Edit tour

Windows Analysis Report
https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee99367

Overview

General Information

Sample URL:	https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/
Analysis ID:	1585436
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1844,i,6670123839772390806,3261259489046505297,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://westcommerce.com.br/	Avira URL Cloud: Label: malware
Source: https://westcommerce.com.br/e63o/1750871326/Ara/	Avira URL Cloud: Label: malware
Source: https://westcommerce.com.br	Avira URL Cloud: Label: malware

Source: global traffic

TCP traffic: 192.168.2.16:49728 -> 1.1.1.1:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: g248jqtc.r.ap-south-1.awstrack.me to https://fub.direct/1/wpcpz2kv6cjljr9ku5v9crqs4vrsbleryvqvlbrdo0vhtlcqws8ek4wwwgyecifo0nttfcu_ywsit_-hmwrgjbfgg1rcvhoccbgdl1kqiwe/https/westcommerce.com.br/e63o/1750871326/ara/#?nl=amrpykbhcmeuy29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: fub.direct to https://westcommerce.com.br/e63o/1750871326/ara/

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188 HTTP/1.1Host: g248jqtc.r.ap-south-1.awstrack.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/ HTTP/1.1Host: fub.directConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /e63o/1750871326/Ara/ HTTP/1.1Host: westcommerce.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /e63o/1750871326/Ara/ HTTP/1.1Host: westcommerce.com.brConnection: keep-aliveCache-Control: max-age=0Authorization: Basic RmFrY0BGdWNreW91LmNvbTpZb3VBcmVBTG93TGlmZUhhY2tlcldob3NlTW9tRG9lc25vdExvdmVIaW0=sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /e63o/1750871326/Ara/ HTTP/1.1Host: westcommerce.com.brConnection: keep-aliveCache-Control: max-age=0Authorization: Basic WW91ciBzaXRlIGlzIHN0dXBpZCA6QW5lZCBzbyBpcyB5b3VyIG1vbQ==sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fwestcommerce.com.br&oit=3&cp=27&pgcl=4&gs_rn=42&psi=XxJw4dQoIZNZE6zY&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: westcommerce.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: g248jqtc.r.ap-south-1.awstrack.me
Source: global traffic	DNS traffic detected: DNS query: fub.direct
Source: global traffic	DNS traffic detected: DNS query: westcommerce.com.br
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_55.1.dr

String found in binary or memory: https://westcommerce.com.br

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: classification engine

Classification label: mal48.win@22/8@8/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1844,i,6670123839772390806,3261259489046505297,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1844,i,6670123839772390806,3261259489046505297,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://westcommerce.com.br/	100%	Avira URL Cloud	malware
https://westcommerce.com.br/e63o/1750871326/Ara/	100%	Avira URL Cloud	malware
https://westcommerce.com.br	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
westcommerce.com.br	50.116.112.103	true	false	high
baconredirects-elb-ymx6i3lu5f0j-2055456940.ap-south-1.elb.amazonaws.com	13.126.216.240	true	false	unknown
fub.direct	18.172.112.96	true	false	high
www.google.com	142.250.186.68	true	false	high
g248jqtc.r.ap-south-1.awstrack.me	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://westcommerce.com.br/e63o/1750871326/Ara/	false	Avira URL Cloud: malware	unknown
https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fwestcommerce.com.br&oit=3&cp=27&pgcl=4&gs_rn=42&psi=XxJw4dQoIZNZE6zY&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188	false		unknown
https://westcommerce.com.br/	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://westcommerce.com.br	chromecache_55.1.dr	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
18.172.112.96	fub.direct	United States	3	MIT-GATEWAYSUS	false
50.116.112.103	westcommerce.com.br	United States	46606	UNIFIEDLAYER-AS-1US	false
13.126.216.240	baconredirects-elb-ymx6i3lu5f0j-2055456940.ap-south-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585436
Start date and time:	2025-01-07 16:48:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@22/8@8/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.185.174, 64.233.166.84, 216.58.206.78, 142.250.185.238, 142.250.181.238, 216.58.212.174, 142.250.186.110, 142.250.186.46, 142.250.185.67, 142.250.185.206, 142.250.186.174, 142.250.81.238, 74.125.0.74, 184.28.90.27, 20.12.23.50
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, r5.sn-t0aedn7e.gvt1.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, r5---sn-t0aedn7e.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://g248jqtc.r.ap-south-1.awstrack.me Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": true, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://g248jqtc.r.ap-south-1.awstrack.me

