Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU9

Overview

General Information

Sample URL:http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpG
Analysis ID:1445893
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2192,i,2516542292744883314,14553751070343600966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 5052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVON...HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.5:53735 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D HTTP/1.1Host: url3262.oprgfinancialfr.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: url3262.oprgfinancialfr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3DAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: url3262.oprgfinancialfr.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 16:04:07 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53740
Source: unknownNetwork traffic detected: HTTP traffic on port 53740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: classification engineClassification label: clean1.win@21/10@4/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2192,i,2516542292744883314,14553751070343600966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2192,i,2516542292744883314,14553751070343600966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://url3262.oprgfinancialfr.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sendgrid.net
167.89.115.150
truefalse
    		unknown
    www.google.com
    		216.58.206.36
    		truefalse
      		unknown
      fp2e7a.wpc.phicdn.net
      		192.229.221.95
      		truefalse
        		unknown
        url3262.oprgfinancialfr.com
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3Dfalse
            		unknown
            http://url3262.oprgfinancialfr.com/favicon.icofalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            167.89.115.150
            		sendgrid.netUnited States
            		11377SENDGRIDUSfalse
            216.58.206.36
            		www.google.comUnited States
            		15169GOOGLEUSfalse

            Private

            IP
            192.168.2.16
            192.168.2.5

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1445893
            Start date and time:2024-05-22 18:03:17 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 6s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean1.win@21/10@4/5
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.185.238, 173.194.76.84, 34.104.35.123, 40.127.169.103, 173.222.108.210, 173.222.108.226, 192.229.221.95, 52.165.164.15, 20.166.126.56, 142.250.184.195, 131.107.255.255
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, dns.msftncsi.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.
            • VT rate limit hit for: http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9k

            Simulations

            Behavior and APIs

            No simulations

            LLM Input / Output

            InputOutput
            URL: http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yV Model: Perplexity: mixtral-8x7b-instruct
            {
"loginform": false,
"reasons": [
"The provided text does not contain a login form.",
"The text indicates that the link has been disabled.",
"There are no form elements or input fields present in the text."
]
}
            Link Disabled You have clicked on a disabled link

