Edit tour

Windows Analysis Report
tmpAE4B.HTmL.html

Overview

General Information

Sample name:	tmpAE4B.HTmL.html
Analysis ID:	1583120
MD5:	41f5b723ea469bc0c87031c3e05cda42
SHA1:	41678f4f14d0a25a1776443133477a4152a043e5
SHA256:	93d1b7852b31c719183f3a2f0ab9bac024eccee79ec78920e7694eba716fd7f9
Tags:	htmluser-cocaman
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish10

HTML file submission containing password form

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Suricata IDS alerts with low severity for network traffic

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\tmpAE4B.HTmL.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2248,i,7185164192713812909,7523031163983281264,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
tmpAE4B.HTmL.html	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Possible Successful Generic Phish July 28

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-01T22:51:21.754642+0100	2812237	1	Successful Credential Theft Detected	192.168.2.4	49752	130.185.81.111	443	TCP
2025-01-01T22:51:45.408297+0100	2812237	1	Successful Credential Theft Detected	192.168.2.4	49756	130.185.81.111	443	TCP
2025-01-01T22:52:11.539913+0100	2812237	1	Successful Credential Theft Detected	192.168.2.4	49832	130.185.81.111	443	TCP
2025-01-01T22:52:37.777248+0100	2812237	1	Successful Credential Theft Detected	192.168.2.4	50000	130.185.81.111	443	TCP
2025-01-01T22:53:04.875267+0100	2812237	1	Successful Credential Theft Detected	192.168.2.4	50030	130.185.81.111	443	TCP
2025-01-01T22:53:38.140920+0100	2812237	1	Successful Credential Theft Detected	192.168.2.4	50034	130.185.81.111	443	TCP
2025-01-01T22:54:01.105720+0100	2812237	1	Successful Credential Theft Detected	192.168.2.4	50035	130.185.81.111	443	TCP

HTTP traffic detected: POST /NPO/excelaccess.php HTTP/1.1Host: gruposafety.cvConnection: keep-aliveContent-Length: 60Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: nullContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: tmpAE4B.HTmL.html

String found in binary or memory: https://gruposafety.cv/NPO/excelaccess.php

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: classification engine

Classification label: mal68.phis.winHTML@38/14@6/7

Source: tmpAE4B.HTmL.html

ReversingLabs: Detection: 13%

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\tmpAE4B.HTmL.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2248,i,7185164192713812909,7523031163983281264,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2248,i,7185164192713812909,7523031163983281264,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html

HTTP Parser: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
tmpAE4B.HTmL.html	13%	ReversingLabs	Document-HTML.Trojan.Heuristic

Source	Detection	Scanner	Label
file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	0%	Avira URL Cloud	safe
https://gruposafety.cv/NPO/excelaccess.php	0%	Avira URL Cloud	safe
https://gruposafety.cv/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.185.228	true	false		high
gruposafety.cv	130.185.81.111	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	true	Avira URL Cloud: safe	unknown
https://gruposafety.cv/NPO/excelaccess.php	false	Avira URL Cloud: safe	unknown
https://gruposafety.cv/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
130.185.81.111	gruposafety.cv	Portugal	24768	ALMOUROLTECPT	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.23
192.168.2.15

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583120
Start date and time:	2025-01-01 22:50:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	tmpAE4B.HTmL.html
Detection:	MAL
Classification:	mal68.phis.winHTML@38/14@6/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.185.110, 64.233.166.84, 172.217.18.14, 142.250.185.238, 142.250.185.174, 142.250.186.42, 142.250.74.202, 142.250.184.234, 142.250.186.106, 142.250.186.74, 142.250.185.74, 172.217.18.10, 142.250.186.138, 216.58.206.74, 216.58.212.170, 172.217.23.106, 142.250.185.170, 142.250.185.106, 142.250.185.138, 172.217.16.202, 142.250.185.202, 199.232.214.172, 192.229.221.95, 142.250.181.238, 142.250.74.206, 172.217.16.142, 142.250.184.227, 142.250.186.78, 142.250.185.206, 142.250.185.142, 142.250.185.78, 184.28.90.27, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information

