdict")&&n.d(t,"Verdict",(function(){return s.Verdict}));var o=n(465);n.d(t,"ScannerStep",(function(){return o.a}));var l=n(466);n.d(t,"Verdict",(function(){return l.a}))},460:function(e,t,n){"use strict";var a;n.d(t,"a",(function()

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6557)
Category:	downloaded
Size (bytes):	6602
Entropy (8bit):	4.8912701294467755
Encrypted:	false
SSDEEP:	96:tZo3aiZ6EARn3THjENxWwbqzHpjdlA2KKsoMyNQwyLyBYbeYby38HuHyRtR2IdIy:oAZTHjELbqjlAMkyNwuO5XwCj32oF
MD5:	8C2305C32BD61A9B135A4DCF8586132C
SHA1:	9A62FA2529608706730408FEDC64B61C9678F73C
SHA-256:	077674C2AD26D48610CA9886B0DD80373495ED8949965C3CB0D6B6F266162C0E
SHA-512:	2CBA5A610B9B9DA57137D8C4395DE88FBF55318E2E5C60C989A4384401291E0539746FB5A2E39CEC97442FD2634A80773461EE0BCC32AEA390E4286EFAB05492
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/static/js/7.39b294be.chunk.js
Preview:	(this["webpackJsonpvp-webapp-clicksmart"]=this["webpackJsonpvp-webapp-clicksmart"]\|\|[]).push([[7],{437:function(e){e.exports=JSON.parse('{"Ads":"Ads","Always navigate to a website by searching for the website\u2019s legitimate address rather than clicking a link in an email message.":"Always navigate to a website by searching for the website\u2019s legitimate address rather than clicking a link in an email message.","An error ocurred":"An error ocurred","and":"and","Blogs":"Blogs","Business":"Business","Categories Associated with this Website":"Categories Associated with this Website","Computers and Software":"Computers and Software","Connecting to server":"Connecting to server","Dating":"Dating","Deny Entry":"Deny Entry","Drugs":"Drugs","Education":"Education","Entertainment":"Entertainment","Error":"Error","Error: Invalid URL":"Error: Invalid URL","Error: URL Scanner is unavailable":"Error: URL Scanner is unavailable","Expanding link":"Expanding link","Extracting page features":"Extr

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15406
Entropy (8bit):	2.932954551863506
Encrypted:	false
SSDEEP:	48:M7yRB52gkEWMIII9UzVK+KZ72p56tQOPk9GPU5NX5uezdAhllSM0H:6/g9pviRw62F4SNX5K0
MD5:	9D62DCC244C0F3D88367A943BA4D4FED
SHA1:	5FC5EC953D4344422EB686B9FC61EA31CAED360E
SHA-256:	FDDF75D3376BB911DB3189AA149F508317799B10611438B23D688B89DB208DA7
SHA-512:	78CD9A7A2CDAFCC378A3CB1215325BE78D54A4459D5C4C7271DE617A272AAD10A951BD7F2EFE15EBF4E70A059420D988AC093C481AF02C788D864AA9E316DF22
Malicious:	false
Reputation:	low
URL:	https://url12.mailanyone.net/favicon.ico
Preview:	............ .h...6... .... .(.......00.... .h&......(....... ..... .....................................................................................................................C!!.........................................................U.G%..H% Y....................................................I%..G$..G%..UU..............................................F##.H$..G$..H$..N''.............................................H%..G$..G$..H%..............................................G&!6H$..G$..H$..L"".............................................H$..G$..G$..H%..%q.%r.%r.'o.'............................G'.VG$..G$..G%..U.$q.~$q..$q..$q..3f..........................H$..G$..G$..I$.b.... ...$q..$q..$q..&q.s........................G$..G$..H$..UU..........$q.M$q..$q..$q..'l......................H% YG$..G#.A................%r.$q..$q..$r..................`..f.V2$\.q..q..q..q..q.>\|.)$r..$q..$q..%s.>........j..j..j..j..j..j..j..j..j..k.(s.$q..$q..%q..@....jv.j..