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 15:04:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9851967913146793
            Encrypted:false
            SSDEEP:48:8gdKT2KXHFidAKZdA19ehwiZUklqehsJy+3:8FrHBJy
            MD5:75FD4CC0A511812E0139E8F693F10D58
            SHA1:5BDDA53D4446709BBE1D29A120BEF6BE70F03416
            SHA-256:F12A2C5DB60DD796898CE14C85E0445D1FF9B0ECED11F2B7B235BC045E1B6174
            SHA-512:4994B0A0CCDF618E5045A2CA5803D81AE2E172A0E097819F554CFC5AA5461B7D815C6B2FC6FF34833DE356DBAF0FB96EB2D7BD23815224540362A795F1CC972B
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,...._.Z.a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 15:04:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):3.9989927558005167
            Encrypted:false
            SSDEEP:48:83dKT2KXHFidAKZdA1weh/iZUkAQkqehxJy+2:8Yrt9Q+Jy
            MD5:FA5D58F6CCB03C4326E880FBDAE90C33
            SHA1:C3C99B777A4D745EEA864D1CB86A7A65AA8FA4C5
            SHA-256:90831865ADB8ED2B7EF72B4BC25582CCAB142D4CB6550CE5A28A19E70939AC12
            SHA-512:BD430A114D1441D5A649EC65F48C7866C64DB7913C24E756E35CD2C0533B574FF64E3C6A2AF035BE8BC173564C3951A31449004B1541DE3FE34BBD1CC6092976
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....#.H.a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2693
            Entropy (8bit):4.01013057830245
            Encrypted:false
            SSDEEP:48:8x7dKT2KsHFidAKZdA14tseh7sFiZUkmgqeh7srJy+BX:8x0rIndJy
            MD5:F2C6F069128A89402A073DB0867F13C9
            SHA1:4944217B6CF69E67F3B4011421BB997A452105B8
            SHA-256:201AC6A2071FB7C82CF0401C3102A0C57B430DC594BD882BE88F5482EFC1F114
            SHA-512:BD5204C5A0415BAC1AE2A2A3D8AAAF058772AE8EF9ABE23A067DDC42588E68613DD83BE5EC4CFD9CCC734AECE91F94FF880B14489C09FC538F75C824687596C9
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 15:04:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):3.9974960732005718
            Encrypted:false
            SSDEEP:48:8GdKT2KXHFidAKZdA1vehDiZUkwqeh1Jy+R:8/rOjJy
            MD5:DFED0101CA01A14934A01E0B3DDEB34C
            SHA1:F6EC5DAB52094B2F016A9636F94BEDEF3A3C001A
            SHA-256:89FEE6F2395AFF8F0D6BC599904B4E87A5A6231CF11E50B5A08AA06C6CAEDFBC
            SHA-512:FF15317A630ED74A7D8B4CD74285D2D4EA5020A3F836E03CE346486D703A2125E6BA266A421A57B2EC2EAD77E3F5D5E5AC932B3DCC1E44D7C4B457A03BDB6D00
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,......A.a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 15:04:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):3.986235460175037
            Encrypted:false
            SSDEEP:48:8S7dKT2KXHFidAKZdA1hehBiZUk1W1qehnJy+C:8S0r+9HJy
            MD5:50AF33DCBB2CEAB7DF53FA5DD9540CB1
            SHA1:5B76867F8EC8A4F82923CA007DB2D1C66FC2DB81
            SHA-256:66E47BA9503FC17152887C5CF847FE87F65084F30891CBBD80629307157A979F
            SHA-512:B118D1530B65A211D64B5AA97C3544F7B7030055A89A02B38EC6CA9F52EE85376F0954D19C203E6C58E2307F2AD7319E1EC0667A70BA30458EF4B59FC8ECA7C8
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....,+O.a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 15:04:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2683
            Entropy (8bit):3.9965666838763316
            Encrypted:false
            SSDEEP:48:8EdKT2KXHFidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbdJy+yT+:8RrgT/TbxWOvTbdJy7T
            MD5:095EC82AAF2F713A3C82BEE573EFDD69
            SHA1:0576AA5586E9319A4B1FE1C1F0A24A7703383032
            SHA-256:4ADCEB905051786C433477159E07C5CC24A6AAAAC4447FAD5B8F264476D077CA
            SHA-512:72FDE92B7AED47D4FF8ECA1354655A7C965E863531E4E816023F53F98BBCDFC3FB8713EF0F02F7C3406F670EE5D8A090871346933D58BFFD5C3B7D0DE8A38B8D
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,......9.a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            Chrome Cache Entry: 123

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with no line terminators
            Category:downloaded
            Size (bytes):132
            Entropy (8bit):4.401640733272911
            Encrypted:false
            SSDEEP:3:qVZxgRONMuyRQ1XbZ6iMi6byNCELFZhZkwxEQpIVLZPHj:qzxUQgCX96+PhxppIV1D
            MD5:310E794861855F03DACD1A6BD12A5D26
            SHA1:7B1E76A469D9B35349C242A1C7EB5FE5E1F8AA92
            SHA-256:6F25D08A0DA028A31DB3CB3FD36FC6AA36ED01BF44058520DC8689763A1B0F6A
            SHA-512:3CEE575EF31C8ABE2E51EE6BD8281DD921776B89F347EDA63EAA2D74803ABDCA6A8FC13568B6278BCA0C2DAAC75A7A5AF2E4E963A8CAB9FAF576AFDFC66BBC67
            Malicious:false
            Reputation:low
            URL:http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D
            Preview:<html><head><title>Link Disabled</title></head><body><h1>Link Disabled</h1><p>You have clicked on a disabled link.</p></body></html>

            Chrome Cache Entry: 124

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with CRLF line terminators
            Category:downloaded
            Size (bytes):564
            Entropy (8bit):4.72971822420855
            Encrypted:false
            SSDEEP:12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc
            MD5:8E325DC2FEA7C8900FC6C4B8C6C394FE
            SHA1:1B3291D4EEA179C84145B2814CB53E6A506EC201
            SHA-256:0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2
            SHA-512:084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14
            Malicious:false
            Reputation:low
            URL:http://url3262.oprgfinancialfr.com/favicon.ico
            Preview:<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

