Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

Overview

General Information

Sample URL:	http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0
Analysis ID:	1487418
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Form action URLs do not match main URL

HTML body contains low number of good links

HTML title does not match URL

Suspicious form URL found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 2056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1900,i,3748212034112894765,15219802471735343631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0	Avira URL Cloud: detection malicious, Label: phishing
Source: http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://alltheoldknives.autos/team/stv/ns/nid/final.php

Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app

Virustotal: Detection: 18%

Multi AV Scanner detection for submitted file

Source: http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

Virustotal: Detection: 14%

Source: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

HTTP Parser: Form action: https://alltheoldknives.autos/team/stv/ns/nid/final.php vercel alltheoldknives

Source: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

HTTP Parser: Number of links: 0

Source: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

HTTP Parser: Title: : does not match URL

Source: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

HTTP Parser: Form action: https://alltheoldknives.autos/team/stv/ns/nid/final.php

Source: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

HTTP Parser: <input type="password" .../> found

Source: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

HTTP Parser: No <meta name="author".. found

Source: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?user-agent=mozilla/5.0 HTTP/1.1Host: navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?user-agent=mozilla/5.0 HTTP/1.1Host: navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "8f678250738846de8ec73f25c3153497"
Source: global traffic	HTTP traffic detected: GET /?user-agent=mozilla/5.0 HTTP/1.1Host: navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app
Source: global traffic	DNS traffic detected: DNS query: nid.naver.com
Source: global traffic	DNS traffic detected: DNS query: ssl.pstatic.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_48.2.dr	String found in binary or memory: https://alltheoldknives.autos/team/stv/ns/nid/final.php
Source: chromecache_48.2.dr	String found in binary or memory: https://nid.naver.com/login/css/global/desktop/w_202105.css?20210812
Source: chromecache_48.2.dr	String found in binary or memory: https://nid.naver.com/login/js/bvsd.1.3.4.min.js
Source: chromecache_48.2.dr	String found in binary or memory: https://nid.naver.com/login/js/v2/default/common_202105.js?v=20210813
Source: chromecache_48.2.dr	String found in binary or memory: https://nid.naver.com/login/js/v2/default/default_202105.js?v=20210910
Source: chromecache_48.2.dr	String found in binary or memory: https://ssl.pstatic.net/sstatic/search/common/og_v3.png
Source: chromecache_48.2.dr	String found in binary or memory: https://ssl.pstatic.net/static/nid/login/banner/m_banner_2step_924x294.png

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: mal72.win@18/10@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1900,i,3748212034112894765,15219802471735343631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1900,i,3748212034112894765,15219802471735343631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0	100%	Avira URL Cloud	phishing
http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0	15%	Virustotal		Browse
http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
www.google.com	0%	Virustotal		Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse
navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app	18%	Virustotal		Browse
ssl.pstatic.net	0%	Virustotal		Browse
nid.naver.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://nid.naver.com/login/js/bvsd.1.3.4.min.js	0%	Avira URL Cloud	safe
https://alltheoldknives.autos/team/stv/ns/nid/final.php	100%	Avira URL Cloud	malware
https://nid.naver.com/login/css/global/desktop/w_202105.css?20210812	0%	Virustotal		Browse
https://ssl.pstatic.net/sstatic/search/common/og_v3.png	0%	Virustotal		Browse
https://nid.naver.com/login/js/v2/default/common_202105.js?v=20210813	0%	Virustotal		Browse
https://nid.naver.com/login/js/bvsd.1.3.4.min.js	0%	Virustotal		Browse
https://ssl.pstatic.net/sstatic/search/common/og_v3.png	0%	Avira URL Cloud	safe
https://nid.naver.com/login/js/v2/default/common_202105.js?v=20210813	0%	Avira URL Cloud	safe
https://nid.naver.com/login/js/v2/default/default_202105.js?v=20210910	0%	Avira URL Cloud	safe
https://nid.naver.com/login/css/global/desktop/w_202105.css?20210812	0%	Avira URL Cloud	safe
https://ssl.pstatic.net/static/nid/login/banner/m_banner_2step_924x294.png	0%	Avira URL Cloud	safe
https://ssl.pstatic.net/static/nid/login/banner/m_banner_2step_924x294.png	0%	Virustotal		Browse
https://nid.naver.com/login/js/v2/default/default_202105.js?v=20210910	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.186.164	true	false	0%, Virustotal, Browse	unknown
navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app	76.76.21.98	true	false	18%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
ssl.pstatic.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
nid.naver.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0	true		unknown
https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0#none	false		unknown
https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://nid.naver.com/login/js/bvsd.1.3.4.min.js	chromecache_48.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://alltheoldknives.autos/team/stv/ns/nid/final.php	chromecache_48.2.dr	false	Avira URL Cloud: malware	unknown
https://ssl.pstatic.net/sstatic/search/common/og_v3.png	chromecache_48.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://nid.naver.com/login/js/v2/default/common_202105.js?v=20210813	chromecache_48.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://nid.naver.com/login/css/global/desktop/w_202105.css?20210812	chromecache_48.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://nid.naver.com/login/js/v2/default/default_202105.js?v=20210910	chromecache_48.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ssl.pstatic.net/static/nid/login/banner/m_banner_2step_924x294.png	chromecache_48.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.186.164	www.google.com	United States		15169	GOOGLEUS	false
76.76.21.22	unknown	United States		16509	AMAZON-02US	false
76.76.21.98	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app	United States		16509	AMAZON-02US	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1487418
Start date and time:	2024-08-04 00:55:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.win@18/10@12/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0#none

