Edit tour

Windows Analysis Report
https://account.access.online.wellsfarqoadvisor.com/

Overview

General Information

Sample URL:	https://account.access.online.wellsfarqoadvisor.com/
Analysis ID:	1511265
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,4462252843272814417,6517607694101189829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://account.access.online.wellsfarqoadvisor.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET PHISHING Generic Credential Phish Landing Page 2024-06-13

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-14T20:38:26.214655+0200	2053667	1	Successful Credential Theft Detected	188.119.66.154	443	192.168.2.5	49710	TCP
2024-09-14T20:38:29.262243+0200	2053667	1	Successful Credential Theft Detected	188.119.66.154	443	192.168.2.5	49716	TCP
2024-09-14T20:38:31.780791+0200	2053667	1	Successful Credential Theft Detected	188.119.66.154	443	192.168.2.5	49719	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://account.access.online.wellsfarqoadvisor.com/

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49725 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49718 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2053667 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page 2024-06-13 : 188.119.66.154:443 -> 192.168.2.5:49710
Source: Network traffic	Suricata IDS: 2053667 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page 2024-06-13 : 188.119.66.154:443 -> 192.168.2.5:49716
Source: Network traffic	Suricata IDS: 2053667 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page 2024-06-13 : 188.119.66.154:443 -> 192.168.2.5:49719

Source: global traffic	TCP traffic: 192.168.2.5:50426 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:58494 -> 162.159.36.2:53

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49725 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: account.access.online.wellsfarqoadvisor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/font-awesome.css HTTP/1.1Host: account.access.online.wellsfarqoadvisor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://account.access.online.wellsfarqoadvisor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
Source: global traffic	HTTP traffic detected: GET /assets/bootstrap.min.css HTTP/1.1Host: account.access.online.wellsfarqoadvisor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://account.access.online.wellsfarqoadvisor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: account.access.online.wellsfarqoadvisor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.access.online.wellsfarqoadvisor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
Source: global traffic	HTTP traffic detected: GET /assets/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: account.access.online.wellsfarqoadvisor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.access.online.wellsfarqoadvisor.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://account.access.online.wellsfarqoadvisor.com/assets/font-awesome.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: account.access.online.wellsfarqoadvisor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg

Source: global traffic	DNS traffic detected: DNS query: account.access.online.wellsfarqoadvisor.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_126.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_126.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_127.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_127.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49718 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@21/12@6/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,4462252843272814417,6517607694101189829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://account.access.online.wellsfarqoadvisor.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,4462252843272814417,6517607694101189829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://account.access.online.wellsfarqoadvisor.com/	0%	Virustotal		Browse
https://account.access.online.wellsfarqoadvisor.com/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse
www.google.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://fontawesome.io	0%	URL Reputation	safe
https://getbootstrap.com/)	0%	URL Reputation	safe
http://fontawesome.io/license	0%	URL Reputation	safe
https://account.access.online.wellsfarqoadvisor.com/assets/fontawesome-webfont.woff2?v=4.7.0	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Avira URL Cloud	safe
https://account.access.online.wellsfarqoadvisor.com/favicon.ico	0%	Avira URL Cloud	safe
https://account.access.online.wellsfarqoadvisor.com/assets/font-awesome.css	0%	Avira URL Cloud	safe
https://account.access.online.wellsfarqoadvisor.com/assets/bootstrap.min.css	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.217.18.4	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
account.access.online.wellsfarqoadvisor.com	188.119.66.154	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://account.access.online.wellsfarqoadvisor.com/	false		unknown
https://account.access.online.wellsfarqoadvisor.com/assets/fontawesome-webfont.woff2?v=4.7.0	true	Avira URL Cloud: safe	unknown
https://account.access.online.wellsfarqoadvisor.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://account.access.online.wellsfarqoadvisor.com/assets/font-awesome.css	true	Avira URL Cloud: safe	unknown
https://account.access.online.wellsfarqoadvisor.com/assets/bootstrap.min.css	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_127.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://fontawesome.io	chromecache_126.2.dr	false	URL Reputation: safe	unknown
https://getbootstrap.com/)	chromecache_127.2.dr	false	URL Reputation: safe	unknown
http://fontawesome.io/license	chromecache_126.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
188.119.66.154	account.access.online.wellsfarqoadvisor.com	Russian Federation	209499	FLYNETRU	true

