Edit tour

Windows Analysis Report
http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm

Overview

General Information

Sample URL:http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm
Analysis ID:1578559
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 7020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1948,i,14441669746614229273,7337423906425481173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 3432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVmHTTP Parser: No favicon
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm HTTP/1.1Host: url9385.sg.jbhunt.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: url9385.sg.jbhunt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: url9385.sg.jbhunt.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 21:18:24 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: classification engineClassification label: clean0.win@17/10@4/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1948,i,14441669746614229273,7337423906425481173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1948,i,14441669746614229273,7337423906425481173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1578559 URL: http://url9385.sg.jbhunt.co... Startdate: 19/12/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.16, 138, 443, 49450 unknown unknown 5->13 15 192.168.2.17 unknown unknown 5->15 17 2 other IPs or domains 5->17 10 chrome.exe 5->10         started        process4 dnsIp5 19 sendgrid.net 167.89.115.61, 49700, 49701, 80 SENDGRIDUS United States 10->19 21 www.google.com 172.217.19.228, 443, 49706, 49711 GOOGLEUS United States 10->21 23 url9385.sg.jbhunt.com 10->23

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
sendgrid.net
167.89.115.61
truefalse
    high
    www.google.com
    172.217.19.228
    truefalse
      high
      url9385.sg.jbhunt.com
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        http://url9385.sg.jbhunt.com/favicon.icofalse
          unknown
          http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVmfalse
            unknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            167.89.115.61
            sendgrid.netUnited States
            11377SENDGRIDUSfalse
            172.217.19.228
            www.google.comUnited States
            15169GOOGLEUSfalse
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            IP
            192.168.2.17
            192.168.2.16
            192.168.2.18
            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1578559
            Start date and time:2024-12-19 22:17:51 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 13s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Sample URL:http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:13
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean0.win@17/10@4/6
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.181.99, 64.233.164.84, 172.217.17.78, 23.32.238.74, 172.217.17.46, 142.250.181.142, 172.217.17.35, 172.217.19.206, 92.122.16.236, 172.202.163.200
            • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm
            No simulations
            No context
            No context
            No context
            No context
            No context
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 20:18:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2673
            Entropy (8bit):3.989822284061744
            Encrypted:false
            SSDEEP:48:8Yd4T8YwH5ZidAKZdA1FehwiZUklqehTy+3:8rvoIy
            MD5:AF8D6D715E9816D82424758ED9D11C0B
            SHA1:ECF0A0DEEDBD46DD7D6E6BA539F7A920BB362BD9
            SHA-256:9C0A3767A2ECC8A2632068BC6BDFE766C598A7F5439BF223F5EA1121D82F3091
            SHA-512:F78AB6A3AC0AD5FA3BDC4F0FC558E40723A3992FB003DE872FCFA1FF2E23B3F440F8E9DC672C6C21020CE6FA6C6347FFFAB1075A6912CFF016C76BD85BE4B2E3
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....W..[R..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YM............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............R......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 20:18:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2675
            Entropy (8bit):4.006690743693478
            Encrypted:false
            SSDEEP:48:8Zd4T8YwH5ZidAKZdA1seh/iZUkAQkqeh4y+2:8Uve9Q1y
            MD5:C080F46D1DF91BCCFAE8A0366CA66ADA
            SHA1:F8A70ECE62CDECCB5B792CA093FBCE06EE9410C8
            SHA-256:405A3F40751AAA933B51D5B3176CD16873B7071532EBCC537367B0FDE705CB8E
            SHA-512:1A7A54AF3EC0398D92D532B0FFA5F6FA225BEB2E62DDF72CA8461212A39577E1437B964822699CF9183213D2E7B8BB1CF0F7FFD1255C77101ECA44607DE9D950
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....."..[R..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YM............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............R......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2689