Input	Output
URL: https://gruposafety.cv/NPO/excelaccess.php... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a simple alert message informing the user of an invalid password, followed by a redirect to the previous page. This behavior is relatively benign and does not exhibit any high-risk indicators. However, the use of `window.history.go(-1)` to redirect the user could potentially be used for malicious purposes, such as tricking the user into revisiting a malicious page. Overall, the risk score is low, but the script should be further reviewed in the context of the entire application." }
alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);
URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://
URL: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To view secured document, click here", "prominent_button_name": "", "text_input_field_labels": [ "urs.lustenberger@lgpartner.ch", "********" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To view secured document, click here", "prominent_button_name": "", "text_input_field_labels": [ "urs.lustenberger@lgpartner.ch", "********" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html Model: Joe Sandbox AI	{ "brands": [ "Cytiva" ] }
	{ "brands": [ "Cytiva" ] }
URL: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html Model: Joe Sandbox AI	{ "brands": [ "Cytiva" ] }
	{ "brands": [ "Cytiva" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	01012025.html	Get hash	malicious	HTMLPhisher	Browse
	https://mmm.askfollow.us/#CRD	Get hash	malicious	Unknown	Browse
	http://l.instagram.com/?0bfd7a413579bfc47b11c1f19890162e=f171d759fb3a033e4eb430517cad3aef&e=ATP3gbWvTZYJbEDeh7rUkhPx4FjctqZcqx8JLHQOt3eCFNBI8ssZ853B2RmMWetLJ63KaZJU&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8X	Get hash	malicious	Unknown	Browse
	https://t.co/YjyGioQuKT	Get hash	malicious	Unknown	Browse
	http://tracking.b2bmktvault.com/tracking/click?d=qPk_c18mu4tAnpVkjkvM74XnWEgCEJFMr0kmnRaZVETZIbfUm-V7axMnjqAoCLnqzaVyNRK36FUkPva8vnzGVvH9cqu1JpLb-vxN3FkjjYhK51_3JrkS14Hcuqb1FOJE1bnSPADYUAMl8knPwYz7btXcOUX9DY4_AjytTbLRGEQ0R8vUhh6vaa-KBtd0YdWGVJFQli_mKczqrYpzYk33dCMwBXQR8R8u2JajJsC51OFcIlRSs_l3i1d9MQf5ZYWuxV_Ytx1pTi2iUY6P97JH0U81	Get hash	malicious	Unknown	Browse
	http://tracking.b2bmktvault.com/tracking/click?d=qPk_c18mu4tAnpVkjkvM74XnWEgCEJFMr0kmnRaZVETZIbfUm-V7axMnjqAoCLnqzaVyNRK36FUkPva8vnzGVvH9cqu1JpLb-vxN3FkjjYhK51_3JrkS14Hcuqb1FOJE1bnSPADYUAMl8knPwYz7btXcOUX9DY4_AjytTbLRGEQ0R8vUhh6vaa-KBtd0YdWGu732v1MZ_EelGtWldAkkdtYGfnD-GIQEN8fgQfvllyKpzr3-J0fwpuBZsUPy3J_TvPM8sfKRevcMTcDv6eAynng1	Get hash	malicious	Unknown	Browse
	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Xmrig	Browse
	snmpapi.exe	Get hash	malicious	Braodo	Browse
	https://gogl.to/3HGT	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	snmpapi.exe	Get hash	malicious	Braodo	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ALMOUROLTECPT	db0fa4b8db0333367e9bda3ab68b8042.sh4.elf	Get hash	malicious	Mirai, Gafgyt	Browse	94.46.181.108
	armv7l.elf	Get hash	malicious	Unknown	Browse	94.46.181.138
	5.msi	Get hash	malicious	DanaBot, Nitol	Browse	185.174.135.68
	1.e	Get hash	malicious	DanaBot	Browse	185.174.135.68
	sh4.elf	Get hash	malicious	Unknown	Browse	94.46.130.237
	xd.mpsl.elf	Get hash	malicious	Mirai	Browse	94.46.181.107
	https://adrianocarreira.com/team/index.html	Get hash	malicious	HTMLPhisher	Browse	94.46.167.218
	https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1	Get hash	malicious	Unknown	Browse	94.46.183.96
	http://schneider.com.staffrecords-2024xsowi-dxeobyoji.aluminiosbarros.pt/	Get hash	malicious	Unknown	Browse	94.46.180.190
	http://nakheel.com.staffrecords-2024auaqc-iqodlfdhb.copypremium.com/?staffrecords/2024/=c2FiaWthLmFiaWRAbmFraGVlbC5jb20=	Get hash	malicious	Unknown	Browse	94.46.180.190

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	114
Entropy (8bit):	4.809123192083323
Encrypted:	false
SSDEEP:	3:gV7gx0A/F1JhWAAAISAL7A3dAlaSa8FcAUMBc7Mv:sU0EFxAAv076dAESaMUMBYMv
MD5:	CE4E323CD29BC7FDAB5FDA6C809D2602
SHA1:	62A36CC9255A14241D69F83A17E8031CAB3FAA9F
SHA-256:	3F1FD2910CD2940B53728A42F16C3F9E35EE61882A7537AF322250E889F21560
SHA-512:	A8F337B13559C21EFE629D3050ECBC957E7465861B61939C2DEC14A16FE408652BAD307E9D1337035FC3A968770961C94B9F9928B45AE6EC096B7315E2A48A50
Malicious:	false
Reputation:	low
URL:	https://gruposafety.cv/NPO/excelaccess.php
Preview:	<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>..

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	114
Entropy (8bit):	4.809123192083323
Encrypted:	false
SSDEEP:	3:gV7gx0A/F1JhWAAAISAL7A3dAlaSa8FcAUMBc7Mv:sU0EFxAAv076dAESaMUMBYMv
MD5:	CE4E323CD29BC7FDAB5FDA6C809D2602
SHA1:	62A36CC9255A14241D69F83A17E8031CAB3FAA9F
SHA-256:	3F1FD2910CD2940B53728A42F16C3F9E35EE61882A7537AF322250E889F21560
SHA-512:	A8F337B13559C21EFE629D3050ECBC957E7465861B61939C2DEC14A16FE408652BAD307E9D1337035FC3A968770961C94B9F9928B45AE6EC096B7315E2A48A50
Malicious:	false
Reputation:	low
URL:	https://gruposafety.cv/NPO/excelaccess.php
Preview:	<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>..

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	114
Entropy (8bit):	4.809123192083323
Encrypted:	false
SSDEEP:	3:gV7gx0A/F1JhWAAAISAL7A3dAlaSa8FcAUMBc7Mv:sU0EFxAAv076dAESaMUMBYMv
MD5:	CE4E323CD29BC7FDAB5FDA6C809D2602
SHA1:	62A36CC9255A14241D69F83A17E8031CAB3FAA9F
SHA-256:	3F1FD2910CD2940B53728A42F16C3F9E35EE61882A7537AF322250E889F21560
SHA-512:	A8F337B13559C21EFE629D3050ECBC957E7465861B61939C2DEC14A16FE408652BAD307E9D1337035FC3A968770961C94B9F9928B45AE6EC096B7315E2A48A50
Malicious:	false
Reputation:	low
URL:	https://gruposafety.cv/NPO/excelaccess.php
Preview:	<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>..