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1511265
Start date and time:	2024-09-14 20:37:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://account.access.online.wellsfarqoadvisor.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@21/12@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.185.142, 64.233.184.84, 34.104.35.123, 40.68.123.157, 93.184.221.240, 192.229.221.95, 20.242.39.171, 20.3.187.198, 142.250.184.195, 131.107.255.255
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, dns.msftncsi.com, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 14 17:38:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9791131042010157
Encrypted:	false
SSDEEP:	48:8KdDTrnM+HjidAKZdA19ehwiZUklqehHy+3:86PbAy
MD5:	AFA85585FDB9DC0367A6D66AA8265402
SHA1:	6520E10D56A50313ADFC7A3C9071544F4D933AB3
SHA-256:	E6C2A6265DBED34AF641891ABBA2C02365CE614F25AE09909A5D21617EB78B01
SHA-512:	E97D4DC95723F438B3F0454D440C2CFCEC8FF766D0FA52CD911448F1DCFDEE214341820800ABAC1DA6D8760DC45B8D86C63EB00414C3AB653E80FDCB075431AE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....x..H....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.w......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 14 17:38:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.990605521416594
Encrypted:	false
SSDEEP:	48:8aEdDTrnM+HjidAKZdA1weh/iZUkAQkqehwy+2:89Pp9QFy
MD5:	E7027CD0608E8E8A06E0B1CA8BAFF98A
SHA1:	51B03C9B81EA1503B0C4C1A02A26B1207EAC91BF
SHA-256:	3616EC1416CD05244D286D6C7B0DE0F745E8ADDBA82681538861A2727745D441
SHA-512:	1BC20EF80CE1D32859265A37B8B9F70AFB3CBCAE0CC1E5391A0E4F5866E22B2497425FA7A30C68F2C98F339DEE179DA265A4CA50EE235B837BDDE4A6DD053774
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....h.oH....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.w......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.00531760077355
Encrypted:	false
SSDEEP:	48:8xYdDTrnsHjidAKZdA14tseh7sFiZUkmgqeh7sOy+BX:8xMPOnEy
MD5:	24F356217BED7A1D2F27D875FF8D686F
SHA1:	34EE3369848BC4D10740394EFDC39A42AB643E95
SHA-256:	40BCDED2F4E9308067707B66CB660F74C0DAF0F112689344EF775CDD92B3DB60
SHA-512:	0DBF2BF51C9C408A4AA3FCEE3DB347CA431DA19B71F9BDF7EA44083725816DF0B3197D4ABF848BC4E8247F9342F9F934D47018E3CFDE35D28DCF815BAF284594
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.w......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 14 17:38:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991636609164058
Encrypted:	false
SSDEEP:	48:8wdDTrnM+HjidAKZdA1vehDiZUkwqehMy+R:8kPq2y
MD5:	36761BB8F88BED5760A041FDFD501088
SHA1:	6B66B0EAAFE87C1FDE044D846033A3EC5598EDB1
SHA-256:	47616B9671EEF99E61794D0BE1373F6693DA9B94207A3381F048FD24DA822D9C
SHA-512:	DC77077BD6630A9E0A016A94DA1655ADB233521614A8FBCD09E3EA116EB2EEF2A3A1F93CFFFDC438FFB14AFAB36348372A95F145EB5EE2E20437E9F6F2706097
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....ujH....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.w......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 14 17:38:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9803962644695705
Encrypted:	false
SSDEEP:	48:8WdDTrnM+HjidAKZdA1hehBiZUk1W1qehiy+C:8mPK9Cy
MD5:	3F27C6DE075A680D43A3B46F41FEC905
SHA1:	805DB610E4DD05979790DF2C8408A47341603E7C
SHA-256:	A91A0B69186518F1A0F66512F39637F605C649471093EBEE646046B185EB3AC8
SHA-512:	128C2D6595B4583EC7E91E54334748889FB5EB613432B180DA1671919FDCF8EB75CF0F437BC5D87552B9D148066F7521669C93474ACBAE7B5542096C1881D69B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....CuH....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.w......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 14 17:38:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.987724131152656
Encrypted:	false
SSDEEP:	48:8GdDTrnM+HjidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbEy+yT+:8WPUT/TbxWOvTbEy7T
MD5:	64E90190EC9E93418E95FF080C5DEED7
SHA1:	F1B8EAC4538D465E97449C0A13823D30D19846FB
SHA-256:	41108B99D4DD7D7143D040D75EC6EE7A88F0DFAAA52E57CF0BE3FD2E02B6F9BB
SHA-512:	578FB3652B9D8778E32897BA8D948FDC47F52B9E99B66A9CCE4BC79996F99F1F158F4E55EB425E1516F9133317F96F7F9D2D73C85FCB9BE9D1672FE389FE066A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....cd_H....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.w......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	troff or preprocessor input, ASCII text, with very long lines (327), with CRLF line terminators
Category:	downloaded
Size (bytes):	39697
Entropy (8bit):	4.860535202643515
Encrypted:	false
SSDEEP:	768:j9bsmzFd8cWmbiC/9TUMNatOx6xjNJZDdBs:j9bsm5dQmR/9ASeM6xjTBs
MD5:	9C9191556C3A99C49C679525C386D3FA
SHA1:	ECD21340A6D4AA4AC6A1BE009B681C33A3E9EE4B
SHA-256:	C5DEAE7C765902E7A4374FABD8232ACFD39BCA83AF99DE39B8C0215E4E0DA096
SHA-512:	4F7FEAFC5E7662D05A0054EAD9C2EBDBE7337E80AE18EB48B4805DCD39E23353F5879FE928D93A209F751BB245F52FE85D4282BB266B68F6962E3760D6E93628
Malicious:	false
Reputation:	low
URL:	https://account.access.online.wellsfarqoadvisor.com/assets/font-awesome.css
Preview:	/!.. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome.. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License).. /../ FONT PATH.. * -------------------------- /..@font-face {.. font-family: 'FontAwesome';.. src: url('fontawesome-webfont.eot?v=4.7.0');.. src: url('fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'), url('fontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('fontawesome-webfont.woff?v=4.7.0') format('woff'), url('fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');.. font-weight: normal;.. font-style: normal;..}...fa {.. display: inline-block;.. font: normal normal normal 14px/1 FontAwesome;.. font-size: inherit;.. text-rendering: auto;.. -webkit-font-smoothing: antialiased;.. -moz-osx-font-smoothing: grayscale;..}../ makes the font 33% larger relative to the icon container */...fa-lg {.. font-size: 1.33333333

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65319), with CRLF line terminators
Category:	downloaded
Size (bytes):	140936
Entropy (8bit):	5.059129831292051
Encrypted:	false
SSDEEP:	1536:lx1bwyUPAy+QYYDnDEBi82NcuSEz/9OOL/gIENM6HN269:P1MbPnTLYIENM6HN269
MD5:	E59AA29AC4A3D18D092F6BA813AE1997
SHA1:	C4141255658403C38E1306D2FE196575522D6CC3
SHA-256:	9EF4FBE459177AF5F4E9647CBE584514FD36C7386AF6A1712D03AE4B42E45B24
SHA-512:	F8F8D2D7951FD526B7C3684D6A7AC7CF7EC988597ACEF817ADE85B31092BBAD544D9D59A41E79D7A2D9024F9A717205818BE1A024C028BE04E251D68059C8137
Malicious:	false
Reputation:	low
URL:	https://account.access.online.wellsfarqoadvisor.com/assets/bootstrap.min.css
Preview:	/!.. Bootstrap v4.1.1 (https://getbootstrap.com/).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-famil

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Category:	downloaded
Size (bytes):	77160
Entropy (8bit):	7.996509451516447
Encrypted:	true
SSDEEP:	1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2
MD5:	AF7AE505A9EED503F8B8E6982036873E
SHA1:	D6F48CBA7D076FB6F2FD6BA993A75B9DC1ECBF0C
SHA-256:	2ADEFCBC041E7D18FCF2D417879DC5A09997AA64D675B7A3C4B6CE33DA13F3FE
SHA-512:	838FEFDBC14901F41EDF995A78FDAC55764CD4912CCB734B8BEA4909194582904D8F2AFDF2B6C428667912CE4D65681A1044D045D1BC6DE2B14113F0315FC892
Malicious:	false
Reputation:	low
URL:	https://account.access.online.wellsfarqoadvisor.com/assets/fontawesome-webfont.woff2?v=4.7.0
Preview:	wOF2......-h..........-.........................?FFTM.. .`..r.....(..X.6.$..p..... .....u[R.rGa......'.=.:..&..=r........].t..E.n.......1F...@....\|....f.m.`.$..@d[BQ.$([U<+(..@P.5..`....>.P..;.(..1..l..h...)..Yy..Ji......\|%..^..G..3..n........D..p\Yr .L.P.....t.)......6R.^"S.L~.YR.CXR...4...F.y\[..7n..\|.s.q..M..%K......,.....L.t.'....M.,..c..+b....O.s.^.$...z...m...h&gb...v.....'..6.:....s.m.b.1.m0"....*V.....c.$,0ATPT.1.....<..;...`..'.H.?.s.:..ND.....I..$..T..[..b4........,....bl6...IL.i}.&.4.m,'....#....Rw..bu..,K......v....m_-...\H....HH.......?...m..9P...)9.J..$.....8......~.;.r..n.=$.....Nddn.!'....;...8..'.N...!.-..J.........X.=.,......"`:....... {......K!'...-FH....#$~.Z_.......N5VU8F....%.P..........Cp..$.Q.......r.....k.k...3...:R.%....2{.....h%.)8..........ILK.6v.#......,;.6..N.2.hv...........OO..t#....xT..Bf....q^.#....?{.5b.I..%-WZ..b.A...^.1..n5.....NQ.Y'.........S.....!t" .`b3..%....35....fv;....l..9.:jgf?gr..p.x. ..\|.. $. e.