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 14:48:52 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.985159485685392
Encrypted:	false
SSDEEP:	48:8PdRTZ5lHbidAKZdA1FehwiZUklqehry+3:8fvzky
MD5:	F8CD7C8CD45E3024CC5808063815C6D5
SHA1:	E1445ADD4B955BB11F7D62FECFDC120E6D800E87
SHA-256:	A69B29B8B06C5EEE2F76EA1724BC9E6CF4AE5E952AB926316B0F1FC3D1D7DFA2
SHA-512:	D60B5BAB8D99707ECDFA32D9EA48710166E01DE6C2F4C0B31EED7F44B4AAFE7D6B15EAF8CDD45D293B7964DD576323C4C81B5187954754CC027770BCFF324B07
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Csu..a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I'Z.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 14:48:52 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.00418122014343
Encrypted:	false
SSDEEP:	48:8udRTZ5lHbidAKZdA1seh/iZUkAQkqehUy+2:8Qvd9Qpy
MD5:	39A8D1C1E7A0216D5B0B2ACC9B3C1429
SHA1:	EB00810B31B22F1EEECAA440EEBF6BC3CD319E3A
SHA-256:	66E3C92AF3FEE62E38356DC0EE54473518787B4AB3A5428C1518EF6843AE215F
SHA-512:	5D384B54125F2FE64DCD90A4DB3AEDCA10F27D69320AD9928C51BF1C77CAD233167C90A3BD23C2F9614086771CC8D68CE8BDAF8115F07EF2DE3FDA1E0F55B7BE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....,h..a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I'Z.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011571728998053
Encrypted:	false
SSDEEP:	48:8XdRTZ5AHbidAKZdA14meh7sFiZUkmgqeh7siy+BX:8nvqnoy
MD5:	74D8CEB10A992DF9DAFE99E58D3FDA94
SHA1:	3A2E364D985CEBA28605CD5032658173BF0EE04F
SHA-256:	8E6220922D3FDD62696B52C2E7820EF3C6ECAEBE2627977993451707AFE511E7
SHA-512:	DDC646FE60AFF7C1AB1341B24ACF6B9130E56F1CEF5C97C9D0249C30243C36629B6ECA437666BDB23C52CF370BA4176961BF4AC2D6AE2EA48DF049250CB24358
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I'Z.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 14:48:52 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.0016167088554875
Encrypted:	false
SSDEEP:	48:8odRTZ5lHbidAKZdA1TehDiZUkwqehgy+R:8uvuay
MD5:	BD47A92B6522DB9ABDDAA32422C42310
SHA1:	9B8D79F1EE2D3EE49689DC6ADFCE883D21DD4B9A
SHA-256:	D1B1A56845F1CB917B2E38F84F9D6C27EA4055FC23EC45CA5B382B2B451B2AD3
SHA-512:	021E7558D6A15922B50281731F0DCA86AA97291EF4B145395C4EAB08DCB71ADEB1A794D321DF5C246F0123C472E70FC63167B5E54B5A8CFBD08FD8D277C0557D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....>.a..a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I'Z.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 14:48:52 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.990963547327403
Encrypted:	false
SSDEEP:	48:8PXdRTZ5lHbidAKZdA1dehBiZUk1W1qehmy+C:8Pnv+9Gy
MD5:	7A5222F6B318F14E131F46DC52AFF6FA
SHA1:	C33421F581FC6626842E2559748C722C9D9AD0F5
SHA-256:	138256126A7D2D623294082C39AC01C89A1728F9A5127EC9BFF3BE5DB4886FE2
SHA-512:	1359891ED59DA3DBA3D0360A3F8CD21F45F7E587B4B51F468F0FACEDB4E1E9DEF59AE2748879560601472D339840C3B73A418AF8217EBDCF1F81C1B3DBD128D1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....n..a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I'Z.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 14:48:52 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.999279296710216
Encrypted:	false
SSDEEP:	48:86dRTZ5lHbidAKZdA1duTeehOuTbbiZUk5OjqehOuTboy+yT+:88v0TfTbxWOvTboy7T
MD5:	EB992D3C1C38A81945A5631FAB586CF1
SHA1:	97E897D2BD711B9B3155DFCF2018F06B2D89324A
SHA-256:	34ED323CEA6A7D97DCBCA5F1ECB8EF7FF45A9D6D90662045C30D68A386966FB9
SHA-512:	ADD13240425DC1709986D0F533941F88F8F28F6519AFF84B5483E3808FD3F52797B7E21D673FF53B18007659F2FDE8D043BB632B00FA0FEF59BFBC3117CF3865
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....._Y..a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I'Z.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	147
Entropy (8bit):	4.707173989555181
Encrypted:	false
SSDEEP:	3:Vw2RZIypIV+E+4wwBHsLpHbGWjLwWkzXFETH1u4:Vw2b1pIV+EH5BHsLRGAwWeXFEL13
MD5:	AD051937871FF105CBEAEDF5ED695E99
SHA1:	AE53605D274E95DC62415B3E8AC62ED589CF4A3A
SHA-256:	F07A8F593F9AB268DD51C4C1ACC15879C93A318377EA7A43FB784BB0DCCE03E0
SHA-512:	70539D6E7B0A6CD1334FE2A8EADF4614E1D3ED65E6D535E10662C8FE220468D7790B95E835D5FE69A9291041F3A0CB5C77C21B1955CFED3BF79531FB3956A73B
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fwestcommerce.com.br&oit=3&cp=27&pgcl=4&gs_rn=42&psi=XxJw4dQoIZNZE6zY&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://westcommerce.com.br",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 16:48:51.960386038 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:51.960412025 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:51.960475922 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:51.960664034 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:51.960675955 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:51.960998058 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:51.961025953 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:51.961090088 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:51.961241007 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:51.961252928 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.172909021 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.173362017 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.173381090 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.173463106 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.174441099 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.174518108 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.174665928 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.174685001 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.175726891 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.175793886 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.175825119 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.175885916 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.175918102 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.175926924 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.176791906 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.176850080 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.219373941 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.219373941 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.219383001 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.267353058 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.507977962 CET	49673	443	192.168.2.16	204.79.197.203