            Entropy (8bit):4.0123824215791535
            Encrypted:false
            SSDEEP:48:8ld4T8YAH5ZidAKZdA14meh7sFiZUkmgqeh7s6y+BX:8QvqnUy
            MD5:28E16DA68CEED73F0F0F5A2957610438
            SHA1:73493E94EA474875C6722A82D36A634062121D01
            SHA-256:03FF57A1C9071786490DC90AD0FB0512215B7745B200D76CCB5C2509A49EB513
            SHA-512:B16B7218E667D7551AFF4C91F622EDB776FBA3FA313E1F866C77AE701C2098014C8CA784836A283DFF0534D1AE49E3D621F4C153C2FF40AEB673E2BE4C272843
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............R......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 20:18:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):4.005032506995576
            Encrypted:false
            SSDEEP:48:8rxd4T8YwH5ZidAKZdA1TehDiZUkwqeh8y+R:84vVCy
            MD5:E3BAE65184F61AF73E80E8E55973FBB9
            SHA1:D4710A849579752D30FE9B8960D7748EB7F70C49
            SHA-256:0C1CFE591B76C29B45CA2BA4E486DB775D2CB06F74FCD08FF729D7ABD0ACA609
            SHA-512:A18DEECF3BABEADD44F2E6126F56212753F756DACC5E27C65271483D556142B5FECBFE054A8F5735923C599CA841E5FDD22FDC2305F4BF206A6602DB7BD9440A
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....|..[R..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YM............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............R......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 20:18:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9934056021293043
            Encrypted:false
            SSDEEP:48:8dd4T8YwH5ZidAKZdA1dehBiZUk1W1qehGy+C:8Ivl9my
            MD5:FD24AE95FD30B9C00E11BEE15B41385F
            SHA1:072AF338D33B69272020988BB61D76CB606A30D8
            SHA-256:30839741A20F4A9DDF6D325E84A05CEABA1CF89C078B2D9EACB5B633DA06334C
            SHA-512:6DC315C0B03E5AE3F2FB592EAC24412A253E009E21A78B347F18818318B000C7BA9A927445865B52F8CD932EBCEAA6C609522C16429BD97222121195E6FDF6A1
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,........[R..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YM............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............R......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 20:18:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):4.000627544920566
            Encrypted:false
            SSDEEP:48:8gd4T8YwH5ZidAKZdA1duTeehOuTbbiZUk5OjqehOuTbUy+yT+:8zvNTfTbxWOvTbUy7T
            MD5:28634B805584F634949ED0BE6193C96F
            SHA1:7DC7E0ED47585875462B502859C13F7902EE1AD7
            SHA-256:CE4D11EC73EC7D637FBEC12856EC2D664304AB4E7212EBB08B62A2A96D451569
            SHA-512:622E2538D9E8684E4A8F7276333E29C55B24452AF577F5DB77AC87542881DB838E1A5F0EF0FC4B49841447183EC3DD7DA850553E796DCFC762ECAA9593DEF2D3
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....U..[R..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YC.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YM............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............R......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with no line terminators
            Category:downloaded
            Size (bytes):291
            Entropy (8bit):4.477778146874743
            Encrypted:false
            SSDEEP:6:qzxUsjMR1X96b2+Ubghxc8le3rn9MGzMd4aa6++Oix9qD:kxBMR1knUkhGXpPoa6++3xMD
            MD5:F0C66914A58FC74FC98A7C9BB4C288F2
            SHA1:3E0E43F567138623CABFF91C14100D144AC56949
            SHA-256:54E173BE753D03B2C163CEBBEE02BE7F4BDC1D6663154D4D60A3833F7BA3436B
            SHA-512:7AEDAEBA112D43E2B2FF845355199A11A141D637C0306155BE2356AE297DF118D2C0D2768D44C35A1D89841DB428E95686E29E9D15DEADF4233F3713893514BF
            Malicious:false
            Reputation:low
            URL:http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm
            Preview:<html><head><title>Wrong Link</title></head><body><h1>Wrong Link</h1><p>You have clicked on an invalid link. Please make sure that you have typed the link correctly. If are copying this link from a mail reader please ensure that you have copied all the lines in the link.</p></body></html>
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with CRLF line terminators
            Category:downloaded
            Size (bytes):564
            Entropy (8bit):4.72971822420855
            Encrypted:false
            SSDEEP:12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc
            MD5:8E325DC2FEA7C8900FC6C4B8C6C394FE
            SHA1:1B3291D4EEA179C84145B2814CB53E6A506EC201
            SHA-256:0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2
            SHA-512:084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14
            Malicious:false
            Reputation:low
            URL:http://url9385.sg.jbhunt.com/favicon.ico
            Preview:<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
            No static file info