Static File Info

⊘No static file info

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-14T20:38:26.214655+0200	2053667	ET PHISHING Generic Credential Phish Landing Page 2024-06-13	1	188.119.66.154	443	192.168.2.5	49710	TCP
2024-09-14T20:38:29.262243+0200	2053667	ET PHISHING Generic Credential Phish Landing Page 2024-06-13	1	188.119.66.154	443	192.168.2.5	49716	TCP
2024-09-14T20:38:31.780791+0200	2053667	ET PHISHING Generic Credential Phish Landing Page 2024-06-13	1	188.119.66.154	443	192.168.2.5	49719	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2024 20:38:14.766179085 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:14.766180992 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:14.875641108 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:24.369796991 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:24.383883953 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:24.479172945 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:24.915173054 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:24.915195942 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:24.915255070 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:24.915659904 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:24.915666103 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:24.915723085 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:24.915944099 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:24.915956020 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:24.916975021 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:24.916984081 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.875068903 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.875371933 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.875392914 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.876884937 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.876965046 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.878170967 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.878262043 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.878382921 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.878391027 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.880753040 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.880978107 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.880983114 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.882711887 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.882788897 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.883793116 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.883877039 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:25.968990088 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.983690977 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:25.983702898 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.114357948 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 14, 2024 20:38:26.114526033 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:26.182523966 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.214432001 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.214539051 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.214598894 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.215908051 CEST	49710	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.215928078 CEST	443	49710	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.236855984 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.279443979 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.305227041 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.305273056 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.305347919 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.305864096 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.305875063 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.456233025 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.581728935 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.581753969 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.581772089 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.581816912 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.581820011 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.581835985 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.581862926 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.581892967 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.581902981 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.581921101 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.583621979 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.583642006 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.583658934 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.583688974 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.583704948 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.583724022 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.583740950 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.583741903 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.583758116 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.583770990 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.583780050 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.583797932 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.584394932 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.584414005 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.584444046 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.584449053 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.584470987 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.584492922 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.584496021 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.584611893 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:26.584657907 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.647881985 CEST	49709	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:26.647910118 CEST	443	49709	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.012182951 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.069238901 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.461139917 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.461162090 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.461915016 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.465451956 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.465549946 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.466098070 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.511403084 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.609147072 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:27.609211922 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:27.609304905 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:27.610121012 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:27.610140085 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:27.687552929 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.813776016 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.813793898 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.813836098 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.813854933 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.813874960 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.813882113 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.813894033 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.813935041 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.814718962 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.814732075 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.814753056 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.814778090 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.814785004 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.814789057 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.814809084 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.814810038 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.814834118 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.814846039 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.814866066 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.884661913 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.940042973 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.940061092 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.940084934 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.940113068 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.940120935 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.940121889 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.940139055 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.940176964 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.940184116 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.941488981 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.941498995 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.941536903 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.941545010 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.941557884 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.941565990 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.941586971 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.941617966 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.942599058 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.942617893 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.942670107 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.942677021 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.942724943 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.944370985 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.944389105 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.944462061 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:27.944468975 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:27.944564104 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.012195110 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:28.012286901 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:28.012387991 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:28.014096022 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:28.014132023 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:28.066827059 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.066912889 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.066931963 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.066951036 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.066977024 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.066996098 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.067687035 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.067749023 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.067761898 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.067770958 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.067790031 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.067811012 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.068239927 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.068291903 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.068317890 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.068325996 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.068362951 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.068370104 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.068546057 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.068712950 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.068722010 CEST	443	49713	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.068739891 CEST	49713	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.180362940 CEST	49716	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.180455923 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.180541992 CEST	49716	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.182020903 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.182068110 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.182157040 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.184489965 CEST	49716	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.184514999 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.185275078 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.185307980 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.259237051 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:28.259776115 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:28.259809971 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:28.261440992 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:28.261540890 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:28.263381004 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:28.263480902 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:28.306484938 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:28.306514978 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:28.357124090 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:28.663814068 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:28.663953066 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:28.725667000 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:28.725765944 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:28.726744890 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:28.776245117 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:28.903968096 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.912005901 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.931052923 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.931085110 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.931437969 CEST	49716	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.931473970 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.932046890 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.932419062 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.932873011 