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	114
Entropy (8bit):	4.809123192083323
Encrypted:	false
SSDEEP:	3:gV7gx0A/F1JhWAAAISAL7A3dAlaSa8FcAUMBc7Mv:sU0EFxAAv076dAESaMUMBYMv
MD5:	CE4E323CD29BC7FDAB5FDA6C809D2602
SHA1:	62A36CC9255A14241D69F83A17E8031CAB3FAA9F
SHA-256:	3F1FD2910CD2940B53728A42F16C3F9E35EE61882A7537AF322250E889F21560
SHA-512:	A8F337B13559C21EFE629D3050ECBC957E7465861B61939C2DEC14A16FE408652BAD307E9D1337035FC3A968770961C94B9F9928B45AE6EC096B7315E2A48A50
Malicious:	false
Reputation:	low
URL:	https://gruposafety.cv/NPO/excelaccess.php
Preview:	<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>..

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	114
Entropy (8bit):	4.809123192083323
Encrypted:	false
SSDEEP:	3:gV7gx0A/F1JhWAAAISAL7A3dAlaSa8FcAUMBc7Mv:sU0EFxAAv076dAESaMUMBYMv
MD5:	CE4E323CD29BC7FDAB5FDA6C809D2602
SHA1:	62A36CC9255A14241D69F83A17E8031CAB3FAA9F
SHA-256:	3F1FD2910CD2940B53728A42F16C3F9E35EE61882A7537AF322250E889F21560
SHA-512:	A8F337B13559C21EFE629D3050ECBC957E7465861B61939C2DEC14A16FE408652BAD307E9D1337035FC3A968770961C94B9F9928B45AE6EC096B7315E2A48A50
Malicious:	false
URL:	https://gruposafety.cv/NPO/excelaccess.php
Preview:	<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>..

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	114
Entropy (8bit):	4.809123192083323
Encrypted:	false
SSDEEP:	3:gV7gx0A/F1JhWAAAISAL7A3dAlaSa8FcAUMBc7Mv:sU0EFxAAv076dAESaMUMBYMv
MD5:	CE4E323CD29BC7FDAB5FDA6C809D2602
SHA1:	62A36CC9255A14241D69F83A17E8031CAB3FAA9F
SHA-256:	3F1FD2910CD2940B53728A42F16C3F9E35EE61882A7537AF322250E889F21560
SHA-512:	A8F337B13559C21EFE629D3050ECBC957E7465861B61939C2DEC14A16FE408652BAD307E9D1337035FC3A968770961C94B9F9928B45AE6EC096B7315E2A48A50
Malicious:	false
URL:	https://gruposafety.cv/NPO/excelaccess.php
Preview:	<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>..

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	114
Entropy (8bit):	4.809123192083323
Encrypted:	false
SSDEEP:	3:gV7gx0A/F1JhWAAAISAL7A3dAlaSa8FcAUMBc7Mv:sU0EFxAAv076dAESaMUMBYMv
MD5:	CE4E323CD29BC7FDAB5FDA6C809D2602
SHA1:	62A36CC9255A14241D69F83A17E8031CAB3FAA9F
SHA-256:	3F1FD2910CD2940B53728A42F16C3F9E35EE61882A7537AF322250E889F21560
SHA-512:	A8F337B13559C21EFE629D3050ECBC957E7465861B61939C2DEC14A16FE408652BAD307E9D1337035FC3A968770961C94B9F9928B45AE6EC096B7315E2A48A50
Malicious:	false
URL:	https://gruposafety.cv/NPO/excelaccess.php
Preview:	<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>..

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (62521), with CRLF line terminators
Entropy (8bit):	5.807048481166668
TrID:	HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11001/1) 32.35%
File name:	tmpAE4B.HTmL.html
File size:	278'186 bytes
MD5:	41f5b723ea469bc0c87031c3e05cda42
SHA1:	41678f4f14d0a25a1776443133477a4152a043e5
SHA256:	93d1b7852b31c719183f3a2f0ab9bac024eccee79ec78920e7694eba716fd7f9
SHA512:	f8a6fd0bbb7308db5361e05e7a958295e52bc90f823da406b3f3915f2f656a46c6ed7cd5f544e78c06bd3d88b37417da7c3a0b2633cae988ba374eb0d6a85ec1
SSDEEP:	6144:Bi4yZ+cgSg5XPDxoKROpUCcvJN2MppppO/:Bi4ugSw/D9QUYV/
TLSH:	FC44D6F62283CDD9386C761333299E6A8EF736872B647C3066BC72A1B540067195BC77
File Content Preview:	<!doctype html>..<html>..<title>m.s - lgpartner.ch</title>..<meta name=generator content="mshtml 11.00.10570.1001">..</head>..<style>..body {..margin: 0;..font-family: Trebuchet MS;..}...topnav {..overflow: hidden;..background-color: #333;..}...topnav a {