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.186.78, 142.250.110.84, 34.104.35.123, 203.104.163.42, 23.201.246.44, 216.58.206.74, 172.217.18.10, 172.217.23.106, 142.250.181.234, 172.217.16.202, 142.250.74.202, 142.250.185.74, 142.250.186.138, 142.250.184.202, 172.217.16.138, 142.250.186.170, 216.58.206.42, 142.250.186.106, 142.250.186.42, 142.250.186.74, 172.217.18.106, 52.165.165.26, 93.184.221.240, 192.229.221.95, 52.165.164.15
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, e6030.e73.akamaiedge.net, clientservices.googleapis.com, wu.azureedge.net, de.nid.naver.com.akadns.net, clients2.google.com, ocsp.digicert.com, ssl.pstatic.net.edgekey.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, nid.naver.com.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	724
Entropy (8bit):	7.149261112130894
Encrypted:	false
SSDEEP:	12:6v/7FXnMkxIg4AunfpoiV0tkQF+Mjl/vuhpSRtU9ec6APOLRJxPKTBb+ZaRF/5Km:oRIPntVUvQ8uhve0WNJ9IBikBRr
MD5:	0FC26506AEC9E07D6BFDD99D2E31D88D
SHA1:	46F433723062F8700BF61FE68EA648D79A2B292D
SHA-256:	624901F7513FA4AAE712D94F8E47CBC3BE38A4D3AC0D433C5EAC74C23007C777
SHA-512:	E3C85677583914ABA4DD84384CC0DCCFE5465D0EC7124E0D507313A8AA86A699DDF9B403D3F78993D18C15FF486A64E4F0F366072C373E5E9920EF8A77CA9E3D
Malicious:	false
Reputation:	low
URL:	https://ssl.pstatic.net/sstatic/search/common/og_v3.png
Preview:	.PNG........IHDR...............^.....gAMA......a.....sRGB.........PLTE..<..:..9..;..............9..:....;`.P.t..<..;..<..;..8........;................:........;.....Jk......O....<..`....>$.R).V#.R..8t.0.\........P.r...*.Wu.........7~.........:...j.U.w..K.p..:..MP.t.......D..F..K3.`U.x.._....I`..x.....IDATx...n.0.EaJJL+qH....{....&KL.H.......v N..........................!...I.`.....($O.!..B.!..B.!..B.....7....E?.!.TJ..og.R...H.!.}..ny....."...ln..1.'2B.[(..Q.j]F..6d.(Wm..Qv.!#DE.BBL.##D....U...b...C.1.....9.>...z.J..I..n...I^\.!....(...y\|...s.!.:52B.UQH......~..@Ct.($$7ge..N....3.......[U'#D.DFFH}?.-.....v..<....4...\.o....z#..B.!..B.!..B..."...w...................2}..7.U........IEND.B`.