CEST	49716	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.932964087 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.933381081 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.933557987 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.933830023 CEST	49716	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.934218884 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:28.979403973 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:28.979418039 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.115434885 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.163397074 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.248877048 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.261966944 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.262067080 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.262186050 CEST	49716	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.262676954 CEST	49716	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.262691975 CEST	443	49716	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.291878939 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.300287962 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.300451994 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.300646067 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.300699949 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.300731897 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.300731897 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.300754070 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.300772905 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.343183041 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.343242884 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.343327045 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.343611956 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.343625069 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.375281096 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.375296116 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.375349998 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.375366926 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.375422955 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.375463963 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.375488997 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.375529051 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.375529051 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.375530005 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.375560999 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.377229929 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.377257109 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.377319098 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.377334118 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.377362967 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.377401114 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.501360893 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.501394987 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.501445055 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.501460075 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.501492023 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.501513004 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.502901077 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.502928019 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.502964020 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.502976894 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.503002882 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.503240108 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.503910065 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.503966093 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.503990889 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.504003048 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.504030943 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.504034042 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.504081011 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.688596010 CEST	49717	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:29.688621044 CEST	443	49717	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:29.987457991 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.987560987 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.991864920 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:29.991883993 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.992258072 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:29.993988037 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:30.039416075 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:30.332489967 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:30.332634926 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:30.332704067 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:30.334466934 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:30.334503889 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:30.334522009 CEST	49718	443	192.168.2.5	184.28.90.27
Sep 14, 2024 20:38:30.334531069 CEST	443	49718	184.28.90.27	192.168.2.5
Sep 14, 2024 20:38:30.693067074 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:30.693156004 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:30.693236113 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:30.693790913 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:30.693816900 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:31.427047014 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:31.427318096 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:31.427354097 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:31.430885077 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:31.430962086 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:31.431480885 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:31.431618929 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:31.431664944 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:31.483645916 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:31.483705044 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:31.527106047 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:31.780268908 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:31.780436039 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:31.780517101 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:31.781933069 CEST	49719	443	192.168.2.5	188.119.66.154
Sep 14, 2024 20:38:31.781964064 CEST	443	49719	188.119.66.154	192.168.2.5
Sep 14, 2024 20:38:36.959089041 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:36.959266901 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:36.959908009 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:36.959994078 CEST	443	49725	23.1.237.91	192.168.2.5
Sep 14, 2024 20:38:36.960139036 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:36.960643053 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:36.960681915 CEST	443	49725	23.1.237.91	192.168.2.5
Sep 14, 2024 20:38:36.963968992 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 14, 2024 20:38:36.964010954 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 14, 2024 20:38:37.884989977 CEST	443	49725	23.1.237.91	192.168.2.5
Sep 14, 2024 20:38:37.885121107 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:38:38.162869930 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:38.163018942 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:38.163183928 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:39.986080885 CEST	49714	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:38:39.986135960 CEST	443	49714	172.217.18.4	192.168.2.5
Sep 14, 2024 20:38:46.439281940 CEST	50426	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:46.444153070 CEST	53	50426	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:46.444226980 CEST	50426	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:46.444305897 CEST	50426	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:46.449148893 CEST	53	50426	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:46.887757063 CEST	53	50426	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:46.888397932 CEST	50426	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:46.893501043 CEST	53	50426	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:46.893570900 CEST	50426	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:57.038525105 CEST	443	49725	23.1.237.91	192.168.2.5
Sep 14, 2024 20:38:57.038619995 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 14, 2024 20:39:04.285478115 CEST	58494	53	192.168.2.5	162.159.36.2
Sep 14, 2024 20:39:04.291126966 CEST	53	58494	162.159.36.2	192.168.2.5
Sep 14, 2024 20:39:04.291199923 CEST	58494	53	192.168.2.5	162.159.36.2
Sep 14, 2024 20:39:04.291244984 CEST	58494	53	192.168.2.5	162.159.36.2
Sep 14, 2024 20:39:04.296495914 CEST	53	58494	162.159.36.2	192.168.2.5
Sep 14, 2024 20:39:04.738955021 CEST	53	58494	162.159.36.2	192.168.2.5
Sep 14, 2024 20:39:04.739283085 CEST	58494	53	192.168.2.5	162.159.36.2
Sep 14, 2024 20:39:04.744458914 CEST	53	58494	162.159.36.2	192.168.2.5
Sep 14, 2024 20:39:04.744539022 CEST	58494	53	192.168.2.5	162.159.36.2
Sep 14, 2024 20:39:27.652434111 CEST	58498	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:39:27.652509928 CEST	443	58498	172.217.18.4	192.168.2.5
Sep 14, 2024 20:39:27.652585983 CEST	58498	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:39:27.652832985 CEST	58498	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:39:27.652853966 CEST	443	58498	172.217.18.4	192.168.2.5
Sep 14, 2024 20:39:28.293267012 CEST	443	58498	172.217.18.4	192.168.2.5
Sep 14, 2024 20:39:28.293566942 CEST	58498	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:39:28.293601990 CEST	443	58498	172.217.18.4	192.168.2.5
Sep 14, 2024 20:39:28.294754982 CEST	443	58498	172.217.18.4	192.168.2.5
Sep 14, 2024 20:39:28.295089960 CEST	58498	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:39:28.295269966 CEST	443	58498	172.217.18.4	192.168.2.5
Sep 14, 2024 20:39:28.338519096 CEST	58498	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:39:38.192789078 CEST	443	58498	172.217.18.4	192.168.2.5
Sep 14, 2024 20:39:38.192929029 CEST	443	58498	172.217.18.4	192.168.2.5
Sep 14, 2024 20:39:38.192996979 CEST	58498	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:39:39.638884068 CEST	58498	443	192.168.2.5	172.217.18.4
Sep 14, 2024 20:39:39.638911963 CEST	443	58498	172.217.18.4	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2024 20:38:23.265189886 CEST	53	63682	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:23.336766958 CEST	53	56151	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:24.360239029 CEST	53	51939	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:24.896303892 CEST	52822	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:24.896500111 CEST	63935	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:24.907977104 CEST	53	52822	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:25.629019976 CEST	53	63935	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:27.597680092 CEST	59850	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:27.598304987 CEST	59755	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:27.605469942 CEST	53	59755	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:27.605510950 CEST	53	59850	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:30.026573896 CEST	64914	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:30.026882887 CEST	50527	53	192.168.2.5	1.1.1.1
Sep 14, 2024 20:38:30.691009998 CEST	53	64914	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:30.692416906 CEST	53	50527	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:41.362731934 CEST	53	53872	1.1.1.1	192.168.2.5
Sep 14, 2024 20:38:46.438843012 CEST	53	52073	1.1.1.1	192.168.2.5
Sep 14, 2024 20:39:04.284812927 CEST	53	50856	162.159.36.2	192.168.2.5
Sep 14, 2024 20:39:04.838023901 CEST	53	49525	1.1.1.1	192.168.2.5
Sep 14, 2024 20:39:23.065640926 CEST	53	52131	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 14, 2024 20:38:25.629100084 CEST	192.168.2.5	1.1.1.1	c240	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 14, 2024 20:38:24.896303892 CEST	192.168.2.5	1.1.1.1	0x3b29	Standard query (0)	account.access.online.wellsfarqoadvisor.com	A (IP address)	IN (0x0001)	false
Sep 14, 2024 20:38:24.896500111 CEST	192.168.2.5	1.1.1.1	0x42f6	Standard query (0)	account.access.online.wellsfarqoadvisor.com	65	IN (0x0001)	false
Sep 14, 2024 20:38:27.597680092 CEST	192.168.2.5	1.1.1.1	0x7ea2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 14, 2024 20:38:27.598304987 CEST	192.168.2.5	1.1.1.1	0x6bc1	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 14, 2024 20:38:30.026573896 CEST	192.168.2.5	1.1.1.1	0x41b4	Standard query (0)	account.access.online.wellsfarqoadvisor.com	A (IP address)	IN (0x0001)	false
Sep 14, 2024 20:38:30.026882887 CEST	192.168.2.5	1.1.1.1	0x58f3	Standard query (0)	account.access.online.wellsfarqoadvisor.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 14, 2024 20:38:24.907977104 CEST	1.1.1.1	192.168.2.5	0x3b29	No error (0)	account.access.online.wellsfarqoadvisor.com		188.119.66.154	A (IP address)	IN (0x0001)	false
Sep 14, 2024 20:38:27.605469942 CEST	1.1.1.1	192.168.2.5	0x6bc1	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 14, 2024 20:38:27.605510950 CEST	1.1.1.1	192.168.2.5	0x7ea2	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Sep 14, 2024 20:38:30.691009998 CEST	1.1.1.1	192.168.2.5	0x41b4	No error (0)	account.access.online.wellsfarqoadvisor.com		188.119.66.154	A (IP address)	IN (0x0001)	false
Sep 14, 2024 20:38:36.163177967 CEST	1.1.1.1	192.168.2.5	0x8790	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 14, 2024 20:38:36.163177967 CEST	1.1.1.1	192.168.2.5	0x8790	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