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-01T22:51:21.754642+0100	2812237	ETPRO PHISHING Possible Successful Generic Phish July 28	1	192.168.2.4	49752	130.185.81.111	443	TCP
2025-01-01T22:51:45.408297+0100	2812237	ETPRO PHISHING Possible Successful Generic Phish July 28	1	192.168.2.4	49756	130.185.81.111	443	TCP
2025-01-01T22:52:11.539913+0100	2812237	ETPRO PHISHING Possible Successful Generic Phish July 28	1	192.168.2.4	49832	130.185.81.111	443	TCP
2025-01-01T22:52:37.777248+0100	2812237	ETPRO PHISHING Possible Successful Generic Phish July 28	1	192.168.2.4	50000	130.185.81.111	443	TCP
2025-01-01T22:53:04.875267+0100	2812237	ETPRO PHISHING Possible Successful Generic Phish July 28	1	192.168.2.4	50030	130.185.81.111	443	TCP
2025-01-01T22:53:38.140920+0100	2812237	ETPRO PHISHING Possible Successful Generic Phish July 28	1	192.168.2.4	50034	130.185.81.111	443	TCP
2025-01-01T22:54:01.105720+0100	2812237	ETPRO PHISHING Possible Successful Generic Phish July 28	1	192.168.2.4	50035	130.185.81.111	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 22:50:55.609895945 CET	49675	443	192.168.2.4	173.222.162.32
Jan 1, 2025 22:51:05.361183882 CET	49675	443	192.168.2.4	173.222.162.32
Jan 1, 2025 22:51:09.039705992 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:09.039757013 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:09.039830923 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:09.040033102 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:09.040047884 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:09.702475071 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:09.702783108 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:09.702807903 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:09.703680992 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:09.703733921 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:09.704976082 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:09.705038071 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:09.751172066 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:09.751182079 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:09.800183058 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:19.612540007 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:19.612591028 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:19.612658024 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:19.956926107 CET	49737	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:51:19.956953049 CET	443	49737	142.250.185.228	192.168.2.4
Jan 1, 2025 22:51:20.582488060 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:20.582530975 CET	443	49751	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:20.582581997 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:20.582870007 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:20.582885027 CET	443	49751	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:20.583246946 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:20.583276987 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:20.583342075 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:20.583548069 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:20.583561897 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.273473978 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.273727894 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.273756981 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.274734020 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.275742054 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.275742054 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.275810957 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.276017904 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.276026964 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.320334911 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.340773106 CET	443	49751	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.340980053 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.340996027 CET	443	49751	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.341998100 CET	443	49751	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.342329025 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.342329025 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.342391014 CET	443	49751	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.384370089 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.384378910 CET	443	49751	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.429807901 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.754671097 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.754744053 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:21.755012035 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.757126093 CET	49752	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:21.757147074 CET	443	49752	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:32.371948004 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:32.373341084 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:32.373394012 CET	443	49751	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:32.373459101 CET	49751	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.248367071 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.248414040 CET	443	49755	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.248495102 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.248569012 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.248621941 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.248676062 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.249068022 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.249083042 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.249202013 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.249213934 CET	443	49755	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.915797949 CET	443	49755	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.921958923 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.959867001 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.959889889 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.959954977 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.959980011 CET	443	49755	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.960340023 CET	443	49755	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.960889101 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:44.960952044 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.963588953 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:44.963648081 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:45.004353046 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:45.004456997 CET	443	49755	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:45.007968903 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:45.007981062 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:45.046814919 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:45.061971903 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:45.408320904 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:45.408421993 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:45.408479929 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:45.409246922 CET	49756	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:45.409257889 CET	443	49756	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:55.168943882 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:55.172487974 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:51:55.172524929 CET	443	49755	130.185.81.111	192.168.2.4
Jan 1, 2025 22:51:55.172595024 CET	49755	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:09.094662905 CET	49820	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:52:09.094687939 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:09.094770908 CET	49820	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:52:09.095010996 CET	49820	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:52:09.095030069 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:09.731656075 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:09.731931925 CET	49820	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:52:09.731946945 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:09.732228994 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:09.732512951 CET	49820	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:52:09.732567072 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:09.781445026 CET	49820	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:52:10.394989967 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:10.395034075 CET	443	49831	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:10.395127058 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:10.395158052 CET	49832	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:10.395173073 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:10.395227909 CET	49832	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:10.396476030 CET	49832	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:10.396488905 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:10.396622896 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:10.396636963 CET	443	49831	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.055519104 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.055824041 CET	49832	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.055835962 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.056118965 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.056493044 CET	49832	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.056548119 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.056677103 CET	49832	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.099354982 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.154746056 CET	443	49831	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.155034065 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.155045033 CET	443	49831	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.156050920 CET	443	49831	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.156114101 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.156518936 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.156580925 CET	443	49831	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.210321903 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.210329056 CET	443	49831	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.258272886 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.539953947 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.540024042 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.540080070 CET	49832	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.541050911 CET	49832	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:11.541064978 CET	443	49832	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:11.877522945 CET	49723	80	192.168.2.4	199.232.210.172
Jan 1, 2025 22:52:11.877703905 CET	49724	80	192.168.2.4	199.232.210.172
Jan 1, 2025 22:52:11.882865906 CET	80	49723	199.232.210.172	192.168.2.4
Jan 1, 2025 22:52:11.882935047 CET	49723	80	192.168.2.4	199.232.210.172
Jan 1, 2025 22:52:11.883471012 CET	80	49724	199.232.210.172	192.168.2.4
Jan 1, 2025 22:52:11.883523941 CET	49724	80	192.168.2.4	199.232.210.172
Jan 1, 2025 22:52:19.669226885 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:19.669279099 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:19.669327974 CET	49820	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:52:21.174449921 CET	49820	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:52:21.174474955 CET	443	49820	142.250.185.228	192.168.2.4
Jan 1, 2025 22:52:21.369689941 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:21.375530005 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:21.375571966 CET	443	49831	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:21.375638008 CET	49831	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:36.627758980 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:36.627799988 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:36.627859116 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:36.627937078 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:36.627964020 CET	443	50001	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:36.628015995 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:36.628185987 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:36.628201008 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:36.628622055 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:36.628633976 CET	443	50001	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.288300037 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.288552046 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.288579941 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.289565086 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.289625883 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.289901972 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.289964914 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.290021896 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.290030956 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.290180922 CET	443	50001	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.290347099 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.290359020 CET	443	50001	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.290674925 CET	443	50001	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.290920973 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.290972948 CET	443	50001	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.345673084 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.345674992 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.777245045 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.777312040 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:37.777380943 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.778752089 CET	50000	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:37.778772116 CET	443	50000	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:48.540152073 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:48.561260939 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:52:48.561300993 CET	443	50001	130.185.81.111	192.168.2.4
Jan 1, 2025 22:52:48.561388969 CET	50001	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:03.702661037 CET	50030	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:03.702708006 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:03.702800035 CET	50030	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:03.702836990 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:03.702884912 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:03.702934027 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:03.704044104 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:03.704061985 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:03.704217911 CET	50030	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:03.704227924 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.375973940 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.376307011 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.376323938 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.376523018 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.376693010 CET	50030	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.376705885 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.376986027 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.377209902 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.377264023 CET	50030	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.377307892 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.377335072 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.377542973 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.377602100 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.377641916 CET	50030	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.423333883 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.428976059 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.428987980 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.475884914 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.875283957 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.875379086 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:04.875428915 CET	50030	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.876504898 CET	50030	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:04.876517057 CET	443	50030	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:09.149410009 CET	50032	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:53:09.149447918 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:09.149497032 CET	50032	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:53:09.149748087 CET	50032	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:53:09.149760962 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:09.798398018 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:09.798732042 CET	50032	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:53:09.798747063 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:09.799041986 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:09.799436092 CET	50032	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:53:09.799503088 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:09.843765020 CET	50032	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:53:15.703341961 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:15.737519979 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:15.737557888 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:15.737587929 CET	443	50031	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:15.737693071 CET	50031	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:19.703231096 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:19.703303099 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:19.703353882 CET	50032	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:53:19.798032999 CET	50032	443	192.168.2.4	142.250.185.228
Jan 1, 2025 22:53:19.798057079 CET	443	50032	142.250.185.228	192.168.2.4
Jan 1, 2025 22:53:37.000840902 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.000890017 CET	443	50033	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.000982046 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.001193047 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.001250029 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.001318932 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.002501011 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.002515078 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.002728939 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.002760887 CET	443	50033	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.664237022 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.664551020 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.664580107 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.665600061 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.665664911 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.665942907 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.665999889 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.666110992 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.666117907 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.674623966 CET	443	50033	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.677112103 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.677138090 CET	443	50033	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.677510023 CET	443	50033	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.683279037 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.683356047 CET	443	50033	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:37.719255924 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:37.735140085 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:38.140933037 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:38.141014099 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:38.141081095 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:38.150607109 CET	50034	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:38.150629044 CET	443	50034	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:47.883205891 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:47.888856888 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:47.888923883 CET	443	50033	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:47.888968945 CET	443	50033	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:47.889051914 CET	50033	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:59.780474901 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:59.780536890 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:59.780621052 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:59.780658007 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:59.780688047 CET	443	50036	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:59.780730963 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:59.781465054 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:59.781480074 CET	443	50036	130.185.81.111	192.168.2.4
Jan 1, 2025 22:53:59.781599998 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:53:59.781625032 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.464544058 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.510211945 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:00.542057037 CET	443	50036	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.570651054 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:00.570671082 CET	443	50036	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.570991039 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:00.571032047 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.571429968 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.572233915 CET	443	50036	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.572292089 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:00.572802067 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:00.572886944 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.573105097 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:00.573172092 CET	443	50036	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.577841043 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:00.615544081 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:00.615566015 CET	443	50036	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.623337030 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:00.665693045 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:01.105732918 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:01.105824947 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:01.105882883 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:01.106854916 CET	50035	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:01.106888056 CET	443	50035	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:09.211014986 CET	50037	443	192.168.2.4	142.250.185.196
Jan 1, 2025 22:54:09.211056948 CET	443	50037	142.250.185.196	192.168.2.4
Jan 1, 2025 22:54:09.211116076 CET	50037	443	192.168.2.4	142.250.185.196
Jan 1, 2025 22:54:09.211344004 CET	50037	443	192.168.2.4	142.250.185.196
Jan 1, 2025 22:54:09.211360931 CET	443	50037	142.250.185.196	192.168.2.4
Jan 1, 2025 22:54:09.837970018 CET	443	50037	142.250.185.196	192.168.2.4
Jan 1, 2025 22:54:09.838315964 CET	50037	443	192.168.2.4	142.250.185.196
Jan 1, 2025 22:54:09.838335037 CET	443	50037	142.250.185.196	192.168.2.4
Jan 1, 2025 22:54:09.838624954 CET	443	50037	142.250.185.196	192.168.2.4
Jan 1, 2025 22:54:09.838915110 CET	50037	443	192.168.2.4	142.250.185.196
Jan 1, 2025 22:54:09.838973999 CET	443	50037	142.250.185.196	192.168.2.4
Jan 1, 2025 22:54:09.892833948 CET	50037	443	192.168.2.4	142.250.185.196
Jan 1, 2025 22:54:11.729409933 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:11.754920006 CET	50036	443	192.168.2.4	130.185.81.111
Jan 1, 2025 22:54:11.754962921 CET	443	50036	130.185.81.111	192.168.2.4
Jan 1, 2025 22:54:11.755016088 CET	50036	443	192.168.2.4	130.185.81.111