            Download Network PCAP: filteredfull

            • Total Packets: 50
            • 443 (HTTPS)
            • 80 (HTTP)
            • 53 (DNS)
            TimestampSource PortDest PortSource IPDest IP
            Dec 19, 2024 22:18:19.513015032 CET49673443192.168.2.16204.79.197.203
            Dec 19, 2024 22:18:19.815731049 CET49673443192.168.2.16204.79.197.203
            Dec 19, 2024 22:18:20.423773050 CET49673443192.168.2.16204.79.197.203
            Dec 19, 2024 22:18:21.637733936 CET49673443192.168.2.16204.79.197.203
            Dec 19, 2024 22:18:23.501075029 CET4970080192.168.2.16167.89.115.61
            Dec 19, 2024 22:18:23.501597881 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:18:23.621153116 CET8049700167.89.115.61192.168.2.16
            Dec 19, 2024 22:18:23.621721983 CET8049701167.89.115.61192.168.2.16
            Dec 19, 2024 22:18:23.621843100 CET4970080192.168.2.16167.89.115.61
            Dec 19, 2024 22:18:23.621907949 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:18:23.622128963 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:18:23.742201090 CET8049701167.89.115.61192.168.2.16
            Dec 19, 2024 22:18:24.046814919 CET49673443192.168.2.16204.79.197.203
            Dec 19, 2024 22:18:24.717593908 CET8049701167.89.115.61192.168.2.16
            Dec 19, 2024 22:18:24.762844086 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:18:24.777825117 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:18:24.897346973 CET8049701167.89.115.61192.168.2.16
            Dec 19, 2024 22:18:24.909198999 CET4969080192.168.2.16192.229.211.108
            Dec 19, 2024 22:18:25.096308947 CET8049701167.89.115.61192.168.2.16
            Dec 19, 2024 22:18:25.141784906 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:18:27.261363983 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:27.261425972 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:27.261497021 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:27.261734009 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:27.261751890 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:27.682199001 CET49678443192.168.2.1620.189.173.10
            Dec 19, 2024 22:18:27.982825994 CET49678443192.168.2.1620.189.173.10
            Dec 19, 2024 22:18:28.584819078 CET49678443192.168.2.1620.189.173.10
            Dec 19, 2024 22:18:28.854825974 CET49673443192.168.2.16204.79.197.203
            Dec 19, 2024 22:18:28.958473921 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:28.958769083 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:28.958834887 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:28.959852934 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:28.959949970 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:28.963483095 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:28.963570118 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:29.013854980 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:29.013906956 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:29.062835932 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:29.794821978 CET49678443192.168.2.1620.189.173.10
            Dec 19, 2024 22:18:32.156058073 CET4968080192.168.2.16192.229.211.108
            Dec 19, 2024 22:18:32.203915119 CET49678443192.168.2.1620.189.173.10
            Dec 19, 2024 22:18:32.458909988 CET4968080192.168.2.16192.229.211.108
            Dec 19, 2024 22:18:33.068532944 CET4968080192.168.2.16192.229.211.108
            Dec 19, 2024 22:18:34.279923916 CET4968080192.168.2.16192.229.211.108
            Dec 19, 2024 22:18:36.691900969 CET4968080192.168.2.16192.229.211.108
            Dec 19, 2024 22:18:37.009927034 CET49678443192.168.2.1620.189.173.10
            Dec 19, 2024 22:18:38.463936090 CET49673443192.168.2.16204.79.197.203
            Dec 19, 2024 22:18:38.653866053 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:38.653930902 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:38.654088020 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:40.588360071 CET49706443192.168.2.16172.217.19.228
            Dec 19, 2024 22:18:40.588387012 CET44349706172.217.19.228192.168.2.16
            Dec 19, 2024 22:18:41.496004105 CET4968080192.168.2.16192.229.211.108
            Dec 19, 2024 22:18:46.620063066 CET49678443192.168.2.1620.189.173.10
            Dec 19, 2024 22:18:51.109081030 CET4968080192.168.2.16192.229.211.108
            Dec 19, 2024 22:19:08.635355949 CET4970080192.168.2.16167.89.115.61
            Dec 19, 2024 22:19:08.755136013 CET8049700167.89.115.61192.168.2.16
