Edit tour

Windows Analysis Report
https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1

Overview

General Information

Sample URL:	https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1
Analysis ID:	1558745
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1836,i,7684385138663239875,8609565149209377674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6636 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 18:05:15 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Wed, 24 Aug 2022 05:35:06 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/html

Source: chromecache_60.2.dr	String found in binary or memory: http://code.jquery.com/jquery-3.3.1.min.js
Source: chromecache_60.2.dr	String found in binary or memory: http://gmpg.org/xfn/11

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.8:49725 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/12@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1836,i,7684385138663239875,8609565149209377674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1836,i,7684385138663239875,8609565149209377674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://recuperatuparejaus.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.185.68	true	false		high
recuperatuparejaus.com	108.167.149.240	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1	false		unknown
https://recuperatuparejaus.com/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://code.jquery.com/jquery-3.3.1.min.js	chromecache_60.2.dr	false		high
http://gmpg.org/xfn/11	chromecache_60.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
108.167.149.240	recuperatuparejaus.com	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1558745
Start date and time:	2024-11-19 19:04:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/12@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.185.174, 74.125.71.84, 34.104.35.123, 142.250.186.42, 216.58.206.74, 142.250.181.234, 142.250.185.202, 216.58.212.138, 142.250.185.234, 172.217.18.106, 142.250.185.106, 172.217.23.106, 216.58.206.42, 142.250.185.138, 142.250.185.170, 142.250.185.74, 142.250.186.138, 216.58.212.170, 142.250.186.74, 93.184.221.240, 192.229.221.95, 142.250.184.195
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 17:05:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.979135625446271
Encrypted:	false
SSDEEP:	48:8S0ddqT92nwlHpidAKZdA1oehwiZUklqehOy+3:8SXewUBy
MD5:	AF4C16532F72E93ED6B7E8681163FEE0
SHA1:	8B5A3BB093BF9020AFF34123C23CC1131B481E69
SHA-256:	EC63DBE14A9A98697E3BAF480A470F52D997C2E9C40A71FE9E2D3408E2BD5270
SHA-512:	28B8E3035AA5AAC88E24BC90744EC83991763A1800135602D52225D9462206660B86D212FD0EB429E06FFB394AA35838F558718C2BD1AB7194033135F19A8478
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IsY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........s........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 17:05:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.995170517524218
Encrypted:	false
SSDEEP:	48:8C0ddqT92nwlHpidAKZdA1leh/iZUkAQkqehxy+2:8CXewm9Qgy
MD5:	CDFD814BA3F86A587B383BE9423093E2
SHA1:	7D71DDB50D996B7749FBFA8E3A2E79CECD28AB3C
SHA-256:	1FD574F171D476F1F5DB54F9DFE260493DD5BFFF94B4F10F645CA3B912AC420F
SHA-512:	6970F2FA94E47FA843A223879BFBF7DCAA910644DC542CAE9EE91CE0CE15F1A85002536A4CB8E9846B35CE315386DD94663E152F4414EE7C3B104CC75C8397B4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....P...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IsY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........s........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005070421153507
Encrypted:	false
SSDEEP:	48:8l0ddqT92nwbHpidAKZdA14t5eh7sFiZUkmgqeh7sby+BX:8lXewcn1y
MD5:	21A07DB6E3A11B1E2CD93ACA77C0C162
SHA1:	144550BF4C3D6C47FEA8FF1576A7B5187F72A8F2
SHA-256:	6DBE83705D036D8CF3946600709D148751772F5AABDCD175E78C328D596B3FC4
SHA-512:	FE4971E728C81F2AA981F4C792DBD4AE0ECEE48A85849659570062789832E4ECBA2C6446466D3F9C7859BFC686B2F43FE1539F97649CA0C255079735A39EA369
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IsY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........s........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 17:05:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9942993545143928
Encrypted:	false
SSDEEP:	48:830ddqT92nwlHpidAKZdA16ehDiZUkwqehty+R:83Xew9Ty
MD5:	75A098912235411234E6085AE8E70199
SHA1:	DAB63E8D58B0AF4FF1194ED6CC4D093DA5E18568
SHA-256:	65A8F49C8CD2E23C7A2959C277A92F12973F8FFA54F5CAFE745020BC7B49657E
SHA-512:	E2953B2A5A24B8AB5F89AADF94D60DB7A786F3166ACBC4FCA5367B27946F494B2AAF767D7456B38F86B313D697DD87CEAD068BD3E39FB01307E360CC42734D54
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....z....:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IsY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........s........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 17:05:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9821643069336075
Encrypted:	false
SSDEEP:	48:8r0ddqT92nwlHpidAKZdA1UehBiZUk1W1qehvy+C:8rXew99Py
MD5:	417E2F3CC573E6293903E5424899038D
SHA1:	BE00F6CB03A62B4361D8050FA02D77539C9786C6
SHA-256:	756D7D6A85FBC772298FAC69CD5959E62A59FA4059688203DE35D36ABACD95A4
SHA-512:	BB8128A877023BE26353ECF1C5CBD18BED846E43BC43B595C8084CC4663BD85D2F4F242C65B298ADB9BE82A338CC3F22120C4F0C864986B427DEC3E6D732E8E4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....9...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IsY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........s........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 17:05:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9934871077029914
Encrypted:	false
SSDEEP:	48:8xx0ddqT92nwlHpidAKZdA1duTrehOuTbbiZUk5OjqehOuTb1y+yT+:87Xew6TYTbxWOvTb1y7T
MD5:	416F3285C7DEBD1BE07266A9E5746F96
SHA1:	2203E6BF7A0F9768E15479A7091CD2BE28C6A440
SHA-256:	E0B3C3262924B7B913C46A97D59B41E3C47C71E2B54181FED6022F867760CF2B
SHA-512:	B710F412522306645C0400454F51D139FCA726C64449605EDAA888590EC5269BFB6438AD720F94797F7A0B13EF7F45153991336CDBDDDC2F5E9E69FE33FF1F92
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....0...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IsY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........s........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (358)
Category:	downloaded
Size (bytes):	11816
Entropy (8bit):	5.037139572888145
Encrypted:	false
SSDEEP:	192:bpvXn2H25Zx48DNYGu6C9tdDOxktft1zQOPtaUrzvHlPuPQXGuV27BHplXtAUU/s:FvX2H25v4CYn6etFTBvhtv4IcpRtlU/s
MD5:	A8063BD37D3C8FB3176A6BF140558A4D
SHA1:	E32CF4B407DB3D3773DED13FF64B70FDBAD7735F
SHA-256:	BCCB23D41C2CC69CF0C7D22C4314CA8181A513C6999B73E45307792830F4E482
SHA-512:	82D749F6B17B21587FB345CA196A2AA83ECA80AD66ED9C1AB88B36709BED14175D53AFEFE9ACC0DAFC4FAD78FFB8DF155193A6829BC857AD6D68B1C84AF7B854
Malicious:	false
Reputation:	low
URL:	https://recuperatuparejaus.com/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head profile="http://gmpg.org/xfn/11">. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>404 - PAGE NOT FOUND</title>...... Add Slide Outs -->.....<script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> .....<script src="/cgi-sys/js/simple-expand.min.js"></script>. . <style type="text/css">. body{padding:0;margin:0;font-family:helvetica;}. #container{margin:20px auto;width:868px;}. #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;}. #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;}. #container #mid404 #gatorbottom{position:relative;left:39px;float:left;}. #