Total Packets: 141
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2023 11:59:47.250637054 CET	49675	443	192.168.2.4	173.222.162.32
Dec 14, 2023 11:59:53.773072958 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:53.773149967 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:53.773210049 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:53.773627043 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:53.773647070 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:53.773716927 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:53.773978949 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:53.774029016 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:53.774239063 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:53.774264097 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.161510944 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:54.161921024 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:54.161952972 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:54.207802057 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.207901955 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:54.207979918 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:54.208098888 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:54.208142042 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.208539009 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.208601952 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:54.209526062 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:54.209537983 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:54.209568024 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.209625959 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:54.209640026 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:54.210057974 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:54.210067987 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:54.210726976 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:54.210876942 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:54.210899115 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.210933924 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.357356071 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.357465029 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:54.357486010 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.357671976 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.357743025 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:54.358067036 CET	49731	443	192.168.2.4	192.178.50.46
Dec 14, 2023 11:59:54.358099937 CET	443	49731	192.178.50.46	192.168.2.4
Dec 14, 2023 11:59:54.389861107 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:54.494422913 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:54.494537115 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:54.494592905 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:54.495091915 CET	49730	443	192.168.2.4	192.178.50.45
Dec 14, 2023 11:59:54.495132923 CET	443	49730	192.178.50.45	192.168.2.4
Dec 14, 2023 11:59:56.501835108 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 11:59:56.501866102 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 11:59:56.501936913 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 11:59:56.502252102 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 11:59:56.502264023 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 11:59:56.780438900 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 11:59:56.786990881 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 11:59:56.787059069 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 11:59:56.789940119 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 11:59:56.790071011 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 11:59:56.791346073 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 11:59:56.796909094 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 11:59:56.845643044 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 11:59:56.845669985 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 11:59:56.889983892 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 11:59:58.443473101 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:58.443500996 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:58.443568945 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:58.447460890 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:58.447470903 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:58.725635052 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:58.725723028 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:58.730108976 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:58.730114937 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:58.730360985 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:58.783816099 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:58.884390116 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:58.928736925 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.010061979 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.010132074 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.010196924 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.010260105 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.010282040 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.010291100 CET	49741	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.010296106 CET	443	49741	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.052447081 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.052510977 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.052606106 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.053030014 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.053062916 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.310735941 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.310839891 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.312002897 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.312022924 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.312266111 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.313402891 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.356745958 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.564888954 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.564968109 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.565028906 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.567552090 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.567580938 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 11:59:59.567610979 CET	49746	443	192.168.2.4	23.193.120.112
Dec 14, 2023 11:59:59.567619085 CET	443	49746	23.193.120.112	192.168.2.4