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 920 x 294, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	55608
Entropy (8bit):	7.968319158388479
Encrypted:	false
SSDEEP:	768:GFzZBXEkPNNnOFlmlkui/LZ7C6q2e0gmGf0sciusedgtTQ66uHGwbGVz6fSfiZSp:G9Zhfolm8TAdNoTsd066uHGX5LMzE
MD5:	C072311F1036D8A351056F3F2AA04BC8
SHA1:	C21F7F277DB8C62055DD546C2AE741539713FEC8
SHA-256:	DBEC0A6F4F63AD346CC2E20FD1C52DD79A019978EE031BA0F76DBCB9D3FAC6DF
SHA-512:	CDBC3E321036AC768F7FB281A4883ECA283CB62DCF623C5E05AF78DA40C3FDB970B3A8485A1664805E85F823B13D1BA015E0FE695F524FA2C181E78058E835CD
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......&.......?.....sRGB.......@.IDATx..].`.....^,..{..l:.SM.5@...'.B.$!!.%... .$..{....0n...7Y.U.^......V..{w{.I....}..{..v....67.. ..... ..... ..... .!..... ..... ..... .....B@...... ..... ..... .... ......A@.....A@.....A@.....!.r..... ..... ..... .x...LO`.F..A@.....A@.....A@....`.= ..... ..... ..... ...B0=.Q.....A@.....A@.....A@...).. ..... ..... .....'.....FiD.....A@.....A@.....A@...... ..... ..... .... ......A@.....A@.....A@.....!.r..... ..... ..... .x...LO`.F..A@.....A@.....A@....`.= ..... ..... ..... ...B0=.Q.....A@.....A@.....A@...).. ..... ..... .....'.....FiD.....A@.....A@.....A@...... ..... ..... .... ......A@.....A@.....A@.....!.r..... ..... ..... .x...LO`.F..A@.....A@.....A@....`.= ..... ..... ..... ...B0=.Q.....A@.....A@.....A@...).. ..... ..... .....'.....FiD.....A@.....A@.....A@...... ..... ..... .... ......A@.....A@.....A@.....!.r..... ..... ..... .x...LO`.F..A@.....A@.....A@....`.= ..... ..... .

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.039148671903071
Encrypted:	false
SSDEEP:	3:5QCkog6:OCg6
MD5:	66DD0D4A8658AD56698E212D51449675
SHA1:	CBB3A8C1C63A4FF143C424746F86B7710FDAC3D6
SHA-256:	69846555C09D8F8D7C3B88471F416C916449E7248AE6F7195C76ED5BEAD1BDD2
SHA-512:	969EFF63B5242149E27BCCE05FC1BBB64214877B03630317FA39F4E22524CF6DF2FDCD32A632EDF5CD4591605EFFBEEAC165F04189E37E3227A3DF33F0A963C5
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwnQ5kbVtkV69xIFDcecFYcSBQ1Ex-3w?alt=proto
Preview:	ChIKBw3HnBWHGgAKBw1Ex+3wGgA=

Chrome Cache Entry: 47

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	724
Entropy (8bit):	7.149261112130894
Encrypted:	false
SSDEEP:	12:6v/7FXnMkxIg4AunfpoiV0tkQF+Mjl/vuhpSRtU9ec6APOLRJxPKTBb+ZaRF/5Km:oRIPntVUvQ8uhve0WNJ9IBikBRr
MD5:	0FC26506AEC9E07D6BFDD99D2E31D88D
SHA1:	46F433723062F8700BF61FE68EA648D79A2B292D
SHA-256:	624901F7513FA4AAE712D94F8E47CBC3BE38A4D3AC0D433C5EAC74C23007C777
SHA-512:	E3C85677583914ABA4DD84384CC0DCCFE5465D0EC7124E0D507313A8AA86A699DDF9B403D3F78993D18C15FF486A64E4F0F366072C373E5E9920EF8A77CA9E3D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............^.....gAMA......a.....sRGB.........PLTE..<..:..9..;..............9..:....;`.P.t..<..;..<..;..8........;................:........;.....Jk......O....<..`....>$.R).V#.R..8t.0.\........P.r...*.Wu.........7~.........:...j.U.w..K.p..:..MP.t.......D..F..K3.`U.x.._....I`..x.....IDATx...n.0.EaJJL+qH....{....&KL.H.......v N..........................!...I.`.....($O.!..B.!..B.!..B.....7....E?.!.TJ..og.R...H.!.}..ny....."...ln..1.'2B.[(..Q.j]F..6d.(Wm..Qv.!#DE.BBL.##D....U...b...C.1.....9.>...z.J..I..n...I^\.!....(...y\|...s.!.:52B.UQH......~..@Ct.($$7ge..N....3.......[U'#D.DFFH}?.-.....v..<....4...\.o....z#..B.!..B.!..B..."...w...................2}..7.U........IEND.B`.