            Static File Info

            No static file info

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 22, 2024 18:03:59.121793985 CEST49675443192.168.2.523.1.237.91
            May 22, 2024 18:03:59.121793985 CEST49674443192.168.2.523.1.237.91
            May 22, 2024 18:03:59.231163979 CEST49673443192.168.2.523.1.237.91
            May 22, 2024 18:04:06.596956015 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:04:06.597469091 CEST4971080192.168.2.5167.89.115.150
            May 22, 2024 18:04:06.601952076 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:04:06.602040052 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:04:06.602269888 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:04:06.606832981 CEST8049710167.89.115.150192.168.2.5
            May 22, 2024 18:04:06.606909990 CEST4971080192.168.2.5167.89.115.150
            May 22, 2024 18:04:06.611845970 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:04:06.616580009 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:04:07.069447994 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:04:07.111222982 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:04:07.237474918 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:04:07.244189024 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:04:07.248964071 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:04:07.382822990 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:04:07.436908007 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:04:08.727513075 CEST49675443192.168.2.523.1.237.91
            May 22, 2024 18:04:08.727513075 CEST49674443192.168.2.523.1.237.91
            May 22, 2024 18:04:08.815448046 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:08.815496922 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:08.815565109 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:08.815912962 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:08.815924883 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:08.836890936 CEST49673443192.168.2.523.1.237.91
            May 22, 2024 18:04:09.475410938 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:09.475997925 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:09.476025105 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:09.477031946 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:09.477139950 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:09.480603933 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:09.480681896 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:09.526031017 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:09.526057005 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:09.571341991 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:09.872394085 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:09.872478008 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:09.878253937 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:09.880770922 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:09.880810976 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:10.500307083 CEST4434970323.1.237.91192.168.2.5
            May 22, 2024 18:04:10.500401020 CEST49703443192.168.2.523.1.237.91
            May 22, 2024 18:04:10.572129965 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:10.572213888 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:10.576142073 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:10.576154947 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:10.576548100 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:10.618220091 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:10.619558096 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:10.666496038 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:10.922955990 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:10.923028946 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:10.923085928 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:10.930404902 CEST49714443192.168.2.52.18.97.153
            May 22, 2024 18:04:10.930433035 CEST443497142.18.97.153192.168.2.5
            May 22, 2024 18:04:11.117512941 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:11.117558002 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:11.117835045 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:11.118855000 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:11.118870974 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:11.756047964 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:11.756131887 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:11.759968042 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:11.759989023 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:11.760248899 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:11.780953884 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:11.822527885 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:12.044079065 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:12.044130087 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:12.044323921 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:12.044966936 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:12.044966936 CEST49715443192.168.2.52.18.97.153
            May 22, 2024 18:04:12.045010090 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:12.045039892 CEST443497152.18.97.153192.168.2.5
            May 22, 2024 18:04:19.380403042 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:19.380465031 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:19.380533934 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:19.479947090 CEST49713443192.168.2.5216.58.206.36
            May 22, 2024 18:04:19.480017900 CEST44349713216.58.206.36192.168.2.5
            May 22, 2024 18:04:27.208947897 CEST5373553192.168.2.51.1.1.1
            May 22, 2024 18:04:27.214601040 CEST53537351.1.1.1192.168.2.5
            May 22, 2024 18:04:27.214682102 CEST5373553192.168.2.51.1.1.1
            May 22, 2024 18:04:27.214729071 CEST5373553192.168.2.51.1.1.1
            May 22, 2024 18:04:27.278311968 CEST53537351.1.1.1192.168.2.5
            May 22, 2024 18:04:27.866667032 CEST53537351.1.1.1192.168.2.5
            May 22, 2024 18:04:27.867305040 CEST5373553192.168.2.51.1.1.1
            May 22, 2024 18:04:27.874118090 CEST53537351.1.1.1192.168.2.5
            May 22, 2024 18:04:27.874926090 CEST5373553192.168.2.51.1.1.1
            May 22, 2024 18:04:51.618587017 CEST4971080192.168.2.5167.89.115.150
            May 22, 2024 18:04:51.623744965 CEST8049710167.89.115.150192.168.2.5
            May 22, 2024 18:04:52.384327888 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:04:52.389374971 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:05:07.012196064 CEST8049710167.89.115.150192.168.2.5
            May 22, 2024 18:05:07.012279034 CEST4971080192.168.2.5167.89.115.150
            May 22, 2024 18:05:07.479495049 CEST4971080192.168.2.5167.89.115.150
            May 22, 2024 18:05:07.484469891 CEST8049710167.89.115.150192.168.2.5
            May 22, 2024 18:05:08.854465961 CEST53740443192.168.2.5216.58.206.36
            May 22, 2024 18:05:08.854557037 CEST44353740216.58.206.36192.168.2.5
            May 22, 2024 18:05:08.854640007 CEST53740443192.168.2.5216.58.206.36
            May 22, 2024 18:05:08.854882956 CEST53740443192.168.2.5216.58.206.36
            May 22, 2024 18:05:08.854912043 CEST44353740216.58.206.36192.168.2.5
            May 22, 2024 18:05:10.263629913 CEST44353740216.58.206.36192.168.2.5
            May 22, 2024 18:05:10.263967037 CEST53740443192.168.2.5216.58.206.36
            May 22, 2024 18:05:10.264036894 CEST44353740216.58.206.36192.168.2.5
            May 22, 2024 18:05:10.264383078 CEST44353740216.58.206.36192.168.2.5
            May 22, 2024 18:05:10.265103102 CEST53740443192.168.2.5216.58.206.36
            May 22, 2024 18:05:10.265166998 CEST44353740216.58.206.36192.168.2.5
            May 22, 2024 18:05:10.306106091 CEST53740443192.168.2.5216.58.206.36
            May 22, 2024 18:05:12.382412910 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:05:12.382517099 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:05:13.466872931 CEST4970980192.168.2.5167.89.115.150
            May 22, 2024 18:05:13.472395897 CEST8049709167.89.115.150192.168.2.5
            May 22, 2024 18:05:20.173408985 CEST44353740216.58.206.36192.168.2.5
            May 22, 2024 18:05:20.173568964 CEST44353740216.58.206.36192.168.2.5
            May 22, 2024 18:05:20.173645020 CEST53740443192.168.2.5216.58.206.36
            May 22, 2024 18:05:21.471492052 CEST53740443192.168.2.5216.58.206.36
            May 22, 2024 18:05:21.471529961 CEST44353740216.58.206.36192.168.2.5