Dec 14, 2023 12:00:02.306689978 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:02.306721926 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:02.306899071 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:02.307502985 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:02.307583094 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:02.307643890 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:02.307934999 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:02.307948112 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:02.308454990 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:02.308491945 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.382872105 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.383258104 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.383286953 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.388303041 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.388503075 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.393496990 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.393704891 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.393713951 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.393968105 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.394201994 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.394233942 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.394697905 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.401278019 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.401387930 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.401755095 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.404844999 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.435585022 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.435616970 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.450790882 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.450845957 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.485111952 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.499830008 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.749265909 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.749337912 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.749381065 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.767978907 CET	49752	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:03.767999887 CET	443	49752	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:03.913295984 CET	49754	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:04.037233114 CET	49755	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:04.270894051 CET	80	49754	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:04.271058083 CET	49754	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:04.301085949 CET	49754	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:04.400773048 CET	80	49755	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:04.400863886 CET	49755	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:04.656529903 CET	80	49754	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:04.686517000 CET	80	49754	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:04.737977982 CET	49754	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:05.956409931 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:05.956456900 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:05.956558943 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:05.956916094 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:05.956927061 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.220777035 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.221117020 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:06.221143007 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.221992970 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.222047091 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:06.223047972 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:06.223099947 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.223320007 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:06.223325014 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.266128063 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:06.519428968 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.519498110 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.519629002 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:06.519875050 CET	49756	443	192.168.2.4	66.235.200.146
Dec 14, 2023 12:00:06.519887924 CET	443	49756	66.235.200.146	192.168.2.4
Dec 14, 2023 12:00:06.679095030 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:06.679132938 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:06.679202080 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:06.679434061 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:06.679440975 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:06.775280952 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:06.775346994 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:06.775409937 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:00:07.144371986 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.144658089 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:07.144678116 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.145072937 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.145140886 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:07.145764112 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.145812035 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:07.146661043 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:07.146725893 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.146862030 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:07.146869898 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.200623989 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:07.298612118 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.298702002 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.298784018 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:07.299197912 CET	49757	443	192.168.2.4	156.137.3.32
Dec 14, 2023 12:00:07.299218893 CET	443	49757	156.137.3.32	192.168.2.4
Dec 14, 2023 12:00:07.301480055 CET	49738	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:00:07.301527023 CET	443	49738	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:09.535130024 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:09.535200119 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:09.535284996 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:09.537256002 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:09.537291050 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.021101952 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.021300077 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.024884939 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.024904013 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.029047012 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.077729940 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.546855927 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.588746071 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.857996941 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858023882 