Chrome Cache Entry: 48

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	10858
Entropy (8bit):	5.209204627446473
Encrypted:	false
SSDEEP:	192:0c5CxBCx/CbltIU8hQFc9cFGFF89EFGKoLppGK3AFK3UKLwKhXK4rwjC4iZH5oPv:x5CxBCx/CbltIgFc9cFGFF89EFGKoLp6
MD5:	8F678250738846DE8EC73F25C3153497
SHA1:	163D796ABD8D9F3FEF85D8D8E666CA054D201C69
SHA-256:	EACA908926B08118158A05A24085879ACB7CC3F331CED497FC919C6BF6BCA727
SHA-512:	B87B5C063CD08096481347C67D904D5DBD443132E710AF20A474516FBA9996A4003F73B7BA28F868FA65981505E744E705437839082BC703B8E1C77FE68D67C5
Malicious:	false
Reputation:	low
URL:	https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0
Preview:	<!DOCTYPE html>.<html lang="ko">...<head>..<meta charset="UTF-8">..<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">..<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">..<meta property="og:type" content="website">..<meta property="og:title" content="[...: ...]">..<meta property="og:description" content="... .... .. .... URL. ... ... .....!">.. <link rel="shortcut icon" href="https://ssl.pstatic.net/sstatic/search/common/og_v3.png">..<meta property="og:image:type" content="image/png">..<meta property="og:image:width" content="1200">..<meta property="og:image:height" content="1200">..<title>... : ...</title>..<link rel="stylesheet" type="text/css" href="https://nid.naver.com/login/css/global/desktop/w_202105.css?20210812">.</head>..<body>..<div id="wrap" class="wrap">...<div class="u_skip"><a href="#">.. ....</a></div>...<header clas

Chrome Cache Entry: 49

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 920 x 294, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	55608
Entropy (8bit):	7.968319158388479
Encrypted:	false
SSDEEP:	768:GFzZBXEkPNNnOFlmlkui/LZ7C6q2e0gmGf0sciusedgtTQ66uHGwbGVz6fSfiZSp:G9Zhfolm8TAdNoTsd066uHGX5LMzE
MD5:	C072311F1036D8A351056F3F2AA04BC8
SHA1:	C21F7F277DB8C62055DD546C2AE741539713FEC8
SHA-256:	DBEC0A6F4F63AD346CC2E20FD1C52DD79A019978EE031BA0F76DBCB9D3FAC6DF
SHA-512:	CDBC3E321036AC768F7FB281A4883ECA283CB62DCF623C5E05AF78DA40C3FDB970B3A8485A1664805E85F823B13D1BA015E0FE695F524FA2C181E78058E835CD
Malicious:	false
Reputation:	low
URL:	https://ssl.pstatic.net/static/nid/login/banner/m_banner_2step_924x294.png
Preview:	.PNG........IHDR.......&.......?.....sRGB.......@.IDATx..].`.....^,..{..l:.SM.5@...'.B.$!!.%... .$..{....0n...7Y.U.^......V..{w{.I....}..{..v....67.. ..... ..... ..... .!..... ..... ..... .....B@...... ..... ..... .... ......A@.....A@.....A@.....!.r..... ..... ..... .x...LO`.F..A@.....A@.....A@....`.= ..... ..... ..... ...B0=.Q.....A@.....A@.....A@...).. ..... ..... .....'.....FiD.....A@.....A@.....A@...... ..... ..... .... ......A@.....A@.....A@.....!.r..... ..... ..... .x...LO`.F..A@.....A@.....A@....`.= ..... ..... ..... ...B0=.Q.....A@.....A@.....A@...).. ..... ..... .....'.....FiD.....A@.....A@.....A@...... ..... ..... .... ......A@.....A@.....A@.....!.r..... ..... ..... .x...LO`.F..A@.....A@.....A@....`.= ..... ..... ..... ...B0=.Q.....A@.....A@.....A@...).. ..... ..... .....'.....FiD.....A@.....A@.....A@...... ..... ..... .... ......A@.....A@.....A@.....!.r..... ..... ..... .x...LO`.F..A@.....A@.....A@....`.= ..... ..... .