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.5
Encrypted:	false
SSDEEP:	3:H+rYn:D
MD5:	F1C9C44E663E7E62582E3F5B236C1C72
SHA1:	E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
SHA-256:	D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
SHA-512:	19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkLOK0yFdZ3ABIFDTcwqTA=?alt=proto
Preview:	CgkKBw03MKkwGgA=

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	5617
Entropy (8bit):	4.634296407837957
Encrypted:	false
SSDEEP:	48:tk7QQ09KndeKwB8pT9Pa5WmODx3iJBGARuvDb21CTyBp2s+c/7Bf8F92F3HmW9oy:rcdefBA9CqE/awgsnVfA2YsVnBHH
MD5:	9E65D2A3A47E5BC2E6511A6F6475EB7C
SHA1:	2E8F25283AE20E344F488307E150428770EDF0CE
SHA-256:	44F637EDFF8C3ED2BE8ABF08DAF0726C480D88DB9358293697BC618B245B2BFF
SHA-512:	A9168269946CFB3CFA64B5659E75D9B290E4729E1772F9BCC442B9E81A52EF10EA3C442747B8868292D51E36191D7381276EB457EC69B60C83DAD67F74108FF5
Malicious:	false
Reputation:	low
URL:	"https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1"
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Modern CAPTCHA Verification</title>.. <style>.. * {.. box-sizing: border-box;.. margin: 0;.. padding: 0;.. }.. body {.. font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;.. display: flex;.. justify-content: center;.. align-items: center;.. height: 100vh;.. background: linear-gradient(135deg, #f5f7fa 0%, #c3cfe2 100%);.. }.. .container {.. background-color: white;.. padding: 2rem;.. border-radius: 10px;.. box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);.. text-align: center;.. max-width: 400px;.. width: 100%;.. }.. h1 {.. color: #333;.. margin-bottom: 1.5rem;.. font-size:

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 19, 2024 19:05:05.626456022 CET	49671	443	192.168.2.8	204.79.197.203
Nov 19, 2024 19:05:05.954597950 CET	49677	80	192.168.2.8	192.229.211.108
Nov 19, 2024 19:05:06.923346996 CET	49673	443	192.168.2.8	23.206.229.226
Nov 19, 2024 19:05:07.251466036 CET	49672	443	192.168.2.8	23.206.229.226
Nov 19, 2024 19:05:14.024396896 CET	49676	443	192.168.2.8	52.182.143.211
Nov 19, 2024 19:05:15.073786974 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.073832035 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.073910952 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.074421883 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.074450970 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.074594975 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.074867964 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.074887991 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.075274944 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.075294971 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.580444098 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.581861019 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.583540916 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.583549976 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.583976030 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.583997965 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.584783077 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.584858894 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.585057020 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.585127115 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.592117071 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.592315912 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.594875097 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.595016956 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.595046997 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.595062017 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.644944906 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.644963026 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.697398901 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.705789089 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.731041908 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.731076956 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.731086969 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.731132030 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.731152058 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.731167078 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.731173992 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.731210947 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.865202904 CET	49711	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.865233898 CET	443	49711	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:15.914463043 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:15.955339909 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038078070 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038152933 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038175106 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038193941 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038292885 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:16.038314104 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038331032 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038402081 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:16.038402081 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:16.038412094 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038526058 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.038536072 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:16.038597107 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:16.076663971 CET	49710	443	192.168.2.8	108.167.149.240
Nov 19, 2024 19:05:16.076688051 CET	443	49710	108.167.149.240	192.168.2.8
Nov 19, 2024 19:05:16.533814907 CET	49673	443	192.168.2.8	23.206.229.226
Nov 19, 2024 19:05:16.580725908 CET	49677	80	192.168.2.8	192.229.211.108
Nov 19, 2024 19:05:16.865247965 CET	49672	443	192.168.2.8	23.206.229.226
Nov 19, 2024 19:05:17.421188116 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:17.421231985 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:17.421297073 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:17.421598911 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:17.421617031 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:18.070034981 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:18.070060968 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:18.070127010 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:18.072657108 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:18.072671890 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:18.077645063 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:18.085992098 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:18.086015940 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:18.087100983 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:18.087277889 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:18.093205929 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:18.093319893 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:18.134126902 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:18.134138107 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:18.181117058 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:18.786556959 CET	443	49704	23.206.229.226	192.168.2.8
Nov 19, 2024 19:05:18.786633968 CET	49704	443	192.168.2.8	23.206.229.226
Nov 19, 2024 19:05:18.802388906 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:18.802460909 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:18.805094957 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:18.805104971 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:18.805418968 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:18.842900991 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:18.883332014 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.123066902 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.123377085 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.123496056 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.123631001 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.123641968 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.123653889 CET	49718	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.123658895 CET	443	49718	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.154555082 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.154613018 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.154705048 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.155735970 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.155759096 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.854243040 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.854329109 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.855489016 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.855519056 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.855772972 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:19.857074976 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:19.899353981 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:20.183614016 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:20.183681965 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:20.183741093 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:20.184431076 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:20.184473038 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:20.184509993 CET	49719	443	192.168.2.8	184.28.90.27
Nov 19, 2024 19:05:20.184526920 CET	443	49719	184.28.90.27	192.168.2.8