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858031034 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858040094 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858057022 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858112097 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.858143091 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858158112 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.858191013 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.858684063 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858753920 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.858762980 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858897924 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.858953953 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.879216909 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.879239082 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:10.879251957 CET	49760	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:10.879259109 CET	443	49760	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:47.226521969 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:47.226567030 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:47.226634979 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:47.227339983 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:47.227354050 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:47.711162090 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:47.711407900 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:47.715914965 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:47.715945959 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:47.720741987 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:47.732783079 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:47.776741028 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166018009 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166048050 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166068077 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166193008 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:48.166193008 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:48.166222095 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166277885 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:48.166441917 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166486979 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166501045 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:48.166508913 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166547060 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:48.166552067 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.166594028 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:48.173131943 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:48.173151016 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.173162937 CET	49765	443	192.168.2.4	20.12.23.50
Dec 14, 2023 12:00:48.173168898 CET	443	49765	20.12.23.50	192.168.2.4
Dec 14, 2023 12:00:48.452533960 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:48.452589035 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:49.405400991 CET	49755	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:49.687071085 CET	49754	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:00:49.766958952 CET	80	49755	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:50.040899992 CET	80	49754	59.162.167.84	192.168.2.4
Dec 14, 2023 12:00:56.438462019 CET	49767	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:00:56.438498020 CET	443	49767	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:56.438572884 CET	49767	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:00:56.438895941 CET	49767	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:00:56.438910007 CET	443	49767	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:56.717345953 CET	443	49767	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:56.717608929 CET	49767	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:00:56.717624903 CET	443	49767	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:56.718753099 CET	443	49767	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:56.719065905 CET	49767	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:00:56.719418049 CET	443	49767	142.250.189.132	192.168.2.4
Dec 14, 2023 12:00:56.769601107 CET	49767	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:01:03.029280901 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:01:03.029371023 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:01:03.029536009 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:01:03.910363913 CET	49753	443	192.168.2.4	59.162.167.84
Dec 14, 2023 12:01:03.910396099 CET	443	49753	59.162.167.84	192.168.2.4
Dec 14, 2023 12:01:04.762645960 CET	80	49755	59.162.167.84	192.168.2.4
Dec 14, 2023 12:01:04.762794971 CET	49755	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:01:05.910425901 CET	49755	80	192.168.2.4	59.162.167.84
Dec 14, 2023 12:01:06.270770073 CET	80	49755	59.162.167.84	192.168.2.4
Dec 14, 2023 12:01:06.697993040 CET	443	49767	142.250.189.132	192.168.2.4
Dec 14, 2023 12:01:06.698158026 CET	443	49767	142.250.189.132	192.168.2.4
Dec 14, 2023 12:01:06.698378086 CET	49767	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:01:07.915848017 CET	49767	443	192.168.2.4	142.250.189.132
Dec 14, 2023 12:01:07.915888071 CET	443	49767	142.250.189.132	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2023 11:59:53.643325090 CET	51508	53	192.168.2.4	1.1.1.1
Dec 14, 2023 11:59:53.643578053 CET	60436	53	192.168.2.4	1.1.1.1
Dec 14, 2023 11:59:53.644115925 CET	60283	53	192.168.2.4	1.1.1.1
Dec 14, 2023 11:59:53.644465923 CET	49580	53	192.168.2.4	1.1.1.1
Dec 14, 2023 11:59:53.762797117 CET	53	54068	1.1.1.1	192.168.2.4
Dec 14, 2023 11:59:53.768982887 CET	53	51508	1.1.1.1	192.168.2.4
Dec 14, 2023 11:59:53.769015074 CET	53	60283	1.1.1.1	192.168.2.4
Dec 14, 2023 11:59:53.769577026 CET	53	60436	1.1.1.1	192.168.2.4
Dec 14, 2023 11:59:53.770152092 CET	53	49580	1.1.1.1	192.168.2.4
Dec 14, 2023 11:59:54.532939911 CET	53	64998	1.1.1.1	192.168.2.4
Dec 14, 2023 11:59:55.080168962 CET	59338	53	192.168.2.4	1.1.1.1
Dec 14, 2023 11:59:55.080406904 CET	58276	53	192.168.2.4	1.1.1.1
Dec 14, 2023 11:59:55.211289883 CET	53	58276	1.1.1.1	192.168.2.4
Dec 14, 2023 11:59:56.375967026 CET	55548	53	192.168.2.4	1.1.1.1
Dec 14, 2023 11:59:56.376296997 CET	56417	53	192.168.2.4	1.1.1.1
Dec 14, 2023 11:59:56.500614882 CET	53	55548	1.1.1.1	192.168.2.4