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 4, 2024 00:56:22.550180912 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 4, 2024 00:56:32.158101082 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 4, 2024 00:56:32.575691938 CEST	49735	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:56:32.575900078 CEST	49736	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:56:32.580516100 CEST	80	49735	76.76.21.98	192.168.2.4
Aug 4, 2024 00:56:32.580579996 CEST	49735	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:56:32.580610991 CEST	80	49736	76.76.21.98	192.168.2.4
Aug 4, 2024 00:56:32.580720901 CEST	49736	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:56:32.581149101 CEST	49735	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:56:32.585895061 CEST	80	49735	76.76.21.98	192.168.2.4
Aug 4, 2024 00:56:33.055370092 CEST	80	49735	76.76.21.98	192.168.2.4
Aug 4, 2024 00:56:33.055670023 CEST	80	49735	76.76.21.98	192.168.2.4
Aug 4, 2024 00:56:33.055737972 CEST	49735	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:56:33.055784941 CEST	80	49735	76.76.21.98	192.168.2.4
Aug 4, 2024 00:56:33.055954933 CEST	49735	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:56:33.056257010 CEST	49735	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:56:33.061047077 CEST	80	49735	76.76.21.98	192.168.2.4
Aug 4, 2024 00:56:33.068948030 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.069036961 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.069139957 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.069458008 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.069493055 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.575812101 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.576153040 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.576186895 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.577681065 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.577761889 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.580576897 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.580701113 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.580878019 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.580892086 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.627578974 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.735225916 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.735258102 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.735290051 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.735316038 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.735354900 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.735384941 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.735419035 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.735872030 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.735944986 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:33.736001968 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.738754988 CEST	49737	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:33.738770008 CEST	443	49737	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:34.974198103 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:34.974225044 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:34.974283934 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:34.975256920 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:34.975270033 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:35.721040010 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:35.722507000 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:35.722568989 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:35.724212885 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:35.724329948 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:35.728810072 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:35.728931904 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:35.768342018 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:35.768366098 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:35.815274954 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:35.952862024 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:35.952907085 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:35.953246117 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:35.955244064 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:35.955272913 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:36.631053925 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:36.631114960 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:36.634857893 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:36.634881973 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:36.635188103 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:36.676805019 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:36.686077118 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:36.732496023 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:36.900520086 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:36.900680065 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:36.900860071 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:36.918134928 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:36.918164968 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:36.918178082 CEST	49746	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:36.918184042 CEST	443	49746	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:37.097347021 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:37.097398043 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:37.097462893 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:37.097984076 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:37.097995996 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:37.733966112 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:37.734324932 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:37.737821102 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:37.737838030 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:37.738107920 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:37.745848894 