            Dec 19, 2024 22:19:10.103435993 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:19:10.223325968 CET8049701167.89.115.61192.168.2.16
            Dec 19, 2024 22:19:23.944618940 CET4970080192.168.2.16167.89.115.61
            Dec 19, 2024 22:19:24.064917088 CET8049700167.89.115.61192.168.2.16
            Dec 19, 2024 22:19:24.065041065 CET4970080192.168.2.16167.89.115.61
            Dec 19, 2024 22:19:27.185693026 CET49711443192.168.2.16172.217.19.228
            Dec 19, 2024 22:19:27.185743093 CET44349711172.217.19.228192.168.2.16
            Dec 19, 2024 22:19:27.185842991 CET49711443192.168.2.16172.217.19.228
            Dec 19, 2024 22:19:27.186147928 CET49711443192.168.2.16172.217.19.228
            Dec 19, 2024 22:19:27.186161041 CET44349711172.217.19.228192.168.2.16
            Dec 19, 2024 22:19:28.972728014 CET44349711172.217.19.228192.168.2.16
            Dec 19, 2024 22:19:28.973119974 CET49711443192.168.2.16172.217.19.228
            Dec 19, 2024 22:19:28.973153114 CET44349711172.217.19.228192.168.2.16
            Dec 19, 2024 22:19:28.973680019 CET44349711172.217.19.228192.168.2.16
            Dec 19, 2024 22:19:28.973997116 CET49711443192.168.2.16172.217.19.228
            Dec 19, 2024 22:19:28.974090099 CET44349711172.217.19.228192.168.2.16
            Dec 19, 2024 22:19:29.022723913 CET49711443192.168.2.16172.217.19.228
            Dec 19, 2024 22:19:30.097496033 CET8049701167.89.115.61192.168.2.16
            Dec 19, 2024 22:19:30.097599983 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:19:30.591319084 CET4970180192.168.2.16167.89.115.61
            Dec 19, 2024 22:19:30.711170912 CET8049701167.89.115.61192.168.2.16
            Dec 19, 2024 22:19:38.689220905 CET44349711172.217.19.228192.168.2.16
            Dec 19, 2024 22:19:38.689311981 CET44349711172.217.19.228192.168.2.16
            Dec 19, 2024 22:19:38.689390898 CET49711443192.168.2.16172.217.19.228
            Dec 19, 2024 22:19:40.590585947 CET49711443192.168.2.16172.217.19.228
            Dec 19, 2024 22:19:40.590626001 CET44349711172.217.19.228192.168.2.16
            TimestampSource PortDest PortSource IPDest IP
            Dec 19, 2024 22:18:22.480206013 CET53585941.1.1.1192.168.2.16
            Dec 19, 2024 22:18:22.618448973 CET53605331.1.1.1192.168.2.16
            Dec 19, 2024 22:18:23.206150055 CET6105753192.168.2.161.1.1.1
            Dec 19, 2024 22:18:23.206290007 CET5543253192.168.2.161.1.1.1
            Dec 19, 2024 22:18:23.500219107 CET53610571.1.1.1192.168.2.16
            Dec 19, 2024 22:18:23.500473022 CET53554321.1.1.1192.168.2.16
            Dec 19, 2024 22:18:25.400691032 CET53563671.1.1.1192.168.2.16
            Dec 19, 2024 22:18:27.122637033 CET6494453192.168.2.161.1.1.1
            Dec 19, 2024 22:18:27.122776985 CET5237053192.168.2.161.1.1.1
            Dec 19, 2024 22:18:27.260169029 CET53523701.1.1.1192.168.2.16
            Dec 19, 2024 22:18:27.260421038 CET53649441.1.1.1192.168.2.16
            Dec 19, 2024 22:18:42.319834948 CET53494501.1.1.1192.168.2.16
            Dec 19, 2024 22:19:01.332856894 CET53522161.1.1.1192.168.2.16
            Dec 19, 2024 22:19:22.405539989 CET53635531.1.1.1192.168.2.16
            Dec 19, 2024 22:19:23.855186939 CET138138192.168.2.16192.168.2.255
            Dec 19, 2024 22:19:24.084999084 CET53624921.1.1.1192.168.2.16
            Dec 19, 2024 22:19:53.961884975 CET53567111.1.1.1192.168.2.16
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Dec 19, 2024 22:18:23.206150055 CET192.168.2.161.1.1.10xa9cStandard query (0)url9385.sg.jbhunt.comA (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.206290007 CET192.168.2.161.1.1.10xcb7cStandard query (0)url9385.sg.jbhunt.com65IN (0x0001)false
            Dec 19, 2024 22:18:27.122637033 CET192.168.2.161.1.1.10x48b3Standard query (0)www.google.comA (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:27.122776985 CET192.168.2.161.1.1.10x9a95Standard query (0)www.google.com65IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)url9385.sg.jbhunt.comsendgrid.netCNAME (Canonical name)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.115.61A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.115.77A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.115.78A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.115.120A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.115.150A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.118.83A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.118.61A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.118.62A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.115.56A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.118.95A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.118.109A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.118.120A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.118.128A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.115.52A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.115.28A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500219107 CET1.1.1.1192.168.2.160xa9cNo error (0)sendgrid.net167.89.118.52A (IP address)IN (0x0001)false