Dec 14, 2023 11:59:56.500919104 CET	53	56417	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:01.569690943 CET	62734	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:01.570050001 CET	52207	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:01.698477030 CET	53	52207	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:02.160892963 CET	61529	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:02.161200047 CET	62142	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:02.287699938 CET	53	61529	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:02.305954933 CET	53	62142	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:03.772788048 CET	58970	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:03.773128033 CET	49788	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:03.899386883 CET	53	49788	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:03.911699057 CET	53	58970	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:05.779926062 CET	62695	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:05.781936884 CET	60159	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:05.905860901 CET	53	62695	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:06.147165060 CET	53	60159	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:06.522254944 CET	55714	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:06.522562027 CET	57162	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:06.646761894 CET	53	55714	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:06.915501118 CET	53	57162	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:07.301862955 CET	60058	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:07.302036047 CET	61976	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:07.703758001 CET	49655	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:07.704045057 CET	65046	53	192.168.2.4	1.1.1.1
Dec 14, 2023 12:00:11.814187050 CET	53	60214	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:14.432749033 CET	138	138	192.168.2.4	192.168.2.255
Dec 14, 2023 12:00:30.673829079 CET	53	64336	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:53.377793074 CET	53	64553	1.1.1.1	192.168.2.4
Dec 14, 2023 12:00:53.658632040 CET	53	55535	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 14, 2023 12:00:06.147303104 CET	192.168.2.4	1.1.1.1	c22c	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 14, 2023 11:59:53.643325090 CET	192.168.2.4	1.1.1.1	0x55e2	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2023 11:59:53.643578053 CET	192.168.2.4	1.1.1.1	0xf1c9	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Dec 14, 2023 11:59:53.644115925 CET	192.168.2.4	1.1.1.1	0x732	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2023 11:59:53.644465923 CET	192.168.2.4	1.1.1.1	0x4120	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Dec 14, 2023 11:59:55.080168962 CET	192.168.2.4	1.1.1.1	0xf15a	Standard query (0)	url12.mailanyone.net	A (IP address)	IN (0x0001)	false
Dec 14, 2023 11:59:55.080406904 CET	192.168.2.4	1.1.1.1	0xaa4f	Standard query (0)	url12.mailanyone.net	65	IN (0x0001)	false
Dec 14, 2023 11:59:56.375967026 CET	192.168.2.4	1.1.1.1	0xa5b6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2023 11:59:56.376296997 CET	192.168.2.4	1.1.1.1	0x9722	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 14, 2023 12:00:01.569690943 CET	192.168.2.4	1.1.1.1	0x6914	Standard query (0)	url12.mailanyone.net	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:01.570050001 CET	192.168.2.4	1.1.1.1	0xa3f	Standard query (0)	url12.mailanyone.net	65	IN (0x0001)	false
Dec 14, 2023 12:00:02.160892963 CET	192.168.2.4	1.1.1.1	0xd15b	Standard query (0)	tx.gl	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:02.161200047 CET	192.168.2.4	1.1.1.1	0x21c	Standard query (0)	tx.gl	65	IN (0x0001)	false
Dec 14, 2023 12:00:03.772788048 CET	192.168.2.4	1.1.1.1	0x8baa	Standard query (0)	tx.gl	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:03.773128033 CET	192.168.2.4	1.1.1.1	0xadd3	Standard query (0)	tx.gl	65	IN (0x0001)	false
Dec 14, 2023 12:00:05.779926062 CET	192.168.2.4	1.1.1.1	0x45a7	Standard query (0)	gps.adw.mybluehost.me	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:05.781936884 CET	192.168.2.4	1.1.1.1	0xa370	Standard query (0)	gps.adw.mybluehost.me	65	IN (0x0001)	false
Dec 14, 2023 12:00:06.522254944 CET	192.168.2.4	1.1.1.1	0x56ce	Standard query (0)	dhl.com	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:06.522562027 CET	192.168.2.4	1.1.1.1	0x3b51	Standard query (0)	dhl.com	65	IN (0x0001)	false
Dec 14, 2023 12:00:07.301862955 CET	192.168.2.4	1.1.1.1	0x5907	Standard query (0)	www.dhl.com	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:07.302036047 CET	192.168.2.4	1.1.1.1	0x9ac	Standard query (0)	www.dhl.com	65	IN (0x0001)	false
Dec 14, 2023 12:00:07.703758001 CET	192.168.2.4	1.1.1.1	0x8df2	Standard query (0)	www.dhl.com	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:07.704045057 CET	192.168.2.4	1.1.1.1	0x2093	Standard query (0)	www.dhl.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 14, 2023 11:59:53.768982887 CET	1.1.1.1	192.168.2.4	0x55e2	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 11:59:53.768982887 CET	1.1.1.1	192.168.2.4	0x55e2	No error (0)	clients.l.google.com		192.178.50.46	A (IP address)	IN (0x0001)	false
Dec 14, 2023 11:59:53.769015074 CET	1.1.1.1	192.168.2.4	0x732	No error (0)	accounts.google.com		192.178.50.45	A (IP address)	IN (0x0001)	false
Dec 14, 2023 11:59:53.769577026 CET	1.1.1.1	192.168.2.4	0xf1c9	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 11:59:55.208822966 CET	1.1.1.1	192.168.2.4	0xf15a	No error (0)	url12.mailanyone.net	url12.mailanyone.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 11:59:55.211289883 CET	1.1.1.1	192.168.2.4	0xaa4f	No error (0)	url12.mailanyone.net	url12.mailanyone.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 11:59:56.500614882 CET	1.1.1.1	192.168.2.4	0xa5b6	No error (0)	www.google.com		142.250.189.132	A (IP address)	IN (0x0001)	false
Dec 14, 2023 11:59:56.500919104 CET	1.1.1.1	192.168.2.4	0x9722	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 14, 2023 12:00:01.697710991 CET	1.1.1.1	192.168.2.4	0x6914	No error (0)	url12.mailanyone.net	url12.mailanyone.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 12:00:01.698477030 CET	1.1.1.1	192.168.2.4	0xa3f	No error (0)	url12.mailanyone.net	url12.mailanyone.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 12:00:02.287699938 CET	1.1.1.1	192.168.2.4	0xd15b	No error (0)	tx.gl		59.162.167.84	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:03.911699057 CET	1.1.1.1	192.168.2.4	0x8baa	No error (0)	tx.gl		59.162.167.84	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:05.905860901 CET	1.1.1.1	192.168.2.4	0x45a7	No error (0)	gps.adw.mybluehost.me		66.235.200.146	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:06.646761894 CET	1.1.1.1	192.168.2.4	0x56ce	No error (0)	dhl.com		156.137.3.32	A (IP address)	IN (0x0001)	false
Dec 14, 2023 12:00:07.430522919 CET	1.1.1.1	192.168.2.4	0x9ac	No error (0)	www.dhl.com	www.dhl.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 12:00:07.430589914 CET	1.1.1.1	192.168.2.4	0x5907	No error (0)	www.dhl.com	www.dhl.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 12:00:07.877597094 CET	1.1.1.1	192.168.2.4	0x2093	No error (0)	www.dhl.com	www.dhl.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2023 12:00:07.887994051 CET	1.1.1.1	192.168.2.4	0x8df2	No error (0)	www.dhl.com	www.dhl.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