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:37.792510986 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:38.009877920 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:38.009948015 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:38.010273933 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:38.011535883 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:38.011537075 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 4, 2024 00:56:38.011584997 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:38.011614084 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 4, 2024 00:56:45.465719938 CEST	49750	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:45.465810061 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.465884924 CEST	49750	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:45.466198921 CEST	49750	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:45.466232061 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.492239952 CEST	49751	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:45.492343903 CEST	443	49751	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.492433071 CEST	49751	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:45.494323969 CEST	49751	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:45.494358063 CEST	443	49751	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.628163099 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:45.628777027 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:45.628855944 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:45.978076935 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.985519886 CEST	443	49751	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.997320890 CEST	49750	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:45.997415066 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.997538090 CEST	49751	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:45.997627020 CEST	443	49751	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.998605967 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:45.999744892 CEST	443	49751	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:46.007363081 CEST	49750	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:46.007586002 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:46.008224964 CEST	49751	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:46.008449078 CEST	443	49751	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:46.008589983 CEST	49750	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:46.050215960 CEST	49751	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:46.052525997 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:46.154231071 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:46.154337883 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:46.154393911 CEST	49750	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:46.156549931 CEST	49750	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:56:46.156589985 CEST	443	49750	76.76.21.22	192.168.2.4
Aug 4, 2024 00:56:46.246115923 CEST	49743	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:56:46.246135950 CEST	443	49743	142.250.186.164	192.168.2.4
Aug 4, 2024 00:56:50.777960062 CEST	49723	80	192.168.2.4	199.232.210.172
Aug 4, 2024 00:56:50.783116102 CEST	80	49723	199.232.210.172	192.168.2.4
Aug 4, 2024 00:56:50.783169985 CEST	49723	80	192.168.2.4	199.232.210.172
Aug 4, 2024 00:57:02.992837906 CEST	80	49736	76.76.21.98	192.168.2.4
Aug 4, 2024 00:57:02.992904902 CEST	49736	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:57:03.365326881 CEST	49736	80	192.168.2.4	76.76.21.98
Aug 4, 2024 00:57:03.370281935 CEST	80	49736	76.76.21.98	192.168.2.4
Aug 4, 2024 00:57:31.018874884 CEST	49751	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:57:31.018945932 CEST	443	49751	76.76.21.22	192.168.2.4
Aug 4, 2024 00:57:35.019992113 CEST	49760	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:57:35.020056963 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:35.020119905 CEST	49760	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:57:35.020365953 CEST	49760	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:57:35.020382881 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:35.649972916 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:35.650389910 CEST	49760	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:57:35.650409937 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:35.650767088 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:35.651989937 CEST	49760	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:57:35.652050972 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:35.706410885 CEST	49760	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:57:38.300762892 CEST	49724	80	192.168.2.4	199.232.210.172
Aug 4, 2024 00:57:38.306622028 CEST	80	49724	199.232.210.172	192.168.2.4
Aug 4, 2024 00:57:38.306688070 CEST	49724	80	192.168.2.4	199.232.210.172
Aug 4, 2024 00:57:45.554548025 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:45.554609060 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:45.554656029 CEST	49760	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:57:47.365726948 CEST	49751	443	192.168.2.4	76.76.21.22
Aug 4, 2024 00:57:47.365847111 CEST	49760	443	192.168.2.4	142.250.186.164
Aug 4, 2024 00:57:47.365890026 CEST	443	49760	142.250.186.164	192.168.2.4
Aug 4, 2024 00:57:47.365904093 CEST	443	49751	76.76.21.22	192.168.2.4