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 22:51:04.554938078 CET	53	52216	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:04.556901932 CET	53	57354	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:06.092573881 CET	53	62918	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:09.031893015 CET	56220	53	192.168.2.4	1.1.1.1
Jan 1, 2025 22:51:09.031996965 CET	56248	53	192.168.2.4	1.1.1.1
Jan 1, 2025 22:51:09.038789034 CET	53	56248	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:09.039046049 CET	53	56220	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:16.945698023 CET	53	54825	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:20.535799026 CET	63851	53	192.168.2.4	1.1.1.1
Jan 1, 2025 22:51:20.535948992 CET	65387	53	192.168.2.4	1.1.1.1
Jan 1, 2025 22:51:20.580409050 CET	53	65387	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:20.582035065 CET	53	63851	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:22.992121935 CET	53	55634	1.1.1.1	192.168.2.4
Jan 1, 2025 22:51:23.463665962 CET	138	138	192.168.2.4	192.168.2.255
Jan 1, 2025 22:51:41.757359982 CET	53	51089	1.1.1.1	192.168.2.4
Jan 1, 2025 22:52:04.338455915 CET	53	58008	1.1.1.1	192.168.2.4
Jan 1, 2025 22:52:04.383620024 CET	53	54540	1.1.1.1	192.168.2.4
Jan 1, 2025 22:52:35.038840055 CET	53	62434	1.1.1.1	192.168.2.4
Jan 1, 2025 22:53:19.806345940 CET	53	54367	1.1.1.1	192.168.2.4
Jan 1, 2025 22:54:09.203423977 CET	50981	53	192.168.2.4	1.1.1.1
Jan 1, 2025 22:54:09.203612089 CET	61791	53	192.168.2.4	1.1.1.1
Jan 1, 2025 22:54:09.210258961 CET	53	61791	1.1.1.1	192.168.2.4
Jan 1, 2025 22:54:09.210385084 CET	53	50981	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 1, 2025 22:51:09.031893015 CET	192.168.2.4	1.1.1.1	0xc727	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 1, 2025 22:51:09.031996965 CET	192.168.2.4	1.1.1.1	0x9829	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 1, 2025 22:51:20.535799026 CET	192.168.2.4	1.1.1.1	0xf7d6	Standard query (0)	gruposafety.cv	A (IP address)	IN (0x0001)	false
Jan 1, 2025 22:51:20.535948992 CET	192.168.2.4	1.1.1.1	0x9601	Standard query (0)	gruposafety.cv	65	IN (0x0001)	false
Jan 1, 2025 22:54:09.203423977 CET	192.168.2.4	1.1.1.1	0x8c0a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 1, 2025 22:54:09.203612089 CET	192.168.2.4	1.1.1.1	0x4d71	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 1, 2025 22:51:09.038789034 CET	1.1.1.1	192.168.2.4	0x9829	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 1, 2025 22:51:09.039046049 CET	1.1.1.1	192.168.2.4	0xc727	No error (0)	www.google.com	142.250.185.228	A (IP address)	IN (0x0001)	false
Jan 1, 2025 22:51:20.582035065 CET	1.1.1.1	192.168.2.4	0xf7d6	No error (0)	gruposafety.cv	130.185.81.111	A (IP address)	IN (0x0001)	false
Jan 1, 2025 22:54:09.210258961 CET	1.1.1.1	192.168.2.4	0x4d71	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 1, 2025 22:54:09.210385084 CET	1.1.1.1	192.168.2.4	0x8c0a	No error (0)	www.google.com	142.250.185.196	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