Nov 19, 2024 19:05:27.018352032 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:27.018416882 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:27.018496990 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:27.019679070 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:27.019694090 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:27.810091972 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:27.810190916 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:27.815946102 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:27.815989971 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:27.816323996 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:27.868714094 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:27.991050959 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:27.991127968 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:05:27.991174936 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:28.643733978 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:28.687338114 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.902988911 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903016090 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903023005 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903037071 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903047085 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903054953 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903070927 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:28.903104067 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903131962 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:28.903152943 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:28.903218985 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903274059 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:28.903281927 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903557062 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:28.903608084 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:29.679447889 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:29.679493904 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:29.679517031 CET	49720	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:05:29.679527044 CET	443	49720	4.245.163.56	192.168.2.8
Nov 19, 2024 19:05:29.729533911 CET	49717	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:05:29.729574919 CET	443	49717	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:06.181101084 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:06.181200981 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:06.181293964 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:06.185030937 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:06.185060978 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:06.975848913 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:06.976110935 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:06.979063034 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:06.979077101 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:06.979329109 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:06.983251095 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:07.027340889 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.305567980 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.305593967 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.305607080 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.305845022 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:07.305911064 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.305974007 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:07.306670904 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.306705952 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.306740999 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:07.306776047 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.306797028 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.306807995 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:07.306859016 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:07.308975935 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:07.309015036 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:07.309065104 CET	49725	443	192.168.2.8	4.245.163.56
Nov 19, 2024 19:06:07.309078932 CET	443	49725	4.245.163.56	192.168.2.8
Nov 19, 2024 19:06:17.480211973 CET	49727	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:06:17.480276108 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:17.480377913 CET	49727	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:06:17.480701923 CET	49727	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:06:17.480715990 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:18.129321098 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:18.129772902 CET	49727	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:06:18.129805088 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:18.130160093 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:18.130582094 CET	49727	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:06:18.130661964 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:18.196563959 CET	49727	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:06:28.040810108 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:28.040885925 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:28.040970087 CET	49727	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:06:29.729392052 CET	49727	443	192.168.2.8	142.250.185.68
Nov 19, 2024 19:06:29.729424000 CET	443	49727	142.250.185.68	192.168.2.8
Nov 19, 2024 19:06:33.297998905 CET	443	49703	13.107.246.60	192.168.2.8
Nov 19, 2024 19:06:33.298154116 CET	443	49703	13.107.246.60	192.168.2.8
Nov 19, 2024 19:06:33.298194885 CET	49703	443	192.168.2.8	13.107.246.60
Nov 19, 2024 19:06:33.298855066 CET	49703	443	192.168.2.8	13.107.246.60
Nov 19, 2024 19:06:33.299396992 CET	443	49703	13.107.246.60	192.168.2.8
Nov 19, 2024 19:06:33.299441099 CET	49703	443	192.168.2.8	13.107.246.60
Nov 19, 2024 19:06:33.303714991 CET	443	49703	13.107.246.60	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 19, 2024 19:05:13.552227974 CET	53	55546	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:13.557306051 CET	53	53885	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:14.644555092 CET	53	54925	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:14.854021072 CET	57541	53	192.168.2.8	1.1.1.1
Nov 19, 2024 19:05:14.855950117 CET	50036	53	192.168.2.8	1.1.1.1
Nov 19, 2024 19:05:15.069897890 CET	53	57541	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:15.073028088 CET	53	50036	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:15.922068119 CET	53	60168	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:17.413044930 CET	63029	53	192.168.2.8	1.1.1.1
Nov 19, 2024 19:05:17.413180113 CET	55543	53	192.168.2.8	1.1.1.1
Nov 19, 2024 19:05:17.420263052 CET	53	55543	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:17.420288086 CET	53	63029	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:31.706187963 CET	53	54316	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:50.644226074 CET	53	55874	1.1.1.1	192.168.2.8
Nov 19, 2024 19:05:54.781203032 CET	138	138	192.168.2.8	192.168.2.255
Nov 19, 2024 19:06:12.940804005 CET	53	54208	1.1.1.1	192.168.2.8
Nov 19, 2024 19:06:13.174685955 CET	53	55815	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 19, 2024 19:05:14.854021072 CET	192.168.2.8	1.1.1.1	0x3a06	Standard query (0)	recuperatuparejaus.com	A (IP address)	IN (0x0001)	false
Nov 19, 2024 19:05:14.855950117 CET	192.168.2.8	1.1.1.1	0xdef7	Standard query (0)	recuperatuparejaus.com	65	IN (0x0001)	false
Nov 19, 2024 19:05:17.413044930 CET	192.168.2.8	1.1.1.1	0xe258	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 19, 2024 19:05:17.413180113 CET	192.168.2.8	1.1.1.1	0x88f8	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 19, 2024 19:05:15.069897890 CET	1.1.1.1	192.168.2.8	0x3a06	No error (0)	recuperatuparejaus.com	108.167.149.240	A (IP address)	IN (0x0001)	false
Nov 19, 2024 19:05:17.420263052 CET	1.1.1.1	192.168.2.8	0x88f8	No error (0)	www.google.com		65	IN (0x0001)	false
Nov 19, 2024 19:05:17.420288086 CET	1.1.1.1	192.168.2.8	0xe258	No error (0)	www.google.com	142.250.185.68	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