Aug 4, 2024 00:57:47.365995884 CEST	49751	443	192.168.2.4	76.76.21.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 4, 2024 00:56:30.895489931 CEST	53	54828	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:30.907506943 CEST	53	56200	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:31.932140112 CEST	53	60941	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:32.563546896 CEST	63860	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:32.563939095 CEST	55807	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:32.573753119 CEST	53	55807	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:32.574083090 CEST	53	63860	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:33.059312105 CEST	58244	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:33.059509039 CEST	61441	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:33.068053007 CEST	53	61441	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:33.068253040 CEST	53	58244	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:33.918250084 CEST	53895	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:33.919255972 CEST	63693	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:33.919909000 CEST	52055	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:33.920209885 CEST	49445	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:33.928989887 CEST	53	49445	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:34.109687090 CEST	53	56964	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:34.960908890 CEST	64029	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:34.961479902 CEST	63233	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:34.967477083 CEST	53	64029	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:34.969531059 CEST	53	63233	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:35.679467916 CEST	62707	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:35.679673910 CEST	62718	53	192.168.2.4	1.1.1.1
Aug 4, 2024 00:56:35.687724113 CEST	53	62718	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:49.055124998 CEST	53	56226	1.1.1.1	192.168.2.4
Aug 4, 2024 00:56:49.883462906 CEST	138	138	192.168.2.4	192.168.2.255
Aug 4, 2024 00:57:08.152210951 CEST	53	58252	1.1.1.1	192.168.2.4
Aug 4, 2024 00:57:30.882289886 CEST	53	59407	1.1.1.1	192.168.2.4
Aug 4, 2024 00:57:31.271744013 CEST	53	56323	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 4, 2024 00:56:32.563546896 CEST	192.168.2.4	1.1.1.1	0x6423	Standard query (0)	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:32.563939095 CEST	192.168.2.4	1.1.1.1	0xea49	Standard query (0)	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app	65	IN (0x0001)	false
Aug 4, 2024 00:56:33.059312105 CEST	192.168.2.4	1.1.1.1	0x9f54	Standard query (0)	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:33.059509039 CEST	192.168.2.4	1.1.1.1	0x8f7e	Standard query (0)	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app	65	IN (0x0001)	false
Aug 4, 2024 00:56:33.918250084 CEST	192.168.2.4	1.1.1.1	0xa8c5	Standard query (0)	nid.naver.com	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:33.919255972 CEST	192.168.2.4	1.1.1.1	0xe438	Standard query (0)	nid.naver.com	65	IN (0x0001)	false
Aug 4, 2024 00:56:33.919909000 CEST	192.168.2.4	1.1.1.1	0x2315	Standard query (0)	ssl.pstatic.net	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:33.920209885 CEST	192.168.2.4	1.1.1.1	0x92d7	Standard query (0)	ssl.pstatic.net	65	IN (0x0001)	false
Aug 4, 2024 00:56:34.960908890 CEST	192.168.2.4	1.1.1.1	0xebbb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:34.961479902 CEST	192.168.2.4	1.1.1.1	0x7be	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 4, 2024 00:56:35.679467916 CEST	192.168.2.4	1.1.1.1	0x58fb	Standard query (0)	ssl.pstatic.net	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:35.679673910 CEST	192.168.2.4	1.1.1.1	0x78bb	Standard query (0)	ssl.pstatic.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 4, 2024 00:56:32.574083090 CEST	1.1.1.1	192.168.2.4	0x6423	No error (0)	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app		76.76.21.98	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:32.574083090 CEST	1.1.1.1	192.168.2.4	0x6423	No error (0)	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app		76.76.21.61	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:33.068253040 CEST	1.1.1.1	192.168.2.4	0x9f54	No error (0)	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app		76.76.21.22	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:33.068253040 CEST	1.1.1.1	192.168.2.4	0x9f54	No error (0)	navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app		76.76.21.61	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:33.925683022 CEST	1.1.1.1	192.168.2.4	0xa8c5	No error (0)	nid.naver.com	nid.naver.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:33.928246021 CEST	1.1.1.1	192.168.2.4	0x2315	No error (0)	ssl.pstatic.net	ssl.pstatic.net.nheos.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:33.928246021 CEST	1.1.1.1	192.168.2.4	0x2315	No error (0)	ssl.pstatic.net.nheos.com	ssl.pstatic.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:33.928989887 CEST	1.1.1.1	192.168.2.4	0x92d7	No error (0)	ssl.pstatic.net	ssl.pstatic.net.nheos.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:33.942200899 CEST	1.1.1.1	192.168.2.4	0xe438	No error (0)	nid.naver.com	nid.naver.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:34.967477083 CEST	1.1.1.1	192.168.2.4	0xebbb	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:56:34.969531059 CEST	1.1.1.1	192.168.2.4	0x7be	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 4, 2024 00:56:35.687724113 CEST	1.1.1.1	192.168.2.4	0x78bb	No error (0)	ssl.pstatic.net	ssl.pstatic.net.nheos.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:35.687736988 CEST	1.1.1.1	192.168.2.4	0x58fb	No error (0)	ssl.pstatic.net	ssl.pstatic.net.nheos.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:35.687736988 CEST	1.1.1.1	192.168.2.4	0x58fb	No error (0)	ssl.pstatic.net.nheos.com	ssl.pstatic.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:49.351085901 CEST	1.1.1.1	192.168.2.4	0x2780	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:56:49.351085901 CEST	1.1.1.1	192.168.2.4	0x2780	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:57:01.589309931 CEST	1.1.1.1	192.168.2.4	0xbaec	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:57:01.589309931 CEST	1.1.1.1	192.168.2.4	0xbaec	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:57:23.261982918 CEST	1.1.1.1	192.168.2.4	0x5084	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:57:23.261982918 CEST	1.1.1.1	192.168.2.4	0x5084	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 4, 2024 00:57:44.183042049 CEST	1.1.1.1	192.168.2.4	0x1b8f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 4, 2024 00:57:44.183042049 CEST	1.1.1.1	192.168.2.4	0x1b8f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app