            Dec 19, 2024 22:18:23.500473022 CET1.1.1.1192.168.2.160xcb7cNo error (0)url9385.sg.jbhunt.comsendgrid.netCNAME (Canonical name)IN (0x0001)false
            Dec 19, 2024 22:18:27.260169029 CET1.1.1.1192.168.2.160x9a95No error (0)www.google.com65IN (0x0001)false
            Dec 19, 2024 22:18:27.260421038 CET1.1.1.1192.168.2.160x48b3No error (0)www.google.com172.217.19.228A (IP address)IN (0x0001)false
            • url9385.sg.jbhunt.com
            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.1649701167.89.115.61806328C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Dec 19, 2024 22:18:23.622128963 CET607OUTGET /ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm HTTP/1.1
            Host: url9385.sg.jbhunt.com
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Dec 19, 2024 22:18:24.717593908 CET489INHTTP/1.1 400 Bad Request
            Server: nginx
            Date: Thu, 19 Dec 2024 21:18:24 GMT
            Content-Type: text/html; charset=utf-8
            Content-Length: 291
            Connection: keep-alive
            X-Robots-Tag: noindex, nofollow
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 57 72 6f 6e 67 20 4c 69 6e 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 57 72 6f 6e 67 20 4c 69 6e 6b 3c 2f 68 31 3e 3c 70 3e 59 6f 75 20 68 61 76 65 20 63 6c 69 63 6b 65 64 20 6f 6e 20 61 6e 20 69 6e 76 61 6c 69 64 20 6c 69 6e 6b 2e 20 20 50 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 74 68 61 74 20 79 6f 75 20 68 61 76 65 20 74 79 70 65 64 20 74 68 65 20 6c 69 6e 6b 20 63 6f 72 72 65 63 74 6c 79 2e 20 20 49 66 20 61 72 65 20 63 6f 70 79 69 6e 67 20 74 68 69 73 20 6c 69 6e 6b 20 66 72 6f 6d 20 61 20 6d 61 69 6c 20 72 65 61 64 65 72 20 70 6c 65 61 73 65 20 65 6e 73 75 72 65 20 74 68 61 74 20 79 6f 75 20 68 61 76 65 20 63 6f 70 69 65 64 20 61 6c 6c 20 74 68 65 20 6c 69 6e 65 73 20 69 6e 20 74 68 65 20 6c 69 6e 6b 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
            Data Ascii: <html><head><title>Wrong Link</title></head><body><h1>Wrong Link</h1><p>You have clicked on an invalid link. Please make sure that you have typed the link correctly. If are copying this link from a mail reader please ensure that you have copied all the lines in the link.</p></body></html>
            Dec 19, 2024 22:18:24.777825117 CET557OUTGET /favicon.ico HTTP/1.1
            Host: url9385.sg.jbhunt.com
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Referer: http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Dec 19, 2024 22:18:25.096308947 CET712INHTTP/1.1 404 Not Found
            Server: nginx
            Date: Thu, 19 Dec 2024 21:18:24 GMT
            Content-Type: text/html
            Content-Length: 564
            Connection: keep-alive
            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
            Dec 19, 2024 22:19:10.103435993 CET6OUTData Raw: 00
            Data Ascii:


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.1649700167.89.115.61806328C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Dec 19, 2024 22:19:08.635355949 CET6OUTData Raw: 00
            Data Ascii:


            050100s020406080100

            Click to jump to process

            050100s0.0050100MB

            Click to jump to process

            Target ID:1
            Start time:16:18:21
            Start date:19/12/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff7f9810000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:2
            Start time:16:18:21
            Start date:19/12/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1948,i,14441669746614229273,7337423906425481173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff7f9810000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:3
            Start time:16:18:22
            Start date:19/12/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url9385.sg.jbhunt.com/ls/click?upn=u001.ZSe-2BqB89oX5FdnZieGxE36GxBXxg-2BuMtkJFfe90RgJ8GA-2BJyO2kWOd9pXKdTa-2FkjyawaQogc4B0chqhSpEOYbwMVuJ9G-2FeX02TV7tMCTHHucK-2BAb5TuWrSYSL7ONUqFk4iDkqsQ9m1GVm"
            Imagebase:0x7ff7f9810000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

            No disassembly