gruposafety.cv

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49752	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:51:21 UTC	792	OUT	POST /NPO/excelaccess.php HTTP/1.1 Host: gruposafety.cv Connection: keep-alive Content-Length: 60 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-01 21:51:21 UTC	60	OUT	Data Raw: 65 6d 61 69 6c 3d 75 72 73 2e 6c 75 73 74 65 6e 62 65 72 67 65 72 25 34 30 6c 67 70 61 72 74 6e 65 72 2e 63 68 26 70 61 73 73 77 6f 72 64 3d 6e 70 31 4d 62 78 4b 44 77 30 62 64 32 Data Ascii: email=urs.lustenberger%40lgpartner.ch&password=np1MbxKDw0bd2
2025-01-01 21:51:21 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 01 Jan 2025 21:50:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.0.30 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000; includeSubDomains X-Powered-By: PleskLin
2025-01-01 21:51:21 UTC	125	IN	Data Raw: 37 32 0d 0a 3c 73 63 72 69 70 74 3e 61 6c 65 72 74 28 27 49 6e 76 61 6c 69 64 20 50 61 73 73 77 6f 72 64 2e 2e 20 50 6c 65 61 73 65 20 45 6e 74 65 72 20 50 61 73 73 77 6f 72 64 20 54 6f 20 41 63 63 65 73 73 20 20 44 6f 63 75 6d 65 6e 74 2e 27 29 3b 20 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 72<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49751	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:51:32 UTC	603	OUT	GET /favicon.ico HTTP/1.1 Host: gruposafety.cv Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gruposafety.cv/NPO/excelaccess.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49756	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:51:45 UTC	792	OUT	POST /NPO/excelaccess.php HTTP/1.1 Host: gruposafety.cv Connection: keep-alive Content-Length: 64 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-01 21:51:45 UTC	64	OUT	Data Raw: 65 6d 61 69 6c 3d 75 72 73 2e 6c 75 73 74 65 6e 62 65 72 67 65 72 25 34 30 6c 67 70 61 72 74 6e 65 72 2e 63 68 26 70 61 73 73 77 6f 72 64 3d 77 25 32 36 6d 73 4f 63 38 4d 45 38 70 41 25 37 43 Data Ascii: email=urs.lustenberger%40lgpartner.ch&password=w%26msOc8ME8pA%7C
2025-01-01 21:51:45 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 01 Jan 2025 21:50:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.0.30 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000; includeSubDomains X-Powered-By: PleskLin
2025-01-01 21:51:45 UTC	125	IN	Data Raw: 37 32 0d 0a 3c 73 63 72 69 70 74 3e 61 6c 65 72 74 28 27 49 6e 76 61 6c 69 64 20 50 61 73 73 77 6f 72 64 2e 2e 20 50 6c 65 61 73 65 20 45 6e 74 65 72 20 50 61 73 73 77 6f 72 64 20 54 6f 20 41 63 63 65 73 73 20 20 44 6f 63 75 6d 65 6e 74 2e 27 29 3b 20 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 72<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49755	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:51:55 UTC	603	OUT	GET /favicon.ico HTTP/1.1 Host: gruposafety.cv Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gruposafety.cv/NPO/excelaccess.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49832	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:52:11 UTC	792	OUT	POST /NPO/excelaccess.php HTTP/1.1 Host: gruposafety.cv Connection: keep-alive Content-Length: 63 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-01 21:52:11 UTC	63	OUT	Data Raw: 65 6d 61 69 6c 3d 75 72 73 2e 6c 75 73 74 65 6e 62 65 72 67 65 72 25 34 30 6c 67 70 61 72 74 6e 65 72 2e 63 68 26 70 61 73 73 77 6f 72 64 3d 25 33 43 7a 32 36 48 42 66 69 25 37 44 79 6f 76 Data Ascii: email=urs.lustenberger%40lgpartner.ch&password=%3Cz26HBfi%7Dyov
2025-01-01 21:52:11 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 01 Jan 2025 21:50:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.0.30 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000; includeSubDomains X-Powered-By: PleskLin
2025-01-01 21:52:11 UTC	125	IN	Data Raw: 37 32 0d 0a 3c 73 63 72 69 70 74 3e 61 6c 65 72 74 28 27 49 6e 76 61 6c 69 64 20 50 61 73 73 77 6f 72 64 2e 2e 20 50 6c 65 61 73 65 20 45 6e 74 65 72 20 50 61 73 73 77 6f 72 64 20 54 6f 20 41 63 63 65 73 73 20 20 44 6f 63 75 6d 65 6e 74 2e 27 29 3b 20 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 72<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49831	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:52:21 UTC	603	OUT	GET /favicon.ico HTTP/1.1 Host: gruposafety.cv Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gruposafety.cv/NPO/excelaccess.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	50000	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:52:37 UTC	792	OUT	POST /NPO/excelaccess.php HTTP/1.1 Host: gruposafety.cv Connection: keep-alive Content-Length: 74 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-01 21:52:37 UTC	74	OUT	Data Raw: 65 6d 61 69 6c 3d 75 72 73 2e 6c 75 73 74 65 6e 62 65 72 67 65 72 25 34 30 6c 67 70 61 72 74 6e 65 72 2e 63 68 26 70 61 73 73 77 6f 72 64 3d 65 4f 25 35 44 5a 57 69 4a 4d 25 34 30 78 25 32 31 25 32 42 41 65 61 25 37 42 45 Data Ascii: email=urs.lustenberger%40lgpartner.ch&password=eO%5DZWiJM%40x%21%2BAea%7BE
2025-01-01 21:52:37 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 01 Jan 2025 21:51:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.0.30 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000; includeSubDomains X-Powered-By: PleskLin