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 22, 2024 18:04:05.031303883 CEST53542411.1.1.1192.168.2.5
            May 22, 2024 18:04:05.037698030 CEST53569661.1.1.1192.168.2.5
            May 22, 2024 18:04:06.175091982 CEST53638631.1.1.1192.168.2.5
            May 22, 2024 18:04:06.517626047 CEST5164753192.168.2.51.1.1.1
            May 22, 2024 18:04:06.517795086 CEST5510653192.168.2.51.1.1.1
            May 22, 2024 18:04:06.591578960 CEST53551061.1.1.1192.168.2.5
            May 22, 2024 18:04:06.596363068 CEST53516471.1.1.1192.168.2.5
            May 22, 2024 18:04:08.800533056 CEST6345953192.168.2.51.1.1.1
            May 22, 2024 18:04:08.800895929 CEST5887853192.168.2.51.1.1.1
            May 22, 2024 18:04:08.809412003 CEST53634591.1.1.1192.168.2.5
            May 22, 2024 18:04:08.814097881 CEST53588781.1.1.1192.168.2.5
            May 22, 2024 18:04:23.244564056 CEST53643741.1.1.1192.168.2.5
            May 22, 2024 18:04:27.208465099 CEST53647491.1.1.1192.168.2.5
            May 22, 2024 18:05:04.567385912 CEST53637641.1.1.1192.168.2.5