fs.microsoft.com

https:

tx.gl

gps.adw.mybluehost.me

dhl.com

slscr.update.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49754	59.162.167.84	80	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2023 12:00:04.301085949 CET	475	OUT	GET /r/h0n4L HTTP/1.1 Host: tx.gl Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: route=23121fdb488b2c660c41bd2881418abb
Dec 14, 2023 12:00:04.686517000 CET	212	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 14 Dec 2023 11:00:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Location: https://gps.adw.mybluehost.me/dk/gls-group/
Dec 14, 2023 12:00:49.687071085 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49755	59.162.167.84	80	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2023 12:00:49.405400991 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	192.178.50.45	443	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-14 10:59:54 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-12-14 10:59:54 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-12-14 10:59:54 UTC	1627	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 14 Dec 2023 10:59:54 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-jBCqJofXY72tF02qxFFBQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-12-14 10:59:54 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-12-14 10:59:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	192.178.50.46	443	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-14 10:59:54 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-14 10:59:54 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-lFyCDnVsOYsrAngAgzEC8g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 14 Dec 2023 10:59:54 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6191 X-Daystart: 10794 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-12-14 10:59:54 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 39 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 30 37 39 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6191" elapsed_seconds="10794"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-12-14 10:59:54 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-12-14 10:59:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2023-12-14 10:59:58 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-14 10:59:59 UTC	495	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=193853 Date: Thu, 14 Dec 2023 10:59:58 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2023-12-14 10:59:59 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-14 10:59:59 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=193858 Date: Thu, 14 Dec 2023 10:59:59 GMT Content-Length: 55 Connection: close X-CID: 2
2023-12-14 10:59:59 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49752	59.162.167.84	443	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-14 11:00:03 UTC	682	OUT	GET /r/h0n4L/ HTTP/1.1 Host: tx.gl Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://url12.mailanyone.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-14 11:00:03 UTC	263	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 14 Dec 2023 11:00:03 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Connection: close Set-Cookie: route=23121fdb488b2c660c41bd2881418abb; Path=/ Location: http://tx.gl/r/h0n4L
2023-12-14 11:00:03 UTC	283	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 78 2e 67 6c 2f 72 2f 68 30 6e 34 4c 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 74 78 2e 67 6c 20 50 6f 72 74 20 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://tx.gl/r/h0n4L">here</a>.</p><hr><address>Apache Server at tx.gl Port

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49756	66.235.200.146	443	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-14 11:00:06 UTC	663	OUT	GET /dk/gls-group/ HTTP/1.1 Host: gps.adw.mybluehost.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-14 11:00:06 UTC	461	IN	HTTP/1.1 302 Found Date: Thu, 14 Dec 2023 11:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Location: https://dhl.com host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== CF-Cache-Status: HIT Age: 781 Set-Cookie: _cfuvid=ba7EQomnjdAM0J3kLZOcQ3_JY9vJKFn5uI3W955J1Xc-1702551606446-0-604800000; path=/; domain=.gps.adw.mybluehost.me; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8355f0f439c38dd0-MIA
2023-12-14 11:00:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49757	156.137.3.32	443	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-14 11:00:07 UTC	636	OUT	GET / HTTP/1.1 Host: dhl.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-14 11:00:07 UTC	118	IN	Data Raw: 48 54 54 50 2f 31 2e 30 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 64 68 6c 2e 63 6f 6d 2f 0d 0a 53 65 72 76 65 72 3a 20 42 69 67 49 50 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 0d 0a Data Ascii: HTTP/1.0 301 Moved PermanentlyLocation: http://www.dhl.com/Server: BigIPConnection: closeContent-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49760	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2023-12-14 11:00:10 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rdDTsyA+RvWn78V&MD=X6a85P71 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-14 11:00:10 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: e88ecad4-180e-4b27-a218-1ee8b053c0c6 MS-RequestId: 3242699d-acfa-4d13-a887-29b36381ec62 MS-CV: ZOEl0ng0z0OmQuR0.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 14 Dec 2023 11:00:10 GMT Connection: close Content-Length: 24490
2023-12-14 11:00:10 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-12-14 11:00:10 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49765	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2023-12-14 11:00:47 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rdDTsyA+RvWn78V&MD=X6a85P71 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-14 11:00:48 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: d704a9bd-9abf-490f-9c07-988e1bfefd05 MS-RequestId: fb6fdf93-4d1c-4c3a-8058-926223e3fb13 MS-CV: WHYarmwJzkeMb67k.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 14 Dec 2023 11:00:47 GMT Connection: close Content-Length: 25457
2023-12-14 11:00:48 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-12-14 11:00:48 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	11:59:49
Start date:	14/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	11:59:50
Start date:	14/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2524,i,12313867052400908130,11082874903438387883,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	11:59:53
Start date:	14/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4%7Cmail%2F90%2F1702548600%2F1rDinR-0008H3-4u%7Cin12i%7C57e1b682%7C21208867%7C12850088%7C657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4|mail%2F90%2F1702548600%2F1rDinR-0008H3-4u|in12i|57e1b682|21208867|12850088|657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4348, Parent PID: 1608

General

File Activities

File Opened

Windows Analysis Report
https://url12.mailanyone.net/scanner?m=1rDinR-0008H3-4u&d=4|mail%2F90%2F1702548600%2F1rDinR-0008H3-4u|in12i|57e1b682|21208867|12850088|657AD67163C246CF2D2C5DFD2D5CFDA9&o=%2Fphtx%3A%2Ftts0%2F.g4%2Fhnlr%2FL&s=gnwPqISax1zPjcXs565yjdAMM14