2025-01-01 21:52:37 UTC	125	IN	Data Raw: 37 32 0d 0a 3c 73 63 72 69 70 74 3e 61 6c 65 72 74 28 27 49 6e 76 61 6c 69 64 20 50 61 73 73 77 6f 72 64 2e 2e 20 50 6c 65 61 73 65 20 45 6e 74 65 72 20 50 61 73 73 77 6f 72 64 20 54 6f 20 41 63 63 65 73 73 20 20 44 6f 63 75 6d 65 6e 74 2e 27 29 3b 20 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 72<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	50001	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:52:48 UTC	603	OUT	GET /favicon.ico HTTP/1.1 Host: gruposafety.cv Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gruposafety.cv/NPO/excelaccess.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	50030	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:53:04 UTC	792	OUT	POST /NPO/excelaccess.php HTTP/1.1 Host: gruposafety.cv Connection: keep-alive Content-Length: 70 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-01 21:53:04 UTC	70	OUT	Data Raw: 65 6d 61 69 6c 3d 75 72 73 2e 6c 75 73 74 65 6e 62 65 72 67 65 72 25 34 30 6c 67 70 61 72 74 6e 65 72 2e 63 68 26 70 61 73 73 77 6f 72 64 3d 46 25 33 41 25 35 45 6e 66 44 25 32 33 37 25 35 42 4e 59 31 2a 49 74 Data Ascii: email=urs.lustenberger%40lgpartner.ch&password=F%3A%5EnfD%237%5BNY1*It
2025-01-01 21:53:04 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 01 Jan 2025 21:51:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.0.30 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000; includeSubDomains X-Powered-By: PleskLin
2025-01-01 21:53:04 UTC	125	IN	Data Raw: 37 32 0d 0a 3c 73 63 72 69 70 74 3e 61 6c 65 72 74 28 27 49 6e 76 61 6c 69 64 20 50 61 73 73 77 6f 72 64 2e 2e 20 50 6c 65 61 73 65 20 45 6e 74 65 72 20 50 61 73 73 77 6f 72 64 20 54 6f 20 41 63 63 65 73 73 20 20 44 6f 63 75 6d 65 6e 74 2e 27 29 3b 20 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 72<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	50031	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:53:15 UTC	603	OUT	GET /favicon.ico HTTP/1.1 Host: gruposafety.cv Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gruposafety.cv/NPO/excelaccess.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	50034	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:53:37 UTC	792	OUT	POST /NPO/excelaccess.php HTTP/1.1 Host: gruposafety.cv Connection: keep-alive Content-Length: 65 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-01 21:53:37 UTC	65	OUT	Data Raw: 65 6d 61 69 6c 3d 75 72 73 2e 6c 75 73 74 65 6e 62 65 72 67 65 72 25 34 30 6c 67 70 61 72 74 6e 65 72 2e 63 68 26 70 61 73 73 77 6f 72 64 3d 25 32 35 25 33 41 79 66 25 35 42 30 39 25 32 43 56 70 Data Ascii: email=urs.lustenberger%40lgpartner.ch&password=%25%3Ayf%5B09%2CVp
2025-01-01 21:53:38 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 01 Jan 2025 21:52:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.0.30 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000; includeSubDomains X-Powered-By: PleskLin
2025-01-01 21:53:38 UTC	125	IN	Data Raw: 37 32 0d 0a 3c 73 63 72 69 70 74 3e 61 6c 65 72 74 28 27 49 6e 76 61 6c 69 64 20 50 61 73 73 77 6f 72 64 2e 2e 20 50 6c 65 61 73 65 20 45 6e 74 65 72 20 50 61 73 73 77 6f 72 64 20 54 6f 20 41 63 63 65 73 73 20 20 44 6f 63 75 6d 65 6e 74 2e 27 29 3b 20 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 72<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50033	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:53:47 UTC	603	OUT	GET /favicon.ico HTTP/1.1 Host: gruposafety.cv Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gruposafety.cv/NPO/excelaccess.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50035	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:54:00 UTC	792	OUT	POST /NPO/excelaccess.php HTTP/1.1 Host: gruposafety.cv Connection: keep-alive Content-Length: 68 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-01 21:54:00 UTC	68	OUT	Data Raw: 65 6d 61 69 6c 3d 75 72 73 2e 6c 75 73 74 65 6e 62 65 72 67 65 72 25 34 30 6c 67 70 61 72 74 6e 65 72 2e 63 68 26 70 61 73 73 77 6f 72 64 3d 25 33 46 25 32 33 6d 25 32 38 36 38 70 38 65 67 51 64 42 53 30 Data Ascii: email=urs.lustenberger%40lgpartner.ch&password=%3F%23m%2868p8egQdBS0
2025-01-01 21:54:01 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 01 Jan 2025 21:52:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.0.30 Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000; includeSubDomains X-Powered-By: PleskLin
2025-01-01 21:54:01 UTC	125	IN	Data Raw: 37 32 0d 0a 3c 73 63 72 69 70 74 3e 61 6c 65 72 74 28 27 49 6e 76 61 6c 69 64 20 50 61 73 73 77 6f 72 64 2e 2e 20 50 6c 65 61 73 65 20 45 6e 74 65 72 20 50 61 73 73 77 6f 72 64 20 54 6f 20 41 63 63 65 73 73 20 20 44 6f 63 75 6d 65 6e 74 2e 27 29 3b 20 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 72<script>alert('Invalid Password.. Please Enter Password To Access Document.'); window.history.go(-1);</script>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50036	130.185.81.111	443	4488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 21:54:11 UTC	603	OUT	GET /favicon.ico HTTP/1.1 Host: gruposafety.cv Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gruposafety.cv/NPO/excelaccess.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Target ID:	0
Start time:	16:51:00
Start date:	01/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\tmpAE4B.HTmL.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:51:03
Start date:	01/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2248,i,7185164192713812909,7523031163983281264,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Network traffic	Suricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.4:49752 -> 130.185.81.111:443
Source: Network traffic	Suricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.4:49756 -> 130.185.81.111:443
Source: Network traffic	Suricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.4:49832 -> 130.185.81.111:443
Source: Network traffic	Suricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.4:50030 -> 130.185.81.111:443
Source: Network traffic	Suricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.4:50034 -> 130.185.81.111:443
Source: Network traffic	Suricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.4:50035 -> 130.185.81.111:443
Source: Network traffic	Suricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.4:50000 -> 130.185.81.111:443

Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gruposafety.cvConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gruposafety.cv/NPO/excelaccess.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gruposafety.cvConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gruposafety.cv/NPO/excelaccess.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gruposafety.cvConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gruposafety.cv/NPO/excelaccess.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gruposafety.cvConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gruposafety.cv/NPO/excelaccess.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gruposafety.cvConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gruposafety.cv/NPO/excelaccess.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gruposafety.cvConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gruposafety.cv/NPO/excelaccess.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gruposafety.cvConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gruposafety.cv/NPO/excelaccess.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: gruposafety.cv

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: tmpAE4B.HTmL.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	HTTP Parser: Number of links: 0

Source: tmpAE4B.HTmL.html	HTTP Parser: Title: m.s - lgpartner.ch does not match URL
Source: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	HTTP Parser: Title: m.s - lgpartner.ch does not match URL

Source: tmpAE4B.HTmL.html	HTTP Parser: Form action: https://gruposafety.cv/NPO/excelaccess.php
Source: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	HTTP Parser: Form action: https://gruposafety.cv/NPO/excelaccess.php

Source: tmpAE4B.HTmL.html	HTTP Parser: <input type="password" .../> found
Source: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	HTTP Parser: <input type="password" .../> found

Source: tmpAE4B.HTmL.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	HTTP Parser: No favicon

Source: tmpAE4B.HTmL.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	HTTP Parser: No <meta name="author".. found

Source: tmpAE4B.HTmL.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/tmpAE4B.HTmL.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report tmpAE4B.HTmL.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Static File Info

General

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4624, Parent PID: 1596

General

Chronological Activities

Analysis Process: chrome.exePID: 4488, Parent PID: 4624

Windows Analysis Report
tmpAE4B.HTmL.html