            ICMP Packets

            TimestampSource IPDest IPChecksumCodeType
            May 22, 2024 18:04:05.031461954 CEST192.168.2.51.1.1.1c22d(Port unreachable)Destination Unreachable

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            May 22, 2024 18:04:06.517626047 CEST192.168.2.51.1.1.10x3528Standard query (0)url3262.oprgfinancialfr.comA (IP address)IN (0x0001)false
            May 22, 2024 18:04:06.517795086 CEST192.168.2.51.1.1.10x3eebStandard query (0)url3262.oprgfinancialfr.com65IN (0x0001)false
            May 22, 2024 18:04:08.800533056 CEST192.168.2.51.1.1.10xbea7Standard query (0)www.google.comA (IP address)IN (0x0001)false
            May 22, 2024 18:04:08.800895929 CEST192.168.2.51.1.1.10x7bd9Standard query (0)www.google.com65IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            May 22, 2024 18:04:06.591578960 CEST1.1.1.1192.168.2.50x3eebNo error (0)url3262.oprgfinancialfr.comsendgrid.netCNAME (Canonical name)IN (0x0001)false
            May 22, 2024 18:04:06.596363068 CEST1.1.1.1192.168.2.50x3528No error (0)url3262.oprgfinancialfr.comsendgrid.netCNAME (Canonical name)IN (0x0001)false
            May 22, 2024 18:04:06.596363068 CEST1.1.1.1192.168.2.50x3528No error (0)sendgrid.net167.89.115.150A (IP address)IN (0x0001)false
            May 22, 2024 18:04:06.596363068 CEST1.1.1.1192.168.2.50x3528No error (0)sendgrid.net167.89.115.56A (IP address)IN (0x0001)false
            May 22, 2024 18:04:06.596363068 CEST1.1.1.1192.168.2.50x3528No error (0)sendgrid.net167.89.123.124A (IP address)IN (0x0001)false
            May 22, 2024 18:04:06.596363068 CEST1.1.1.1192.168.2.50x3528No error (0)sendgrid.net167.89.123.204A (IP address)IN (0x0001)false
            May 22, 2024 18:04:06.596363068 CEST1.1.1.1192.168.2.50x3528No error (0)sendgrid.net167.89.115.120A (IP address)IN (0x0001)false
            May 22, 2024 18:04:06.596363068 CEST1.1.1.1192.168.2.50x3528No error (0)sendgrid.net167.89.123.54A (IP address)IN (0x0001)false
            May 22, 2024 18:04:08.809412003 CEST1.1.1.1192.168.2.50xbea7No error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
            May 22, 2024 18:04:08.814097881 CEST1.1.1.1192.168.2.50x7bd9No error (0)www.google.com65IN (0x0001)false
            May 22, 2024 18:04:20.850100994 CEST1.1.1.1192.168.2.50x7b2fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            May 22, 2024 18:04:20.850100994 CEST1.1.1.1192.168.2.50x7b2fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • fs.microsoft.com
            • url3262.oprgfinancialfr.com

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.549709167.89.115.150802940C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            May 22, 2024 18:04:06.602269888 CEST1493OUTGET /ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqk [TRUNCATED]
            Host: url3262.oprgfinancialfr.com
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            May 22, 2024 18:04:07.069447994 CEST330INHTTP/1.1 400 Bad Request
            Server: nginx
            Date: Wed, 22 May 2024 16:04:07 GMT
            Content-Type: text/html; charset=utf-8
            Content-Length: 132
            Connection: keep-alive
            X-Robots-Tag: noindex, nofollow
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 69 6e 6b 20 44 69 73 61 62 6c 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4c 69 6e 6b 20 44 69 73 61 62 6c 65 64 3c 2f 68 31 3e 3c 70 3e 59 6f 75 20 68 61 76 65 20 63 6c 69 63 6b 65 64 20 6f 6e 20 61 20 64 69 73 61 62 6c 65 64 20 6c 69 6e 6b 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
            Data Ascii: <html><head><title>Link Disabled</title></head><body><h1>Link Disabled</h1><p>You have clicked on a disabled link.</p></body></html>
            May 22, 2024 18:04:07.237474918 CEST1449OUTGET /favicon.ico HTTP/1.1
            Host: url3262.oprgfinancialfr.com
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Referer: http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2Fb [TRUNCATED]
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            May 22, 2024 18:04:07.382822990 CEST712INHTTP/1.1 404 Not Found
            Server: nginx
            Date: Wed, 22 May 2024 16:04:07 GMT
            Content-Type: text/html
            Content-Length: 564
            Connection: keep-alive
            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
            May 22, 2024 18:04:52.384327888 CEST6OUTData Raw: 00
            Data Ascii:


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.549710167.89.115.150802940C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            May 22, 2024 18:04:51.618587017 CEST6OUTData Raw: 00
            Data Ascii:


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.5497142.18.97.153443
            TimestampBytes transferredDirectionData
            2024-05-22 16:04:10 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-05-22 16:04:10 UTC466INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=86709
            Date: Wed, 22 May 2024 16:04:10 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.5497152.18.97.153443
            TimestampBytes transferredDirectionData
            2024-05-22 16:04:11 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-05-22 16:04:12 UTC534INHTTP/1.1 200 OK
            Content-Type: application/octet-stream
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
            Cache-Control: public, max-age=86760
            Date: Wed, 22 May 2024 16:04:11 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-05-22 16:04:12 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:12:04:00
            Start date:22/05/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff715980000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:12:04:03
            Start date:22/05/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2192,i,2516542292744883314,14553751070343600966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff715980000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:12:04:05
            Start date:22/05/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url3262.oprgfinancialfr.com/ls/click?upn=u001.Py-2FcVSQndQw6RxCcuXKZAkIbpg7veTyaATDA9WyQ-2BdfnQOlJCAtyxyM2LttobGTTREAa6DvWt93aw7r4mI6XcQ-3D-3DTVLG_EGP3Au5Nd4wfZMjv-2FVYS-2BosKPTjHXLlZHo7VlqcFpGwrGYOCSKztVMysWQjzbar-2FW1ZxqaQBwpOnANmz2l7JQKHQNGYc1yVpGOUUIOhLNVhBMqy8-2Fd4EoLg7IvzeeyZw-2FUdwXjU94n8-2FTf0-2FFo33LjLQaiihW9sQ3an1FgOeUjqrZz8iiGEsS6BVYN84-2FmGbNtr1ZzP40rSq7xxOIoo1VngJcAQlyKXVIrnsbnHbpvaWrSKP0jVoim9e3R9PnSfJSfbZfL02CYHvU0L1ebgTrAYuW8NsfK8a3G-2Fx9drvUNNk1IYefkGAgTMR5ua2V6bl-2FkqyESUn1byM70hrAq5PFfoTUMiCCWa5-2FLl4XAuHhjNR4wum-2BrSftAezak8Lq2oLiRHsjT7RQDxTH14wtM-2B9R7iUOm-2Bkcyy8LPYroW7SXfNcBmfOph2Zvc4Q5ftrDt7pZjh-2BQChohaWS6mT3P8xYHtIqkH1gx1ZFF9mWSa-2B-2Bf5jnWT69wrfUgcqKmN3qZ0VKezSA-2F-2FJSsr9gQl4k5zyl4g4yoesf3GXM4oeMP0h9cVXyHUP-2Fl5RIkXdB8d82yNNHWceJuJWHGGkwmnhn0Pdu8tLhXeF4AJnwk7IdCNgRFEKP3qHo285DpHw3gtIASMRv8wdwDh4-2FuqeGddAIR-2B8nT6KgUsddU-2Ba-2FNkqAiYW-2FGwQEYWEKjr0gnp6kI1d0vIBgS1cs7aXXaDXWr4maA25bPLzQQxxoj04UjQUZXM4n3nfE2AmrBHYhZBSATFkaXuJRvPVO5ugje2FNLeI-2BbGAXKEvt9kgSOPazAt2u5-2FbEBDjppVONo6611YUN8vFYIohCKNXMkHyIHKNMqkkXjxcqF3xBphbVw7wDcATGRIdNZJY-3D"
            Imagebase:0x7ff715980000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            No disassembly