recuperatuparejaus.com

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49711	108.167.149.240	443	2140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 18:05:15 UTC	824	OUT	GET /?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1 HTTP/1.1 Host: recuperatuparejaus.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-19 18:05:15 UTC	255	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 18:05:15 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Oct 2024 10:09:06 GMT Accept-Ranges: bytes Content-Length: 5617 Vary: Accept-Encoding Content-Type: text/html
2024-11-19 18:05:15 UTC	5617	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 6f 64 65 72 6e 20 43 41 50 54 43 48 41 20 56 65 72 69 66 69 63 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 2a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Modern CAPTCHA Verification</title> <style> * { box-sizing: border-box

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49710	108.167.149.240	443	2140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 18:05:15 UTC	759	OUT	GET /favicon.ico HTTP/1.1 Host: recuperatuparejaus.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-19 18:05:16 UTC	263	IN	HTTP/1.1 404 Not Found Date: Tue, 19 Nov 2024 18:05:15 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 Aug 2022 05:35:06 GMT Accept-Ranges: bytes Content-Length: 11816 Vary: Accept-Encoding Content-Type: text/html
2024-11-19 18:05:16 UTC	7929	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ
2024-11-19 18:05:16 UTC	3887	IN	Data Raw: 69 74 65 43 6f 6e 64 20 25 7b 52 45 51 55 45 53 54 5f 46 49 4c 45 4e 41 4d 45 7d 20 21 2d 64 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 52 65 77 72 69 74 65 52 75 6c 65 20 2e 20 2f 69 6e 64 65 78 2e 70 68 70 20 5b 4c 5d 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 26 6c 74 3b 2f 49 66 4d 6f 64 75 6c 65 26 67 74 3b 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 23 20 45 6e 64 20 57 6f 72 64 50 72 65 73 73 0a 09 09 09 09 09 09 09 09 09 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 72 20 62 6c 6f 67 20 69 73 20 73 68 6f 77 69 6e 67 20 74 68 65 20 77 72 6f 6e 67 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 6e 20 6c 69 6e 6b 73 2c 20 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 61 6e 6f 74 68 65 Data Ascii: iteCond %{REQUEST_FILENAME} !-d<br>RewriteRule . /index.php [L]<br></IfModule><br># End WordPress</p></div><p>If your blog is showing the wrong domain name in links, redirecting to anothe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49718	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 18:05:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-19 18:05:19 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF4C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=81605 Date: Tue, 19 Nov 2024 18:05:19 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49719	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 18:05:19 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-19 18:05:20 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=81565 Date: Tue, 19 Nov 2024 18:05:20 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-19 18:05:20 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49720	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 18:05:28 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vfX9C1prcFHTmxB&MD=Bma+3a9c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-19 18:05:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: cf0df75a-c2f9-400f-9eaf-a9ec992cb8a4 MS-RequestId: 9d0877f5-092e-4b4a-90e4-7037c931fc38 MS-CV: 8IDrqHqTpEO5lXHP.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 19 Nov 2024 18:05:27 GMT Connection: close Content-Length: 24490
2024-11-19 18:05:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-19 18:05:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49725	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 18:06:06 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vfX9C1prcFHTmxB&MD=Bma+3a9c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-19 18:06:07 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 4b5bd7aa-1563-47d1-931c-861a3ba02d62 MS-RequestId: 2e89c388-cbb2-491f-91a7-0e1c3c99921e MS-CV: 9IOVOhufw0uFe5P4.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 19 Nov 2024 18:06:06 GMT Connection: close Content-Length: 30005
2024-11-19 18:06:07 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-19 18:06:07 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5544, Parent PID: 3560

General

Target ID:	0
Start time:	13:05:09
Start date:	19/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2140, Parent PID: 5544

General

Target ID:	2
Start time:	13:05:11
Start date:	19/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1836,i,7684385138663239875,8609565149209377674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6636, Parent PID: 3560

General

Target ID:	3
Start time:	13:05:14
Start date:	19/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1	HTTP Parser: No favicon
Source: https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1	HTTP Parser: No favicon
Source: https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1	HTTP Parser: No favicon

Source: global traffic	HTTP traffic detected: GET /?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1 HTTP/1.1Host: recuperatuparejaus.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: recuperatuparejaus.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vfX9C1prcFHTmxB&MD=Bma+3a9c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vfX9C1prcFHTmxB&MD=Bma+3a9c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: recuperatuparejaus.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5544, Parent PID: 3560

General

Chronological Activities

Analysis Process: chrome.exePID: 2140, Parent PID: 5544

Windows Analysis Report
https://recuperatuparejaus.com/?uid=ZHJhbW9zQHVtY3Uub3Jn&c=E,1,gIigDmv3Ge__15ZsHFO2F_7s0MTAM65szUdcHF3bZeNuRQdIn6ePwWDfyH0GEHwhW9SoPznpH32kWtCKKEM4HkmCRe4ihABFBxjj8Q4ZVX2ScgE9C7zhg50,&typo=1