account.access.online.wellsfarqoadvisor.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	188.119.66.154	443	3160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-14 18:38:25 UTC	686	OUT	GET / HTTP/1.1 Host: account.access.online.wellsfarqoadvisor.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-14 18:38:26 UTC	528	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 18:38:26 GMT Server: Apache/2.4.41 (Ubuntu) Set-Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: ppath=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: stp=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Vary: Accept-Encoding Content-Length: 1272 Connection: close Content-Type: text/html; charset=UTF-8
2024-09-14 18:38:26 UTC	1272	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 20 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 2e 61 63 63 65 73 73 2e 6f 6e 6c 69 6e 65 2e 77 65 6c 6c 73 66 61 72 71 6f 61 64 76 69 73 6f 72 2e 63 6f 6d 2f 22 3e 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0d 0a 20 20 20 20 20 3c Data Ascii: <!DOCTYPE html><html lang="id" dir="ltr"><head> <base href="https://account.access.online.wellsfarqoadvisor.com/"> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49709	188.119.66.154	443	3160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-14 18:38:26 UTC	654	OUT	GET /assets/font-awesome.css HTTP/1.1 Host: account.access.online.wellsfarqoadvisor.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://account.access.online.wellsfarqoadvisor.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
2024-09-14 18:38:26 UTC	273	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 18:38:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Tue, 19 Dec 2023 14:09:22 GMT ETag: "9b11-60cdd69c3a880" Accept-Ranges: bytes Content-Length: 39697 Vary: Accept-Encoding Connection: close Content-Type: text/css
2024-09-14 18:38:26 UTC	16384	IN	Data Raw: 2f 2a 21 0d 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 37 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0d 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0d 0a 20 2a 2f 0d 0a 2f 2a 20 46 4f 4e 54 20 50 41 54 48 0d 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0d 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 46 6f 6e 74 41 77 65 Data Ascii: /! Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) // FONT PATH * -------------------------- */@font-face { font-family: 'FontAwe
2024-09-14 18:38:26 UTC	16384	IN	Data Raw: 22 5c 66 31 30 64 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 71 75 6f 74 65 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 30 65 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 73 70 69 6e 6e 65 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 31 30 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 63 69 72 63 6c 65 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 31 31 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 6d 61 69 6c 2d 72 65 70 6c 79 3a 62 65 66 6f 72 65 2c 0d 0a 2e 66 61 2d 72 65 70 6c 79 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 31 32 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 67 69 74 68 75 62 2d 61 6c 74 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e Data Ascii: "\f10d";}.fa-quote-right:before { content: "\f10e";}.fa-spinner:before { content: "\f110";}.fa-circle:before { content: "\f111";}.fa-mail-reply:before,.fa-reply:before { content: "\f112";}.fa-github-alt:before { conten
2024-09-14 18:38:26 UTC	6929	IN	Data Raw: 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 35 64 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 63 72 65 61 74 69 76 65 2d 63 6f 6d 6d 6f 6e 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 35 65 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 67 67 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 36 30 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 67 67 2d 63 69 72 63 6c 65 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 36 31 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 74 72 69 70 61 64 76 69 73 6f 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 32 36 32 22 3b 0d 0a 7d 0d 0a 2e 66 61 2d 6f 64 6e 6f 6b 6c 61 73 73 6e 69 6b 69 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 Data Ascii: ore { content: "\f25d";}.fa-creative-commons:before { content: "\f25e";}.fa-gg:before { content: "\f260";}.fa-gg-circle:before { content: "\f261";}.fa-tripadvisor:before { content: "\f262";}.fa-odnoklassniki:before {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49713	188.119.66.154	443	3160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-14 18:38:27 UTC	655	OUT	GET /assets/bootstrap.min.css HTTP/1.1 Host: account.access.online.wellsfarqoadvisor.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://account.access.online.wellsfarqoadvisor.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
2024-09-14 18:38:27 UTC	275	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 18:38:27 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Tue, 19 Dec 2023 14:07:30 GMT ETag: "22688-60cdd6316ac80" Accept-Ranges: bytes Content-Length: 140936 Vary: Accept-Encoding Connection: close Content-Type: text/css
2024-09-14 18:38:27 UTC	16384	IN	Data Raw: 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 31 2e 31 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 30 Data Ascii: /! Bootstrap v4.1.1 (https://getbootstrap.com/) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */:root{--blue:#007bff;--indigo:#6610
2024-09-14 18:38:27 UTC	16384	IN	Data Raw: 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 39 31 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 78 6c 2d 31 32 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 6f 72 64 65 72 2d 78 6c 2d 66 69 72 73 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 2d 31 3b 6f 72 64 65 72 3a 2d 31 7d 2e 6f 72 64 65 72 2d 78 6c 2d 6c 61 73 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 33 3b 6f 72 64 65 72 3a 31 33 7d 2e 6f 72 64 65 72 2d 78 6c 2d 30 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 30 3b 6f 72 64 65 72 3a 30 7d 2e 6f 72 64 65 72 2d 78 6c Data Ascii: {-ms-flex:0 0 91.666667%;flex:0 0 91.666667%;max-width:91.666667%}.col-xl-12{-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-xl-first{-ms-flex-order:-1;order:-1}.order-xl-last{-ms-flex-order:13;order:13}.order-xl-0{-ms-flex-order:0;order:0}.order-xl
2024-09-14 18:38:27 UTC	16384	IN	Data Raw: 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 69 6e 70 75 74 3a 69 6e 76 61 6c 69 64 7e 2e 69 6e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 69 6e 70 75 74 2e 69 73 2d 69 6e 76 61 6c 69 64 3a 66 6f 63 75 73 7e 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 6c 61 62 65 6c 2c 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 69 6e 70 75 74 3a 69 6e 76 61 6c 69 64 3a 66 6f 63 75 73 7e 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2d 6c 61 62 65 6c 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 72 65 6d 20 72 67 62 61 28 32 32 30 2c 35 33 2c 36 39 2c 2e 32 35 29 7d 2e 66 6f 72 6d 2d 69 6e 6c 69 6e 65 7b 64 69 73 70 6c 61 79 3a Data Ascii: -validated .custom-file-input:invalid~.invalid-tooltip{display:block}.custom-file-input.is-invalid:focus~.custom-file-label,.was-validated .custom-file-input:invalid:focus~.custom-file-label{box-shadow:0 0 0 .2rem rgba(220,53,69,.25)}.form-inline{display:
2024-09-14 18:38:27 UTC	16384	IN	Data Raw: 64 65 72 2d 74 6f 70 3a 30 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 2e 33 65 6d 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 2e 33 65 6d 20 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 2e 33 65 6d 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 64 72 6f 70 75 70 20 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 65 6d 70 74 79 3a 3a 61 66 74 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 2e 64 72 6f 70 72 69 67 68 74 20 2e 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 7b 74 6f 70 3a 30 3b 72 69 67 68 74 3a 61 75 74 6f 3b 6c 65 66 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 31 32 35 72 65 6d 7d 2e 64 72 6f 70 72 69 67 68 74 20 Data Ascii: der-top:0;border-right:.3em solid transparent;border-bottom:.3em solid;border-left:.3em solid transparent}.dropup .dropdown-toggle:empty::after{margin-left:0}.dropright .dropdown-menu{top:0;right:auto;left:100%;margin-top:0;margin-left:.125rem}.dropright
2024-09-14 18:38:27 UTC	16384	IN	Data Raw: 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 6e 61 76 62 61 72 2d 62 72 61 6e 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 2e 33 31 32 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 2e 33 31 32 35 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 6e 61 76 62 61 72 2d 62 72 61 6e 64 3a 66 6f 63 75 73 2c Data Ascii: n:center;align-items:center;-ms-flex-pack:justify;justify-content:space-between}.navbar-brand{display:inline-block;padding-top:.3125rem;padding-bottom:.3125rem;margin-right:1rem;font-size:1.25rem;line-height:inherit;white-space:nowrap}.navbar-brand:focus,
2024-09-14 18:38:27 UTC	16384	IN	Data Raw: 23 62 65 65 35 65 62 7d 2e 61 6c 65 72 74 2d 69 6e 66 6f 20 68 72 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 61 62 64 64 65 35 7d 2e 61 6c 65 72 74 2d 69 6e 66 6f 20 2e 61 6c 65 72 74 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 30 36 32 63 33 33 7d 2e 61 6c 65 72 74 2d 77 61 72 6e 69 6e 67 7b 63 6f 6c 6f 72 3a 23 38 35 36 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 33 63 64 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 66 66 65 65 62 61 7d 2e 61 6c 65 72 74 2d 77 61 72 6e 69 6e 67 20 68 72 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 66 66 65 38 61 31 7d 2e 61 6c 65 72 74 2d 77 61 72 6e 69 6e 67 20 2e 61 6c 65 72 74 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 35 33 33 66 30 33 7d 2e 61 6c 65 72 74 2d 64 61 6e Data Ascii: #bee5eb}.alert-info hr{border-top-color:#abdde5}.alert-info .alert-link{color:#062c33}.alert-warning{color:#856404;background-color:#fff3cd;border-color:#ffeeba}.alert-warning hr{border-top-color:#ffe8a1}.alert-warning .alert-link{color:#533f03}.alert-dan
2024-09-14 18:38:28 UTC	16384	IN	Data Raw: 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 6c 65 66 74 2c 2e 63 61 72 6f 75 73 65 6c 2d 66 61 64 65 20 2e 61 63 74 69 76 65 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 70 72 65 76 2c 2e 63 61 72 6f 75 73 65 6c 2d 66 61 64 65 20 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 6e 65 78 74 2c 2e 63 61 72 6f 75 73 65 6c 2d 66 61 64 65 20 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 70 72 65 76 2c 2e 63 61 72 6f 75 73 65 6c 2d 66 61 64 65 20 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2e 61 63 74 69 76 65 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 30 2c 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 30 2c 30 29 7d 7d 2e 63 61 72 6f 75 73 65 6c 2d 63 6f 6e 74 72 6f 6c 2d 6e Data Ascii: .carousel-item-left,.carousel-fade .active.carousel-item-prev,.carousel-fade .carousel-item-next,.carousel-fade .carousel-item-prev,.carousel-fade .carousel-item.active{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}}.carousel-control-n
2024-09-14 18:38:28 UTC	16384	IN	Data Raw: 74 65 6e 74 2d 6d 64 2d 65 6e 64 7b 2d 6d 73 2d 66 6c 65 78 2d 6c 69 6e 65 2d 70 61 63 6b 3a 65 6e 64 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 65 6e 64 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 2d 6d 64 2d 63 65 6e 74 65 72 7b 2d 6d 73 2d 66 6c 65 78 2d 6c 69 6e 65 2d 70 61 63 6b 3a 63 65 6e 74 65 72 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 2d 6d 64 2d 62 65 74 77 65 65 6e 7b 2d 6d 73 2d 66 6c 65 78 2d 6c 69 6e 65 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 Data Ascii: tent-md-end{-ms-flex-line-pack:end!important;align-content:flex-end!important}.align-content-md-center{-ms-flex-line-pack:center!important;align-content:center!important}.align-content-md-between{-ms-flex-line-pack:justify!important;align-content:space-be
2024-09-14 18:38:28 UTC	9864	IN	Data Raw: 2c 2e 70 78 2d 6d 64 2d 33 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 2d 6d 64 2d 34 7b 70 61 64 64 69 6e 67 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 74 2d 6d 64 2d 34 2c 2e 70 79 2d 6d 64 2d 34 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 72 2d 6d 64 2d 34 2c 2e 70 78 2d 6d 64 2d 34 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 62 2d 6d 64 2d 34 2c 2e 70 79 2d 6d 64 2d 34 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 6c 2d 6d 64 2d 34 2c 2e 70 78 2d 6d 64 2d 34 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 21 Data Ascii: ,.px-md-3{padding-left:1rem!important}.p-md-4{padding:1.5rem!important}.pt-md-4,.py-md-4{padding-top:1.5rem!important}.pr-md-4,.px-md-4{padding-right:1.5rem!important}.pb-md-4,.py-md-4{padding-bottom:1.5rem!important}.pl-md-4,.px-md-4{padding-left:1.5rem!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49716	188.119.66.154	443	3160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-14 18:38:28 UTC	688	OUT	GET /favicon.ico HTTP/1.1 Host: account.access.online.wellsfarqoadvisor.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.access.online.wellsfarqoadvisor.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
2024-09-14 18:38:29 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 18:38:29 GMT Server: Apache/2.4.41 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: ppath=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: stp=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Vary: Accept-Encoding Content-Length: 1272 Connection: close Content-Type: text/html; charset=UTF-8
2024-09-14 18:38:29 UTC	1272	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 20 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 2e 61 63 63 65 73 73 2e 6f 6e 6c 69 6e 65 2e 77 65 6c 6c 73 66 61 72 71 6f 61 64 76 69 73 6f 72 2e 63 6f 6d 2f 22 3e 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0d 0a 20 20 20 20 20 3c Data Ascii: <!DOCTYPE html><html lang="id" dir="ltr"><head> <base href="https://account.access.online.wellsfarqoadvisor.com/"> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49717	188.119.66.154	443	3160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-14 18:38:28 UTC	736	OUT	GET /assets/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 Host: account.access.online.wellsfarqoadvisor.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.access.online.wellsfarqoadvisor.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://account.access.online.wellsfarqoadvisor.com/assets/font-awesome.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
2024-09-14 18:38:29 UTC	253	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 18:38:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Tue, 19 Dec 2023 14:01:20 GMT ETag: "12d68-60cdd4d08ec00" Accept-Ranges: bytes Content-Length: 77160 Connection: close Content-Type: font/woff2
2024-09-14 18:38:29 UTC	16384	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 01 2d 68 00 0d 00 00 00 02 86 98 00 01 2d 0e 00 04 01 cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 20 06 60 00 85 72 11 08 0a 89 99 28 87 b6 58 01 36 02 24 03 95 70 0b 96 10 00 04 20 05 89 06 07 b4 75 5b 52 09 72 47 61 f7 91 84 2a ba 0d 81 27 ed 3d eb 3a b5 1a 26 d3 cd 3d 72 b7 2a 0a 02 19 e5 1a f1 f6 5d 04 74 07 dc 45 aa 6e a3 b2 ff ff ff ff e4 a4 31 46 db 0e dc 40 e0 d5 f4 fb 7c ad 8a 14 08 66 93 6d 92 60 9b 24 d8 91 a1 40 64 5b 42 51 11 24 28 5b 55 3c 2b 28 ad b8 40 50 d0 35 1e e4 60 81 b0 0e da 3e f6 50 10 1a 3b e1 28 91 d1 31 b3 fd 6c db fe 68 d4 a8 a2 c2 29 9f dc 59 79 94 f2 4a 69 e9 eb 17 ad 85 ce 7c 25 db 81 b7 5e ac 14 47 82 a2 33 b8 12 6e 9e 95 e8 ba da 95 dc 0a c4 cd 90 44 8a 9e Data Ascii: wOF2-h-?FFTM `r(X6$p u[RrGa'=:&=r]tEn1F@\|fm`$@d[BQ$([U<+(@P5`>P;(1lh)YyJi\|%^G3nD
2024-09-14 18:38:29 UTC	16384	IN	Data Raw: e3 5c de 1a 16 aa 22 4c fe ba d0 b4 40 f9 54 95 d6 58 d9 52 55 87 be 46 03 67 f6 5d 73 e5 c4 dd 17 45 c1 ce 14 b3 35 ab 56 30 df cb 58 ac d2 16 2f c6 ef 75 eb b5 c6 6b ba 7a 85 9d 42 f5 bc 27 07 d9 83 c0 4a ba 78 19 1b a2 cc e7 df 1c 09 e6 49 7a f3 ee 01 80 d2 37 fa 8a 91 f5 8d 92 d2 59 fe 86 ce 95 ed 31 74 b4 bf b6 79 af 88 b7 ce 9a 5f 7d 81 a1 7c b4 78 6d e3 5b 04 c0 78 02 4a 7d 7a fc 6c f3 c8 fe 44 9b d7 56 97 fb 86 72 f3 d7 63 73 64 73 71 ba 76 e5 5b 91 e3 b7 26 11 8e 8e 60 9f 6f 55 b6 7f b8 be 6c eb 3f 07 3c 1c 6a db 43 f4 21 09 4f 65 12 71 42 0e 93 b6 3d 99 4a dc 5c 9c 1e 60 9e c4 4c 72 b1 e5 ad 88 e1 64 31 4d 68 1d f7 6f ab 77 d1 d1 b9 4b 69 06 ea c4 a3 ea 64 8a 95 2a 3b 5e 18 d2 8b cb 18 bf 24 b5 b5 78 48 b1 ef 18 c7 55 b8 b3 55 60 5d 47 b5 6b 43 Data Ascii: \"L@TXRUFg]sE5V0X/ukzB'JxIz7Y1ty_}\|xm[xJ}zlDVrcsdsqv[&`oUl?<jC!OeqB=J\`Lrd1MhowKid*;^$xHUU`]GkC
2024-09-14 18:38:29 UTC	16384	IN	Data Raw: f4 ad 57 5b 70 42 ce 89 74 0c bb df 02 69 ca 5c f6 f1 60 de 7b 19 58 ea d1 f1 2f 29 d3 c6 a9 63 44 bb 52 a7 ff 50 76 7a ee 8b 78 9f ee a6 34 39 48 13 86 5f 9f c1 d9 87 85 23 e9 ba 31 a2 f9 26 d3 eb 50 c2 2f d6 d5 d6 a1 a7 d5 26 ae 7f 55 9c a8 75 8e a8 e0 29 96 ef 6c 39 f6 d0 ad f6 3a 21 e5 7d c9 91 bc 3d 5b f2 12 2a b2 99 3b a7 ad b2 01 84 75 7b b0 b4 b1 03 eb 2e 1a a4 96 70 11 bd e2 22 ea 21 ea e2 06 2c fe bc 7c 1c 76 0e ab 0f 6e 4e 19 9b 4b 0c 13 ed 36 33 75 00 64 3e 83 f6 36 8c 97 04 bb cf 79 2f 48 16 a2 7d dc 13 1e 92 f1 d1 91 83 02 7b 71 4c 81 1d 9c f1 24 92 f2 0d 0a e7 9c e0 2d c4 c4 f4 61 a1 8f 5b 8e fe f9 73 74 0b dd 6e 53 8c 6e 32 8e c4 9f e0 40 a1 7f 92 ee 1a d1 b7 8a 8d 0f bf 0e 0f 8f 8c 78 48 4e 70 c1 a2 89 c7 e3 b5 de 10 1e d2 32 f1 d0 e3 08 Data Ascii: W[pBti\`{X/)cDRPvzx49H_#1&P/&Uu)l9:!}=[*;u{.p"!,\|vnNK63ud>6y/H}{qL$-a[stnSn2@xHNp2
2024-09-14 18:38:29 UTC	16384	IN	Data Raw: de ab 23 23 1b fa 1e f0 b8 db 0d 92 d0 8e 4e d9 69 22 4d 43 a3 46 98 5a c1 75 54 08 0a dd c1 83 a6 37 f4 ed 10 ea 79 5c 3d f7 d1 86 be d1 91 63 04 95 0f 58 59 24 2a e6 5e da 49 4e eb 68 ee 71 1c 05 c1 87 68 c9 3c 87 b0 ec 87 a2 d2 ea 1c 5b b7 00 e7 ad 86 91 b5 25 c1 89 c5 55 59 f6 ce 41 ee 47 f4 38 9c 6d 1b 5e 8e d0 73 1f ad b2 75 17 d6 c2 b6 93 93 24 36 09 79 c0 37 59 56 50 b3 df be d4 c0 d0 03 02 f6 74 46 f3 28 6a 7f 91 3a a8 af c1 da b8 e7 15 24 6a 1a 1a c1 c2 ef a0 85 96 d1 7b 77 25 70 68 11 ec 42 b6 4c 91 dd 1e f1 5c 3d 40 92 22 30 1d b8 8b e1 34 29 55 16 10 aa 0c 77 f1 04 27 20 aa 4f aa 77 1e 34 07 ca ca f5 23 1f e2 99 f0 4e 3e 71 a2 a6 d9 98 ec ee 0b af 3e c4 ea 30 53 7c db 5f 41 65 91 67 ae 3c 32 cc 38 10 fd 40 ad 2b e9 b1 35 94 09 33 fb 67 4b 70 Data Ascii: ##Ni"MCFZuT7y\=cXY$*^INhqh<[%UYAG8m^su$6y7YVPtF(j:$j{w%phBL\=@"04)Uw' Ow4#N>q>0S\|_Aeg<28@+53gKp
2024-09-14 18:38:29 UTC	11624	IN	Data Raw: 3d e1 49 a5 14 17 75 7f 7a ea 6d 0e 9a ca 90 5e bd db 49 55 3a 94 10 80 e9 98 64 ff 8d c3 dd 8c 12 61 0e 3f 61 32 68 02 2f 90 b0 c4 69 ee 79 c5 3b d8 d7 6e 06 51 ba 89 f8 e7 6f 20 d8 ef 90 93 28 8b fe 81 f9 d1 1b 26 0b 9f 3d 58 3b 2d d9 3f 8f 76 6b 43 ca 29 fc 9f 9d 0b 1b 66 6d 39 d9 dc d2 9f 45 f3 95 ec 66 5e 1d 1a a2 f0 85 2d 4d d7 96 4a cb e7 3d ee 34 6f 2c 71 97 cb 92 a1 69 5e 81 58 5c 6c 58 de b3 dc db 93 86 91 97 97 0f 7b 2d 3a 7f ae 9d b2 e5 c3 fb ed fd e7 56 7b 14 e2 0f da 3f 3f f5 26 dc 0e f3 2a 5f 69 f8 f0 af 92 5d a2 c5 a2 40 b7 90 c1 e3 54 7e 11 dc 39 19 7b cc ec 1d 55 b4 70 ad fc 4d fd d9 58 1d d7 90 a1 05 6a fa c4 c9 53 e9 9b a9 57 3a 3a ef d1 40 56 14 93 56 d9 be af aa 3d 2d bd bd 7d 5f 65 fb 9b e3 79 0e 03 7b 8a c4 8e 9d 5e bf 67 1e d4 69 Data Ascii: =Iuzm^IU:da?a2h/iy;nQo (&=X;-?vkC)fm9Ef^-MJ=4o,qi^X\lX{-:V{??&*_i]@T~9{UpMXjSW::@VV=-}_ey{^gi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49715	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-14 18:38:29 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-14 18:38:29 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=79644 Date: Sat, 14 Sep 2024 18:38:29 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49718	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-14 18:38:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-14 18:38:30 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=79663 Date: Sat, 14 Sep 2024 18:38:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-14 18:38:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49719	188.119.66.154	443	3160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-14 18:38:31 UTC	424	OUT	GET /favicon.ico HTTP/1.1 Host: account.access.online.wellsfarqoadvisor.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=9uf3g69jd2hiouar3tcgf0ksrg
2024-09-14 18:38:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 14 Sep 2024 18:38:31 GMT Server: Apache/2.4.41 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: ppath=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: stp=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Vary: Accept-Encoding Content-Length: 1272 Connection: close Content-Type: text/html; charset=UTF-8
2024-09-14 18:38:31 UTC	1272	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 20 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 2e 61 63 63 65 73 73 2e 6f 6e 6c 69 6e 65 2e 77 65 6c 6c 73 66 61 72 71 6f 61 64 76 69 73 6f 72 2e 63 6f 6d 2f 22 3e 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0d 0a 20 20 20 20 20 3c Data Ascii: <!DOCTYPE html><html lang="id" dir="ltr"><head> <base href="https://account.access.online.wellsfarqoadvisor.com/"> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2972, Parent PID: 1012

General

Target ID:	0
Start time:	14:38:17
Start date:	14/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3160, Parent PID: 2972

General

Target ID:	2
Start time:	14:38:22
Start date:	14/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,4462252843272814417,6517607694101189829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1968, Parent PID: 1012

General

Target ID:	3
Start time:	14:38:24
Start date:	14/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://account.access.online.wellsfarqoadvisor.com/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://account.access.online.wellsfarqoadvisor.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2972, Parent PID: 1012

General

Windows Analysis Report
https://account.access.online.wellsfarqoadvisor.com/