Jan 7, 2025 16:48:53.707163095 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.707271099 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.707355976 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.707674026 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.707693100 CET	443	49707	13.126.216.240	192.168.2.16
Jan 7, 2025 16:48:53.707701921 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.707757950 CET	49707	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:48:53.734039068 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:53.734076977 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:53.734361887 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:53.734558105 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:53.734572887 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:53.811369896 CET	49673	443	192.168.2.16	204.79.197.203
Jan 7, 2025 16:48:54.392874002 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:54.393167019 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:54.393191099 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:54.394248009 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:54.394326925 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:54.395250082 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:54.395322084 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:54.395440102 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:54.395451069 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:54.417381048 CET	49673	443	192.168.2.16	204.79.197.203
Jan 7, 2025 16:48:54.448400021 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:54.939847946 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:54.940238953 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:54.940335989 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:54.940381050 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:54.940381050 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:54.940402031 CET	443	49709	18.172.112.96	192.168.2.16
Jan 7, 2025 16:48:54.940459013 CET	49709	443	192.168.2.16	18.172.112.96
Jan 7, 2025 16:48:55.263837099 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:55.263879061 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:55.264048100 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:55.264841080 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:55.264861107 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:55.622427940 CET	49673	443	192.168.2.16	204.79.197.203
Jan 7, 2025 16:48:56.474519014 CET	49689	80	192.168.2.16	192.229.211.108
Jan 7, 2025 16:48:56.674715996 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:48:56.674765110 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:48:56.674869061 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:48:56.675081015 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:48:56.675097942 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:48:56.675415039 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:56.675632954 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:56.675651073 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:56.676661968 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:56.676769972 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:56.677711964 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:56.677773952 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:56.677871943 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:56.677880049 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:56.725497961 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:56.909331083 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:56.909426928 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:56.909821987 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:56.912432909 CET	49710	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:48:56.912461042 CET	443	49710	50.116.112.103	192.168.2.16
Jan 7, 2025 16:48:57.313030958 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:48:57.314070940 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:48:57.314097881 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:48:57.315097094 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:48:57.315201044 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:48:57.321686029 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:48:57.321770906 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:48:57.363387108 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:48:57.363405943 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:48:57.411525011 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:48:58.035377026 CET	49673	443	192.168.2.16	204.79.197.203
Jan 7, 2025 16:49:01.683765888 CET	49678	443	192.168.2.16	20.189.173.10
Jan 7, 2025 16:49:01.988420010 CET	49678	443	192.168.2.16	20.189.173.10
Jan 7, 2025 16:49:02.593410015 CET	49678	443	192.168.2.16	20.189.173.10
Jan 7, 2025 16:49:02.848422050 CET	49673	443	192.168.2.16	204.79.197.203
Jan 7, 2025 16:49:03.804409981 CET	49678	443	192.168.2.16	20.189.173.10
Jan 7, 2025 16:49:06.150826931 CET	49680	80	192.168.2.16	192.229.211.108
Jan 7, 2025 16:49:06.214494944 CET	49678	443	192.168.2.16	20.189.173.10
Jan 7, 2025 16:49:06.454585075 CET	49680	80	192.168.2.16	192.229.211.108
Jan 7, 2025 16:49:07.054404020 CET	49680	80	192.168.2.16	192.229.211.108
Jan 7, 2025 16:49:07.246963024 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:07.247030973 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:07.247080088 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:08.261450052 CET	49680	80	192.168.2.16	192.229.211.108
Jan 7, 2025 16:49:08.855304003 CET	49713	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:08.855335951 CET	443	49713	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:10.671442032 CET	49680	80	192.168.2.16	192.229.211.108
Jan 7, 2025 16:49:11.022444010 CET	49678	443	192.168.2.16	20.189.173.10
Jan 7, 2025 16:49:12.453453064 CET	49673	443	192.168.2.16	204.79.197.203
Jan 7, 2025 16:49:15.484463930 CET	49680	80	192.168.2.16	192.229.211.108
Jan 7, 2025 16:49:20.634682894 CET	49678	443	192.168.2.16	20.189.173.10
Jan 7, 2025 16:49:23.316200972 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:49:23.316303015 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:49:23.316400051 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:49:24.455611944 CET	49708	443	192.168.2.16	13.126.216.240
Jan 7, 2025 16:49:24.455650091 CET	443	49708	13.126.216.240	192.168.2.16
Jan 7, 2025 16:49:24.455982924 CET	49718	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.456026077 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.456091881 CET	49718	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.456304073 CET	49719	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.456332922 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.456383944 CET	49719	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.456594944 CET	49718	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.456609011 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.456768990 CET	49719	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.456782103 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.947747946 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.948201895 CET	49718	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.948235989 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.948616982 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.949052095 CET	49718	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.949120998 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.949331999 CET	49718	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.957886934 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.958231926 CET	49719	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.958260059 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.959017992 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.959362030 CET	49719	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:24.959430933 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.995332956 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:24.999475956 CET	49719	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:25.095529079 CET	49680	80	192.168.2.16	192.229.211.108
Jan 7, 2025 16:49:25.140168905 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:25.140288115 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:25.140357971 CET	49718	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:25.141232014 CET	49718	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:25.141252995 CET	443	49718	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:35.082098007 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:35.082182884 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:35.082330942 CET	49719	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:35.187093973 CET	49719	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:35.187129021 CET	443	49719	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:37.735789061 CET	49697	80	192.168.2.16	199.232.214.172
Jan 7, 2025 16:49:37.735790014 CET	49698	80	192.168.2.16	199.232.214.172
Jan 7, 2025 16:49:37.740760088 CET	80	49698	199.232.214.172	192.168.2.16
Jan 7, 2025 16:49:37.740914106 CET	49698	80	192.168.2.16	199.232.214.172
Jan 7, 2025 16:49:37.741106987 CET	80	49697	199.232.214.172	192.168.2.16
Jan 7, 2025 16:49:37.741208076 CET	49697	80	192.168.2.16	199.232.214.172
Jan 7, 2025 16:49:39.567332029 CET	49721	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:39.567374945 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:39.567492962 CET	49721	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:39.567604065 CET	49722	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:39.567655087 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:39.567713022 CET	49722	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:39.567970991 CET	49721	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:39.567984104 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:39.568140030 CET	49722	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:39.568156004 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.083230972 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.083255053 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.083620071 CET	49721	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:40.083647013 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.083854914 CET	49722	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:40.083879948 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.084024906 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.084247112 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.084362030 CET	49721	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:40.084439993 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.084644079 CET	49722	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:40.084719896 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.084865093 CET	49721	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:40.129658937 CET	49722	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:40.131330013 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.225384951 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.225457907 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:40.225558996 CET	49721	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:40.227057934 CET	49721	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:40.227077961 CET	443	49721	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:50.208818913 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:50.208900928 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:50.209002018 CET	49722	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:50.757548094 CET	49722	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:50.757575035 CET	443	49722	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:55.851944923 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:55.851968050 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:55.852106094 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:55.852346897 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:55.852360964 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:56.490942001 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:56.491410971 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:56.491434097 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:56.491926908 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:56.492238998 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:56.492338896 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:56.531668901 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:57.014682055 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:57.059335947 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:57.258591890 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:57.261755943 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:57.261867046 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:57.262914896 CET	49724	443	192.168.2.16	142.250.186.68
Jan 7, 2025 16:49:57.262928009 CET	443	49724	142.250.186.68	192.168.2.16
Jan 7, 2025 16:49:57.774127007 CET	49725	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:57.774169922 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:57.774267912 CET	49725	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:57.774456978 CET	49726	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:57.774486065 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:57.774538994 CET	49726	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:57.774830103 CET	49726	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:57.774844885 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:57.774993896 CET	49725	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:57.775008917 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.278285980 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.278583050 CET	49726	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:58.278594017 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.278956890 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.279306889 CET	49726	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:58.279409885 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.279486895 CET	49726	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:58.281303883 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.281536102 CET	49725	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:58.281552076 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.281929016 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.282205105 CET	49725	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:58.282264948 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.323322058 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.332551956 CET	49725	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:58.413718939 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.413788080 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:49:58.413844109 CET	49726	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:58.415119886 CET	49726	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:49:58.415137053 CET	443	49726	50.116.112.103	192.168.2.16
Jan 7, 2025 16:50:08.399682999 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:50:08.399775028 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:50:08.399842024 CET	49725	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:50:09.194701910 CET	49725	443	192.168.2.16	50.116.112.103
Jan 7, 2025 16:50:09.194727898 CET	443	49725	50.116.112.103	192.168.2.16
Jan 7, 2025 16:50:21.425009966 CET	49728	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:50:21.429769993 CET	53	49728	1.1.1.1	192.168.2.16
Jan 7, 2025 16:50:21.429867983 CET	49728	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:50:21.429922104 CET	49728	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:50:21.429958105 CET	49728	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:50:21.434700012 CET	53	49728	1.1.1.1	192.168.2.16
Jan 7, 2025 16:50:21.434711933 CET	53	49728	1.1.1.1	192.168.2.16
Jan 7, 2025 16:50:21.899287939 CET	53	49728	1.1.1.1	192.168.2.16
Jan 7, 2025 16:50:21.899866104 CET	49728	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:50:21.908122063 CET	53	49728	1.1.1.1	192.168.2.16
Jan 7, 2025 16:50:21.908198118 CET	49728	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:50:28.698899031 CET	49699	443	192.168.2.16	20.190.159.23
Jan 7, 2025 16:50:28.698899984 CET	49700	80	192.168.2.16	192.229.221.95
Jan 7, 2025 16:50:29.002688885 CET	49699	443	192.168.2.16	20.190.159.23
Jan 7, 2025 16:50:29.002723932 CET	49700	80	192.168.2.16	192.229.221.95
Jan 7, 2025 16:50:29.427974939 CET	443	49699	20.190.159.23	192.168.2.16
Jan 7, 2025 16:50:29.427989006 CET	80	49700	192.229.221.95	192.168.2.16
Jan 7, 2025 16:50:29.428128958 CET	80	49700	192.229.221.95	192.168.2.16
Jan 7, 2025 16:50:29.428174019 CET	443	49699	20.190.159.23	192.168.2.16
Jan 7, 2025 16:50:29.428231955 CET	49700	80	192.168.2.16	192.229.221.95
Jan 7, 2025 16:50:29.428436995 CET	49699	443	192.168.2.16	20.190.159.23
Jan 7, 2025 16:50:30.903009892 CET	49701	443	192.168.2.16	20.190.159.23
Jan 7, 2025 16:50:30.908118010 CET	443	49701	20.190.159.23	192.168.2.16
Jan 7, 2025 16:50:30.908257961 CET	49701	443	192.168.2.16	20.190.159.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 16:48:50.950150967 CET	53	52406	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:50.954287052 CET	53	55642	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:51.922158957 CET	63487	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:48:51.922385931 CET	64002	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:48:51.938707113 CET	53	56163	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:51.953017950 CET	53	63487	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:51.966273069 CET	53	64002	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:53.709897041 CET	64413	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:48:53.710052967 CET	55512	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:48:53.721473932 CET	53	55512	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:53.733537912 CET	53	64413	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:54.942533970 CET	51824	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:48:54.942667007 CET	64895	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:48:55.207937956 CET	53	51824	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:55.314363003 CET	53	64895	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:55.793566942 CET	58773	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:48:55.793704033 CET	55737	53	192.168.2.16	1.1.1.1
Jan 7, 2025 16:48:56.673300982 CET	53	55737	1.1.1.1	192.168.2.16
Jan 7, 2025 16:48:56.673398972 CET	53	58773	1.1.1.1	192.168.2.16
Jan 7, 2025 16:49:08.864029884 CET	53	54162	1.1.1.1	192.168.2.16
Jan 7, 2025 16:49:27.841113091 CET	53	59554	1.1.1.1	192.168.2.16
Jan 7, 2025 16:49:50.765347004 CET	53	63458	1.1.1.1	192.168.2.16
Jan 7, 2025 16:49:50.926425934 CET	53	57087	1.1.1.1	192.168.2.16
Jan 7, 2025 16:49:57.844674110 CET	138	138	192.168.2.16	192.168.2.255
Jan 7, 2025 16:50:20.404946089 CET	53	53309	1.1.1.1	192.168.2.16
Jan 7, 2025 16:50:21.424592972 CET	53	51791	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 7, 2025 16:48:51.966346025 CET	192.168.2.16	1.1.1.1	c2b4	(Port unreachable)	Destination Unreachable
Jan 7, 2025 16:48:55.314579010 CET	192.168.2.16	1.1.1.1	c234	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 16:48:51.922158957 CET	192.168.2.16	1.1.1.1	0x379e	Standard query (0)	g248jqtc.r.ap-south-1.awstrack.me	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:51.922385931 CET	192.168.2.16	1.1.1.1	0xd299	Standard query (0)	g248jqtc.r.ap-south-1.awstrack.me	65	IN (0x0001)	false
Jan 7, 2025 16:48:53.709897041 CET	192.168.2.16	1.1.1.1	0x66a7	Standard query (0)	fub.direct	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:53.710052967 CET	192.168.2.16	1.1.1.1	0xb7dd	Standard query (0)	fub.direct	65	IN (0x0001)	false
Jan 7, 2025 16:48:54.942533970 CET	192.168.2.16	1.1.1.1	0xd4ef	Standard query (0)	westcommerce.com.br	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:54.942667007 CET	192.168.2.16	1.1.1.1	0x7290	Standard query (0)	westcommerce.com.br	65	IN (0x0001)	false
Jan 7, 2025 16:48:55.793566942 CET	192.168.2.16	1.1.1.1	0xa31	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:55.793704033 CET	192.168.2.16	1.1.1.1	0xb80e	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 16:48:51.953017950 CET	1.1.1.1	192.168.2.16	0x379e	No error (0)	g248jqtc.r.ap-south-1.awstrack.me	r.ap-south-1.awstrack.me		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 16:48:51.953017950 CET	1.1.1.1	192.168.2.16	0x379e	No error (0)	r.ap-south-1.awstrack.me	baconredirects-elb-ymx6i3lu5f0j-2055456940.ap-south-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 16:48:51.953017950 CET	1.1.1.1	192.168.2.16	0x379e	No error (0)	baconredirects-elb-ymx6i3lu5f0j-2055456940.ap-south-1.elb.amazonaws.com		13.126.216.240	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:51.953017950 CET	1.1.1.1	192.168.2.16	0x379e	No error (0)	baconredirects-elb-ymx6i3lu5f0j-2055456940.ap-south-1.elb.amazonaws.com		43.204.9.173	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:51.953017950 CET	1.1.1.1	192.168.2.16	0x379e	No error (0)	baconredirects-elb-ymx6i3lu5f0j-2055456940.ap-south-1.elb.amazonaws.com		15.207.208.85	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:51.966273069 CET	1.1.1.1	192.168.2.16	0xd299	No error (0)	g248jqtc.r.ap-south-1.awstrack.me	r.ap-south-1.awstrack.me		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 16:48:51.966273069 CET	1.1.1.1	192.168.2.16	0xd299	No error (0)	r.ap-south-1.awstrack.me	baconredirects-elb-ymx6i3lu5f0j-2055456940.ap-south-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 16:48:53.733537912 CET	1.1.1.1	192.168.2.16	0x66a7	No error (0)	fub.direct		18.172.112.96	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:53.733537912 CET	1.1.1.1	192.168.2.16	0x66a7	No error (0)	fub.direct		18.172.112.30	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:53.733537912 CET	1.1.1.1	192.168.2.16	0x66a7	No error (0)	fub.direct		18.172.112.108	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:53.733537912 CET	1.1.1.1	192.168.2.16	0x66a7	No error (0)	fub.direct		18.172.112.73	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:55.207937956 CET	1.1.1.1	192.168.2.16	0xd4ef	No error (0)	westcommerce.com.br		50.116.112.103	A (IP address)	IN (0x0001)	false
Jan 7, 2025 16:48:56.673300982 CET	1.1.1.1	192.168.2.16	0xb80e	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 7, 2025 16:48:56.673398972 CET	1.1.1.1	192.168.2.16	0xa31	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

g248jqtc.r.ap-south-1.awstrack.me

fub.direct

westcommerce.com.br

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49707	13.126.216.240	443	6960	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 15:48:53 UTC	974	OUT	GET /L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188 HTTP/1.1 Host: g248jqtc.r.ap-south-1.awstrack.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 15:48:53 UTC	305	IN	HTTP/1.1 302 Found Date: Tue, 07 Jan 2025 15:48:53 GMT Location: https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/#?nl=amRpYkBhcmEuY29t Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49709	18.172.112.96	443	6960	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 15:48:54 UTC	809	OUT	GET /1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/ HTTP/1.1 Host: fub.direct Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 15:48:54 UTC	479	IN	HTTP/1.1 302 Found Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Tue, 07 Jan 2025 15:48:54 GMT Server: Apache/2.4.62 () OpenSSL/1.0.2k-fips Location: https://westcommerce.com.br/e63o/1750871326/Ara/ X-Cache: Miss from cloudfront Via: 1.1 db38c5279288cd1c6aea4fa2c0409120.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P8 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: gBiWw0jt6YCFBXQVBxPdES6zznFJH6luJZ4AJgqCf0iVNSAzTdnYrg==
2025-01-07 15:48:54 UTC	271	IN	Data Raw: 31 30 38 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 31 3b 20 68 74 74 70 73 3a 2f 2f 77 65 73 74 63 6f 6d 6d 65 72 63 65 2e 63 6f 6d 2e 62 72 2f 65 36 33 6f 2f 31 37 35 30 38 37 31 33 32 36 2f 41 72 61 2f 27 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 77 65 73 74 63 6f 6d 6d 65 72 63 65 2e 63 6f 6d 2e 62 72 2f 65 36 33 6f 2f 31 37 35 30 38 37 31 33 32 36 2f 41 72 61 2f 27 3e 68 74 74 70 73 3a 2f 2f 77 65 73 74 63 6f 6d 6d 65 72 63 65 2e 63 6f 6d 2e 62 72 2f 65 36 33 6f 2f 31 37 35 30 38 37 31 33 32 36 2f 41 72 61 2f 3c 2f 61 3e 20 2e 2e 2e 3c 2f 70 3e Data Ascii: 108<html><head><meta http-equiv='refresh' content='1; https://westcommerce.com.br/e63o/1750871326/Ara/' /></head><body>Redirecting to <a href='https://westcommerce.com.br/e63o/1750871326/Ara/'>https://westcommerce.com.br/e63o/1750871326/Ara/</a> ...</p>
2025-01-07 15:48:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49710	50.116.112.103	443	6960	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 15:48:56 UTC	682	OUT	GET /e63o/1750871326/Ara/ HTTP/1.1 Host: westcommerce.com.br Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 15:48:56 UTC	230	IN	HTTP/1.1 401 Unauthorized Date: Tue, 07 Jan 2025 15:48:56 GMT Server: Apache WWW-Authenticate: Basic realm="Access Restricted (pwrestrict)" Content-Length: 14 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-07 15:48:56 UTC	14	IN	Data Raw: 41 63 63 65 73 73 20 44 65 6e 69 65 64 21 Data Ascii: Access Denied!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49718	50.116.112.103	443	6960	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 15:49:24 UTC	811	OUT	GET /e63o/1750871326/Ara/ HTTP/1.1 Host: westcommerce.com.br Connection: keep-alive Cache-Control: max-age=0 Authorization: Basic RmFrY0BGdWNreW91LmNvbTpZb3VBcmVBTG93TGlmZUhhY2tlcldob3NlTW9tRG9lc25vdExvdmVIaW0= sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 15:49:25 UTC	230	IN	HTTP/1.1 401 Unauthorized Date: Tue, 07 Jan 2025 15:49:25 GMT Server: Apache WWW-Authenticate: Basic realm="Access Restricted (pwrestrict)" Content-Length: 14 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-07 15:49:25 UTC	14	IN	Data Raw: 41 63 63 65 73 73 20 44 65 6e 69 65 64 21 Data Ascii: Access Denied!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49721	50.116.112.103	443	6960	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 15:49:40 UTC	787	OUT	GET /e63o/1750871326/Ara/ HTTP/1.1 Host: westcommerce.com.br Connection: keep-alive Cache-Control: max-age=0 Authorization: Basic WW91ciBzaXRlIGlzIHN0dXBpZCA6QW5lZCBzbyBpcyB5b3VyIG1vbQ== sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 15:49:40 UTC	230	IN	HTTP/1.1 401 Unauthorized Date: Tue, 07 Jan 2025 15:49:40 GMT Server: Apache WWW-Authenticate: Basic realm="Access Restricted (pwrestrict)" Content-Length: 14 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-07 15:49:40 UTC	14	IN	Data Raw: 41 63 63 65 73 73 20 44 65 6e 69 65 64 21 Data Ascii: Access Denied!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49724	142.250.186.68	443	6960	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 15:49:57 UTC	680	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fwestcommerce.com.br&oit=3&cp=27&pgcl=4&gs_rn=42&psi=XxJw4dQoIZNZE6zY&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 15:49:57 UTC	1266	IN	HTTP/1.1 200 OK Date: Tue, 07 Jan 2025 15:49:57 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-zob2isgvbnPk8eKDMU2WZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-07 15:49:57 UTC	124	IN	Data Raw: 39 33 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 77 65 73 74 63 6f 6d 6d 65 72 63 65 2e 63 6f 6d 2e 62 72 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 Data Ascii: 93)]}'["https://westcommerce.com.br",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"goog
2025-01-07 15:49:57 UTC	29	IN	Data Raw: 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: le:verbatimrelevance":851}]
2025-01-07 15:49:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49726	50.116.112.103	443	6960	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 15:49:58 UTC	662	OUT	GET / HTTP/1.1 Host: westcommerce.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 15:49:58 UTC	230	IN	HTTP/1.1 401 Unauthorized Date: Tue, 07 Jan 2025 15:49:58 GMT Server: Apache WWW-Authenticate: Basic realm="Access Restricted (pwrestrict)" Content-Length: 14 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-07 15:49:58 UTC	14	IN	Data Raw: 41 63 63 65 73 73 20 44 65 6e 69 65 64 21 Data Ascii: Access Denied!

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6284, Parent PID: 4108

General

Target ID:	0
Start time:	10:48:49
Start date:	07/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6960, Parent PID: 6284

General

Target ID:	1
Start time:	10:48:49
Start date:	07/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1844,i,6670123839772390806,3261259489046505297,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6652, Parent PID: 4108

General

Target ID:	2
Start time:	10:48:50
Start date:	07/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://g248jqtc.r.ap-south-1.awstrack.me/L0/https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/westcommerce.com.br/e63o/1750871326/Ara/%23%3Fnl=amRpYkBhcmEuY29t/1/0109019433d34740-32de3bb4-8eb6-4b18-a944-d8e7ee993673-000000/ImcP_D-hsLxxvDJopI2vRjkqrI4=188"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 55

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6284, Parent PID: 4108

General

Chronological Activities

Analysis Process: chrome.exePID: 6960, Parent PID: 6284

General

Chronological Activities

Analysis Process: chrome.exePID: 6652, Parent PID: 4108