fs.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	76.76.21.98	80	3872	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Aug 4, 2024 00:56:32.581149101 CEST	497	OUT	GET /?user-agent=mozilla/5.0 HTTP/1.1 Host: navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Aug 4, 2024 00:56:33.055370092 CEST	57	IN	HTTP/1.0 308 Permanent Redirect Content-Type: text/plai Data Raw: Data Ascii:
Aug 4, 2024 00:56:33.055670023 CEST	245	IN	Data Raw: 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6e 61 76 65 72 6e 65 77 73 6c 65 74 74 65 72 2d 37 66 6d 65 65 6c 78 35 30 2d 73 74 65 76 65 61 70 70 65 61 6c 37 37 2d 67 6d 61 69 6c 63 6f 6d 2e 76 65 72 63 65 6c 2e 61 70 70 2f 3f 75 Data Ascii: Location: https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0Refresh: 0;url=https://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0server: VercelRedirecting.

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	76.76.21.22	443	3872	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-03 22:56:33 UTC	725	OUT	GET /?user-agent=mozilla/5.0 HTTP/1.1 Host: navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-03 22:56:33 UTC	514	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Age: 3740381 Cache-Control: public, max-age=0, must-revalidate Content-Disposition: inline Content-Length: 10858 Content-Type: text/html; charset=utf-8 Date: Sat, 03 Aug 2024 22:56:33 GMT Etag: "8f678250738846de8ec73f25c3153497" Server: Vercel Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Robots-Tag: noindex X-Vercel-Cache: HIT X-Vercel-Id: iad1::wr9nh-1722725793673-3bd440a2b690 Connection: close
2024-08-03 22:56:33 UTC	2372	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6b 6f 22 3e 0a 09 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 20 63 68 72 6f 6d 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 Data Ascii: <!DOCTYPE html><html lang="ko"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><meta property
2024-08-03 22:56:33 UTC	1040	IN	Data Raw: 63 74 65 64 3d 22 66 61 6c 73 65 22 3e 0a 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 65 6e 75 5f 74 65 78 74 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e ec 9d bc ed 9a 8c ec 9a a9 20 eb b2 88 ed 98 b8 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 5f 69 74 65 6d 22 20 72 6f 6c 65 3d 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 6e 6f 6e 65 22 20 69 64 3d 22 71 72 63 6f 64 65 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 5f 71 72 22 20 72 6f 6c 65 3d 22 74 61 62 22 20 61 72 69 61 2d 73 65 6c 65 63 74 65 64 3d 22 66 61 6c 73 65 22 3e 0a 09 Data Ascii: cted="false"><span class="menu_text"><span class="text"> </span></span></a></li><li class="menu_item" role="presentation"><a href="#none" id="qrcode" class="menu_qr" role="tab" aria-selected="false">
2024-08-03 22:56:33 UTC	4744	IN	Data Raw: 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 65 6e 63 70 77 22 20 69 64 3d 22 65 6e 63 70 77 22 20 76 61 6c 75 65 3d 22 22 3e 0a 09 09 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 65 6e 63 74 70 22 20 69 64 3d 22 65 6e 63 74 70 22 20 76 61 6c 75 65 3d 22 31 22 3e 0a 09 09 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 73 76 63 74 79 70 65 22 20 69 64 3d 22 73 76 63 74 79 70 65 22 20 76 61 6c 75 65 3d 22 31 22 3e 0a 09 09 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 73 6d 61 72 74 5f 4c 45 56 45 4c 22 20 69 64 3d 22 73 6d 61 72 74 5f 4c 45 56 45 4c 22 20 76 61 6c 75 65 3d 22 31 22 3e 0a 09 09 09 Data Ascii: t type="hidden" name="encpw" id="encpw" value=""><input type="hidden" name="enctp" id="enctp" value="1"><input type="hidden" name="svctype" id="svctype" value="1"><input type="hidden" name="smart_LEVEL" id="smart_LEVEL" value="1">
2024-08-03 22:56:33 UTC	2702	IN	Data Raw: 74 74 70 73 3a 2f 2f 73 73 6c 2e 70 73 74 61 74 69 63 2e 6e 65 74 2f 73 74 61 74 69 63 2f 6e 69 64 2f 6c 6f 67 69 6e 2f 62 61 6e 6e 65 72 2f 6d 5f 62 61 6e 6e 65 72 5f 32 73 74 65 70 5f 39 32 34 78 32 39 34 2e 70 6e 67 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 20 61 6c 74 3d 22 eb 84 a4 ec 9d b4 eb b2 84 20 32 eb 8b a8 ea b3 84 20 ec 9d b8 ec a6 9d 20 eb 82 b4 ea b0 80 20 ed 97 88 eb 9d bd ed 95 a0 20 eb 95 8c eb a7 8c 20 eb a1 9c ea b7 b8 ec 9d b8 20 eb 90 98 eb 8f 84 eb a1 9d 20 eb 8a a6 ea b8 b0 20 ec a0 84 ec 97 90 20 ec 82 ac ec 9a a9 ed 95 98 ec 84 b8 ec 9a 94 7e 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ttps://ssl.pstatic.net/static/nid/login/banner/m_banner_2step_924x294.png" width="100%" height="100%" alt=" 2 ~"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49746	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-03 22:56:36 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-03 22:56:36 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=29217 Date: Sat, 03 Aug 2024 22:56:36 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49747	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-03 22:56:37 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-03 22:56:38 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=29146 Date: Sat, 03 Aug 2024 22:56:37 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-03 22:56:38 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49750	76.76.21.22	443	3872	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-03 22:56:46 UTC	756	OUT	GET /?user-agent=mozilla/5.0 HTTP/1.1 Host: navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: "8f678250738846de8ec73f25c3153497"
2024-08-03 22:56:46 UTC	226	IN	HTTP/1.1 304 Not Modified Cache-Control: public, max-age=0, must-revalidate Date: Sat, 03 Aug 2024 22:56:46 GMT Server: Vercel X-Vercel-Cache: HIT X-Vercel-Id: iad1::lmzpp-1722725806078-037efc776c65 Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2056, Parent PID: 1072

General

Target ID:	0
Start time:	18:56:24
Start date:	03/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3872, Parent PID: 2056

General

Target ID:	2
Start time:	18:56:29
Start date:	03/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1900,i,3748212034112894765,15219802471735343631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6440, Parent PID: 1072

General

Target ID:	3
Start time:	18:56:31
Start date:	03/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://navernewsletter-7fmeelx50-steveappeal77-gmailcom.vercel.app/?user-agent=mozilla/5.0"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly