Edit tour

Windows Analysis Report
http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi4

Overview

General Information

Sample URL:	http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50
Analysis ID:	1590150
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2044,i,15650951175937279479,2571281116311432070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://dosagrillva.com/cgi-sys/images/404top_w.jpg	Avira URL Cloud: Label: malware
Source: https://dosagrillva.com/cgi-sys/images/404mid.gif	Avira URL Cloud: Label: malware

Source: https://dosagrillva.com/share.html#

HTTP Parser: No favicon

Source: global traffic

TCP traffic: 192.168.2.4:65399 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /share.html HTTP/1.1Host: dosagrillva.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/js/simple-expand.min.js HTTP/1.1Host: dosagrillva.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dosagrillva.com/share.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/w.png HTTP/1.1Host: dosagrillva.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dosagrillva.com/share.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404top_w.jpg HTTP/1.1Host: dosagrillva.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dosagrillva.com/share.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404mid.gif HTTP/1.1Host: dosagrillva.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dosagrillva.com/share.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404bottom.gif HTTP/1.1Host: dosagrillva.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dosagrillva.com/share.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/js/simple-expand.min.js HTTP/1.1Host: dosagrillva.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/w.png HTTP/1.1Host: dosagrillva.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404top_w.jpg HTTP/1.1Host: dosagrillva.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404mid.gif HTTP/1.1Host: dosagrillva.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dosagrillva.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dosagrillva.com/share.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404bottom.gif HTTP/1.1Host: dosagrillva.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dosagrillva.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dosagrillva.com/share.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk HTTP/1.1Host: email.bigcontacts.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: email.bigcontacts.com
Source: global traffic	DNS traffic detected: DNS query: dosagrillva.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Mon, 13 Jan 2025 15:55:03 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Fri, 30 Sep 2022 11:49:56 GMTAccept-Ranges: bytesContent-Length: 5463Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Mon, 13 Jan 2025 15:55:05 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Fri, 30 Sep 2022 11:49:56 GMTAccept-Ranges: bytesContent-Length: 5463Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Mon, 13 Jan 2025 15:55:06 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Fri, 30 Sep 2022 11:49:56 GMTAccept-Ranges: bytesContent-Length: 5463Vary: Accept-EncodingContent-Type: text/html

Source: chromecache_58.2.dr, chromecache_55.2.dr	String found in binary or memory: http://code.jquery.com/jquery-3.3.1.min.js
Source: chromecache_58.2.dr, chromecache_55.2.dr	String found in binary or memory: http://gmpg.org/xfn/11
Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_53.2.dr, chromecache_50.2.dr	String found in binary or memory: https://github.com/redhotsly/simple-expand
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: chromecache_53.2.dr, chromecache_50.2.dr	String found in binary or memory: https://raw.github.com/redhotsly/simple-expand/master/licence-mit.txt
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn
Source: sets.json.0.dr	String found in binary or memory: https://zoom.com
Source: sets.json.0.dr	String found in binary or memory: https://zoom.us

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65412
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_5964_1174754540

Jump to behavior

Source: classification engine

Classification label: mal48.win@18/24@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2044,i,15650951175937279479,2571281116311432070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2044,i,15650951175937279479,2571281116311432070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://dosagrillva.com/cgi-sys/images/404top_w.jpg	100%	Avira URL Cloud	malware
https://dosagrillva.com/cgi-sys/images/404mid.gif	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.184.228	true	false	high
dosagrillva.com	192.185.170.18	true	false	unknown
mailgun.org	34.110.180.34	true	false	high
email.bigcontacts.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dosagrillva.com/cgi-sys/images/404mid.gif	false	Avira URL Cloud: malware	unknown
http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk	false		unknown
https://dosagrillva.com/cgi-sys/images/404top_w.jpg	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://wieistmeineip.de	sets.json.0.dr	false	high
https://mercadoshops.com.co	sets.json.0.dr	false	high
https://gliadomain.com	sets.json.0.dr	false	high
https://poalim.xyz	sets.json.0.dr	false	high
https://mercadolivre.com	sets.json.0.dr	false	high
https://reshim.org	sets.json.0.dr	false	high
https://nourishingpursuits.com	sets.json.0.dr	false	high
https://medonet.pl	sets.json.0.dr	false	high
https://unotv.com	sets.json.0.dr	false	high
https://mercadoshops.com.br	sets.json.0.dr	false	high
https://joyreactor.cc	sets.json.0.dr	false	high
https://zdrowietvn.pl	sets.json.0.dr	false	high
https://johndeere.com	sets.json.0.dr	false	high
https://songstats.com	sets.json.0.dr	false	high
https://baomoi.com	sets.json.0.dr	false	high
https://supereva.it	sets.json.0.dr	false	high
https://elfinancierocr.com	sets.json.0.dr	false	high
https://bolasport.com	sets.json.0.dr	false	high
https://rws1nvtvt.com	sets.json.0.dr	false	high
https://desimartini.com	sets.json.0.dr	false	high
https://hearty.app	sets.json.0.dr	false	high
https://hearty.gift	sets.json.0.dr	false	high
https://mercadoshops.com	sets.json.0.dr	false	high
https://heartymail.com	sets.json.0.dr	false	high
https://nlc.hu	sets.json.0.dr	false	high
https://p106.net	sets.json.0.dr	false	high
https://radio2.be	sets.json.0.dr	false	high
https://finn.no	sets.json.0.dr	false	high
https://hc1.com	sets.json.0.dr	false	high
https://kompas.tv	sets.json.0.dr	false	high
https://mystudentdashboard.com	sets.json.0.dr	false	high
https://songshare.com	sets.json.0.dr	false	high
https://smaker.pl	sets.json.0.dr	false	high
https://mercadopago.com.mx	sets.json.0.dr	false	high
https://p24.hu	sets.json.0.dr	false	high
https://talkdeskqaid.com	sets.json.0.dr	false	high
https://24.hu	sets.json.0.dr	false	high
https://mercadopago.com.pe	sets.json.0.dr	false	high
https://cardsayings.net	sets.json.0.dr	false	high
https://text.com	sets.json.0.dr	false	high
https://mightytext.net	sets.json.0.dr	false	high
https://pudelek.pl	sets.json.0.dr	false	high
https://hazipatika.com	sets.json.0.dr	false	high
https://joyreactor.com	sets.json.0.dr	false	high
https://cookreactor.com	sets.json.0.dr	false	high
https://wildixin.com	sets.json.0.dr	false	high
https://eworkbookcloud.com	sets.json.0.dr	false	high
https://cognitiveai.ru	sets.json.0.dr	false	high
https://nacion.com	sets.json.0.dr	false	high
https://chennien.com	sets.json.0.dr	false	high
https://drimer.travel	sets.json.0.dr	false	high
https://deccoria.pl	sets.json.0.dr	false	high
http://gmpg.org/xfn/11	chromecache_58.2.dr, chromecache_55.2.dr	false	high
https://mercadopago.cl	sets.json.0.dr	false	high
https://talkdeskstgid.com	sets.json.0.dr	false	high
https://naukri.com	sets.json.0.dr	false	high
https://interia.pl	sets.json.0.dr	false	high
https://bonvivir.com	sets.json.0.dr	false	high
https://carcostadvisor.be	sets.json.0.dr	false	high
https://salemovetravel.com	sets.json.0.dr	false	high
https://sapo.io	sets.json.0.dr	false	high
https://wpext.pl	sets.json.0.dr	false	high
https://welt.de	sets.json.0.dr	false	high
https://poalim.site	sets.json.0.dr	false	high
https://drimer.io	sets.json.0.dr	false	high
https://infoedgeindia.com	sets.json.0.dr	false	high
https://blackrockadvisorelite.it	sets.json.0.dr	false	high
https://cognitive-ai.ru	sets.json.0.dr	false	high
https://cafemedia.com	sets.json.0.dr	false	high
https://graziadaily.co.uk	sets.json.0.dr	false	high
https://thirdspace.org.au	sets.json.0.dr	false	high
https://mercadoshops.com.ar	sets.json.0.dr	false	high
https://smpn106jkt.sch.id	sets.json.0.dr	false	high
https://elpais.uy	sets.json.0.dr	false	high
https://landyrev.com	sets.json.0.dr	false	high
https://the42.ie	sets.json.0.dr	false	high
https://commentcamarche.com	sets.json.0.dr	false	high
https://tucarro.com.ve	sets.json.0.dr	false	high
https://rws3nvtvt.com	sets.json.0.dr	false	high
https://eleconomista.net	sets.json.0.dr	false	high
https://helpdesk.com	sets.json.0.dr	false	high
https://mercadolivre.com.br	sets.json.0.dr	false	high
https://clmbtech.com	sets.json.0.dr	false	high
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	high
https://07c225f3.online	sets.json.0.dr	false	high
https://salemovefinancial.com	sets.json.0.dr	false	high
https://mercadopago.com.br	sets.json.0.dr	false	high
https://zoom.us	sets.json.0.dr	false	high
https://commentcamarche.net	sets.json.0.dr	false	high
https://etfacademy.it	sets.json.0.dr	false	high
https://mighty-app.appspot.com	sets.json.0.dr	false	high
https://hj.rs	sets.json.0.dr	false	high
https://hearty.me	sets.json.0.dr	false	high
https://mercadolibre.com.gt	sets.json.0.dr	false	high
https://timesinternet.in	sets.json.0.dr	false	high
https://indiatodayne.in	sets.json.0.dr	false	high
https://idbs-staging.com	sets.json.0.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.110.180.34	mailgun.org	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.185.170.18	dosagrillva.com	United States	46606	UNIFIEDLAYER-AS-1US	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590150
Start date and time:	2025-01-13 16:54:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@18/24@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.184.206, 142.251.168.84, 142.250.181.238, 216.58.206.78, 199.232.210.172, 184.30.131.245, 142.250.186.46, 142.250.185.110, 142.250.185.238, 142.250.186.163, 216.58.212.174, 34.104.35.123, 2.23.242.162, 20.12.23.50, 13.107.253.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://email.bigcontacts.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://email.bigcontacts.com
URL: https://dosagrillva.com/share.html# Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://dosagrillva.com/cgi-sys/js/simple-expand.m... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate plugin for expanding and collapsing content on a web page. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. The script uses standard DOM manipulation and event handling techniques, which are common in web development. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a well-intentioned and relatively benign utility plugin." }
/* Copyright (C) 2012 Sylvain Hamel Project: https://github.com/redhotsly/simple-expand MIT Licence: https://raw.github.com/redhotsly/simple-expand/master/licence-mit.txt */ (function($){"use strict";function e(){var e=this;e.defaults={hideMode:"fadeToggle",defaultSearchMode:"parent",defaultTarget:".content",throwOnMissingTarget:!0,keepStateInCookie:!1,cookieName:"simple-expand"},e.settings={},$.extend(e.settings,e.defaults),e.findLevelOneDeep=function(e,t,n){return e.find(t).filter(function(){return!$(this).parentsUntil(e,n).length})},e.setInitialState=function(t,n){var r=e.readState(t);r?(t.removeClass("collapsed").addClass("expanded"),e.show(n)):(t.removeClass("expanded").addClass("collapsed"),e.hide(n))},e.hide=function(t){e.settings.hideMode==="fadeToggle"?t.hide():e.settings.hideMode==="basic"&&t.hide()},e.show=function(t){e.settings.hideMode==="fadeToggle"?t.show():e.settings.hideMode==="basic"&&t.show()},e.checkKeepStateInCookiePreconditions=function(){if(e.settings.keepStateInCookie&&$.cookie===undefined)throw new Error("simple-expand: keepStateInCookie option requires $.cookie to be defined.")},e.readCookie=function(){var t=$.cookie(e.settings.cookieName);return t===null\|\|t===""?{}:JSON.parse(t)},e.readState=function(t){if(!e.settings.keepStateInCookie)return!1;var n=t.attr("Id");if(n===undefined)return;var r=e.readCookie(),i=r[n]===!0\|\|!1;return i},e.saveState=function(t,n){if(!e.settings.keepStateInCookie)return;var r=t.attr("Id");if(r===undefined)return;var i=e.readCookie();i[r]=n,$.cookie(e.settings.cookieName,JSON.stringify(i),{raw:!0,path:window.location.pathname})},e.toggle=function(t,n){var r=e.toggleCss(t);return e.settings.hideMode==="fadeToggle"?n.fadeToggle(150):e.settings.hideMode==="basic"?n.toggle():$.isFunction(e.settings.hideMode)&&e.settings.hideMode(t,n,r),e.saveState(t,r),!1},e.toggleCss=function(e){return e.hasClass("expanded")?(e.toggleClass("collapsed expanded"),!1):(e.toggleClass("expanded collapsed"),!0)},e.findTargets=function(t,n,r){var i=[];if(n==="absolute")i=$(r);else if(n==="relative")i=e.findLevelOneDeep(t,r,r);else if(n==="parent"){var s=t.parent();do i=e.findLevelOneDeep(s,r,r),i.length===0&&(s=s.parent());while(i.length===0&&s.length!==0)}return i},e.activate=function(t,n){$.extend(e.settings,n),e.checkKeepStateInCookiePreconditions(),t.each(function(){var t=$(this),n=t.attr("data-expander-target")\|\|e.settings.defaultTarget,r=t.attr("data-expander-target-search")\|\|e.settings.defaultSearchMode,i=e.findTargets(t,r,n);if(i.length===0){if(e.settings.throwOnMissingTarget)throw"simple-expand: Targets not found";return this}e.setInitialState(t,i),t.click(function(){return e.toggle(t,i)})})}}window.SimpleExpand=e,$.fn.simpleexpand=function(t){var n=new e;return n.activate(this,t),this}})(jQuery);
URL: https://dosagrillva.com/share.html# Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.018989605004616
Encrypted:	false
SSDEEP:	48:p/hUI1OwEU3AdIq7ak68O40E2szOxxUJ8BPFkf31U4PrHfqY3J5D:RnOwtQIq7aZ40E2sYUJAYRr/qYZ5D
MD5:	C4709C1D483C9233A3A66A7E157624EA
SHA1:	99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
SHA-256:	225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
SHA-512:	B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.820000180714897
Encrypted:	false
SSDEEP:	3:SVzHL3phUmWRDNKydvgHVz:SBHLLUmWRbCp
MD5:	BBEC7670A2519FEB0627F17D0C0B5276
SHA1:	9C30B996F1B069F86EF7C0136DFAF7E614674DEA
SHA-256:	670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
SHA-512:	1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
Malicious:	false
Reputation:	low
Preview:	1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1kULJVPY:F6VlM8aRWpqS1kSJVg
MD5:	084E339C0C9FE898102815EAC9A7CDEA
SHA1:	6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
SHA-256:	52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
SHA-512:	0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	4.629347296880043
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJl:v5C4ql7BkIVmtRTGXvcxBsl
MD5:	8C702C686B703020BC0290BAFC90D7A0
SHA1:	EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
SHA-256:	97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
SHA-512:	6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2608)
Category:	downloaded
Size (bytes):	2782
Entropy (8bit):	5.019685895243474
Encrypted:	false
SSDEEP:	48:ZyasIR12+fdeW/dki+sefSjDdf19EhTPvyhu31y4YqAJ:ZyasIR1Jr0lalvEJSIPYJJ
MD5:	42CB9467FD660B25209863C072E69342
SHA1:	C4D32879D225F46588FBA989F8A2AFCB9B49A519
SHA-256:	7989430E3C85121CAA76C6DA31AA38D43EF139062E2C3BD4F4350B62FE90D4D4
SHA-512:	F248177D888D767C375F5F725598CBCFCD48BE0AC92BE5F446FC010659C52100DE8CE4CB025F7B34EA3179E34368492F00CD4392129A9F2D323FD185C210B4D0
Malicious:	false
Reputation:	low
URL:	https://dosagrillva.com/cgi-sys/js/simple-expand.min.js
Preview:	/* Copyright (C) 2012 Sylvain Hamel.Project: https://github.com/redhotsly/simple-expand.MIT Licence: https://raw.github.com/redhotsly/simple-expand/master/licence-mit.txt */.(function($){"use strict";function e(){var e=this;e.defaults={hideMode:"fadeToggle",defaultSearchMode:"parent",defaultTarget:".content",throwOnMissingTarget:!0,keepStateInCookie:!1,cookieName:"simple-expand"},e.settings={},$.extend(e.settings,e.defaults),e.findLevelOneDeep=function(e,t,n){return e.find(t).filter(function(){return!$(this).parentsUntil(e,n).length})},e.setInitialState=function(t,n){var r=e.readState(t);r?(t.removeClass("collapsed").addClass("expanded"),e.show(n)):(t.removeClass("expanded").addClass("collapsed"),e.hide(n))},e.hide=function(t){e.settings.hideMode==="fadeToggle"?t.hide():e.settings.hideMode==="basic"&&t.hide()},e.show=function(t){e.settings.hideMode==="fadeToggle"?t.show():e.settings.hideMode==="basic"&&t.show()},e.checkKeepStateInCookiePreconditions=function(){if(e.settings.keepStateIn

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 14
Category:	downloaded
Size (bytes):	537
Entropy (8bit):	6.848296452361371
Encrypted:	false
SSDEEP:	12:BDGHgnth2eq8ExIFDW+ax8+RorOwL+8Cu2uPhNWnyRmK3Fd7HRa:lGHith7rEAW+a0W8GChUnyRmoy
MD5:	54EB288427ACF79ED320EFD4916FE0B7
SHA1:	67BA813FF74D52035D70FCDA58B57563F01FB829
SHA-256:	70E4A5F9F7D98C1564B17ECC69196FED4F74FE5AFB2C61B4FB7045DD3309DC4F
SHA-512:	C7C00A268ADA15FC6B19F64860DD5CE92FA69E6B64E2D7B3ADA02B74E6CC3C4EB4466BBA443752A76F4EE908FA93F3683C6256F7A473B05C86ECAEBBCAC125E1
Malicious:	false
Reputation:	low
URL:	https://dosagrillva.com/cgi-sys/images/404bottom.gif
Preview:	GIF89ad......6e............\|.....m.....\.......Nw................X..s........d.................{..~.....k.....c..Y......................................................................................!.......,....d......@.AB,...r.l:..tJ.Z..v..z..xL....z]T...\|N.....~.....OnB.............Un.............S......................................f..............D.........f..............D.#p.........E......H...2..............@....#..... C..I...(S.\...0c.I...8s.....6.*.d.......(ph.DC...8..Z...X.j....`..K...S9X Q"I..;

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 4
Category:	dropped
Size (bytes):	120
Entropy (8bit):	6.060493667147718
Encrypted:	false
SSDEEP:	3:CcnebN95vXG5Z1CK/7kCfrpvsdhyt86psoPHHn:tQG5Z1Dn+Wy6pseH
MD5:	DC8055F43FBB4A4B6DFB298EC35188F2
SHA1:	1FFC540743DE1CDB929D9D1218978005141E8D9D
SHA-256:	B857737891B84293B3DF526B48CE3D54FDCC5789C250EADFF9DD38E3C2C68CAF
SHA-512:	2CC173EFBA132E4352582F000F226E86A9A898B8A3AC1BA9633B2F19838B618EE3047555928E5258CC97E514D6F96ADF86391F7C6104288F1A61543E93B13518
Malicious:	false
Reputation:	low
Preview:	GIF89ad.................!.......,....d.....I...............H....................D..VL*.....J.T..P.j......-...;

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2608)
Category:	dropped
Size (bytes):	2782
Entropy (8bit):	5.019685895243474
Encrypted:	false
SSDEEP:	48:ZyasIR12+fdeW/dki+sefSjDdf19EhTPvyhu31y4YqAJ:ZyasIR1Jr0lalvEJSIPYJJ
MD5:	42CB9467FD660B25209863C072E69342
SHA1:	C4D32879D225F46588FBA989F8A2AFCB9B49A519
SHA-256:	7989430E3C85121CAA76C6DA31AA38D43EF139062E2C3BD4F4350B62FE90D4D4
SHA-512:	F248177D888D767C375F5F725598CBCFCD48BE0AC92BE5F446FC010659C52100DE8CE4CB025F7B34EA3179E34368492F00CD4392129A9F2D323FD185C210B4D0
Malicious:	false
Reputation:	low
Preview:	/* Copyright (C) 2012 Sylvain Hamel.Project: https://github.com/redhotsly/simple-expand.MIT Licence: https://raw.github.com/redhotsly/simple-expand/master/licence-mit.txt */.(function($){"use strict";function e(){var e=this;e.defaults={hideMode:"fadeToggle",defaultSearchMode:"parent",defaultTarget:".content",throwOnMissingTarget:!0,keepStateInCookie:!1,cookieName:"simple-expand"},e.settings={},$.extend(e.settings,e.defaults),e.findLevelOneDeep=function(e,t,n){return e.find(t).filter(function(){return!$(this).parentsUntil(e,n).length})},e.setInitialState=function(t,n){var r=e.readState(t);r?(t.removeClass("collapsed").addClass("expanded"),e.show(n)):(t.removeClass("expanded").addClass("collapsed"),e.hide(n))},e.hide=function(t){e.settings.hideMode==="fadeToggle"?t.hide():e.settings.hideMode==="basic"&&t.hide()},e.show=function(t){e.settings.hideMode==="fadeToggle"?t.show():e.settings.hideMode==="basic"&&t.show()},e.checkKeepStateInCookiePreconditions=function(){if(e.settings.keepStateIn

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 4
Category:	downloaded
Size (bytes):	120
Entropy (8bit):	6.060493667147718
Encrypted:	false
SSDEEP:	3:CcnebN95vXG5Z1CK/7kCfrpvsdhyt86psoPHHn:tQG5Z1Dn+Wy6pseH
MD5:	DC8055F43FBB4A4B6DFB298EC35188F2
SHA1:	1FFC540743DE1CDB929D9D1218978005141E8D9D
SHA-256:	B857737891B84293B3DF526B48CE3D54FDCC5789C250EADFF9DD38E3C2C68CAF
SHA-512:	2CC173EFBA132E4352582F000F226E86A9A898B8A3AC1BA9633B2F19838B618EE3047555928E5258CC97E514D6F96ADF86391F7C6104288F1A61543E93B13518
Malicious:	false
Reputation:	low
URL:	https://dosagrillva.com/cgi-sys/images/404mid.gif
Preview:	GIF89ad.................!.......,....d.....I...............H....................D..VL*.....J.T..P.j......-...;

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5463
Entropy (8bit):	5.10458332199336
Encrypted:	false
SSDEEP:	96:1PCFt4A37hFsZQRCH25ZKs483El+PUsUt3WXiISFUKdz1wcPUTfGB4ntOaAu:Qf37nK125Z/48nUsUt3WSrFN32ttOaAu
MD5:	DEA6E9DBC0D38B8E55FBFE3C9BA398FB
SHA1:	942EFEA5546B6179A3D9E8F80D277FDFFD265269
SHA-256:	01B44FE82A629BF6F6EC3274FD197EEBB2B4EEA06E1501CE462052525F4788F1
SHA-512:	2AD1A1F356F4E4219662827B46A167C818FA70D289B27DF87494C4ED2B4522DA4314387AFCAFA14CEF6AF2EBD023E73475BD4E72EAD0C1A065FBC270142FDB9A
Malicious:	false
Reputation:	low
URL:	https://dosagrillva.com/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head profile="http://gmpg.org/xfn/11">. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>503 - SERVICE UNAVAILABLE</title>...... Add Slide Outs -->.....<script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> .....<script src="/cgi-sys/js/simple-expand.min.js"></script>. . <style type="text/css">. body{padding:0;margin:0;font-family:helvetica;}. #container{margin:20px auto;width:868px;}. #container #top503{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;}. #container #mid503{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;}. #container #mid503 #gatorbottom{position:relative;left:39px;float:left;}.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 868x169, components 3
Category:	downloaded
Size (bytes):	4335
Entropy (8bit):	5.483603315043782
Encrypted:	false
SSDEEP:	48:Ivi3ZsdwUKPGIhuF/ig2BamU/CSkMKisRHcfZakyWr9A9RSxNRXbRzwn:HpowU4ovDPCSrKishcxjyWrCCb+n
MD5:	DE6ECBBB2471827D90BF32C47A0CBC45
SHA1:	FFEAAFE8B9CA2752908C5D4E95E4803EF7FFDD18
SHA-256:	5CAE6C33F0F9D4449CE8539A60E7D40EBA2DDC75979FC26284854A29C36D08CB
SHA-512:	FAF0F054EF55B3362BA26615BC670DCC0471D660BBFBC4D086CE8CB143D31235AFC4AD4332FB669CAB4ED422C99FE67AB31D8E955D9B18F21A4CFDD33090D496
Malicious:	false
Reputation:	low
URL:	https://dosagrillva.com/cgi-sys/images/404top_w.jpg
Preview:	......JFIF.....H.H.....C..............................................!........."$".$.......C.........................................................................d..........................................:..............................!..16FQt.....aq..AV..&..................................'....................R........Q.!13...............?..X..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 868x169, components 3
Category:	dropped
Size (bytes):	4335
Entropy (8bit):	5.483603315043782
Encrypted:	false
SSDEEP:	48:Ivi3ZsdwUKPGIhuF/ig2BamU/CSkMKisRHcfZakyWr9A9RSxNRXbRzwn:HpowU4ovDPCSrKishcxjyWrCCb+n
MD5:	DE6ECBBB2471827D90BF32C47A0CBC45
SHA1:	FFEAAFE8B9CA2752908C5D4E95E4803EF7FFDD18
SHA-256:	5CAE6C33F0F9D4449CE8539A60E7D40EBA2DDC75979FC26284854A29C36D08CB
SHA-512:	FAF0F054EF55B3362BA26615BC670DCC0471D660BBFBC4D086CE8CB143D31235AFC4AD4332FB669CAB4ED422C99FE67AB31D8E955D9B18F21A4CFDD33090D496
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....C..............................................!........."$".$.......C.........................................................................d..........................................:..............................!..16FQt.....aq..AV..&..................................'....................R........Q.!13...............?..X..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5463
Entropy (8bit):	5.10458332199336
Encrypted:	false
SSDEEP:	96:1PCFt4A37hFsZQRCH25ZKs483El+PUsUt3WXiISFUKdz1wcPUTfGB4ntOaAu:Qf37nK125Z/48nUsUt3WSrFN32ttOaAu
MD5:	DEA6E9DBC0D38B8E55FBFE3C9BA398FB
SHA1:	942EFEA5546B6179A3D9E8F80D277FDFFD265269
SHA-256:	01B44FE82A629BF6F6EC3274FD197EEBB2B4EEA06E1501CE462052525F4788F1
SHA-512:	2AD1A1F356F4E4219662827B46A167C818FA70D289B27DF87494C4ED2B4522DA4314387AFCAFA14CEF6AF2EBD023E73475BD4E72EAD0C1A065FBC270142FDB9A
Malicious:	false
Reputation:	low
URL:	https://dosagrillva.com/share.html
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head profile="http://gmpg.org/xfn/11">. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>503 - SERVICE UNAVAILABLE</title>...... Add Slide Outs -->.....<script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> .....<script src="/cgi-sys/js/simple-expand.min.js"></script>. . <style type="text/css">. body{padding:0;margin:0;font-family:helvetica;}. #container{margin:20px auto;width:868px;}. #container #top503{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;}. #container #mid503{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;}. #container #mid503 #gatorbottom{position:relative;left:39px;float:left;}.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15531
Entropy (8bit):	7.97271060485992
Encrypted:	false
SSDEEP:	384:siPlsK5KR+ofs9hwqLo4R2T6HwmNk8Yt25Ht2UGi/qr:dsK5KR+kswqLoG2TzmK8YtaHtSr
MD5:	0338BAD217810B4F084745BD38469A67
SHA1:	83EC76ECF73920A2500AF10318BC45BFE96CEA97
SHA-256:	4C2E4C7DF80B8530A36E3EA84C86016E19420F651D2136A9DE57D6EB994239EE
SHA-512:	CC3DAAFD5C0432BA66F9377B35BF448DDCD2E55C2A898A6421BD04335A6E754F659DB39B145F1A1AEDD590201D834263B7CCBDE2651F9CEFEC86D6D20CBBC9D8
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............<.q.....sRGB.........bKGD..............pHYs.................tIME......%./8... .IDATx..yt..y%~.W.+.h..J.$.. Ab..."h.(J.b.v..9g2>.9...'V...If&.Gr.K.l.b.,Y..Q.$R..M.....b_.......u...J...9u......}...oy@\|.G\|.G\|.G\|.G\|.G\|.G\|.G\|.G\|.G\|...:(~...:.....#..I_.cc.f<....[.d.. :.......~...............Q..........+...C.$R....w.g..\|?,......&b....^.xz....O.y.......t..qp.Ma.p8.......?./.U\|!7... UU.9...c...N.:......_.......`.....;.\R.N.LUU...~..ee..2?... .9...\..22.3.~o......Wu....V..6n.8..x.S....EAUU.V.\.y.....S.......)).i..]W.^.tY...k......#.9......nA!.#EQ.pa#N.:.........e.Zp..Yp...r..6.=zdk ....".....S.....w_.9......s...L..........A=..,c&..8....\|...1..e...~....t0....f5w..,--u.\|....8.....y........h..@...`..b...!55Y.....]..... .@"......8c........X.t:.s.3fL.... ZB..S&pNH.......\.D}...:u......I..........3.r..[w4.$I.E....Q.NI.t...x..(E0...~.bo.8.....rp..9. b.$.... b..S..;u......,.$.q...M!).......;..D..9+...3/.#.Q.p...bL7h.TW.W....

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 14
Category:	dropped
Size (bytes):	537
Entropy (8bit):	6.848296452361371
Encrypted:	false
SSDEEP:	12:BDGHgnth2eq8ExIFDW+ax8+RorOwL+8Cu2uPhNWnyRmK3Fd7HRa:lGHith7rEAW+a0W8GChUnyRmoy
MD5:	54EB288427ACF79ED320EFD4916FE0B7
SHA1:	67BA813FF74D52035D70FCDA58B57563F01FB829
SHA-256:	70E4A5F9F7D98C1564B17ECC69196FED4F74FE5AFB2C61B4FB7045DD3309DC4F
SHA-512:	C7C00A268ADA15FC6B19F64860DD5CE92FA69E6B64E2D7B3ADA02B74E6CC3C4EB4466BBA443752A76F4EE908FA93F3683C6256F7A473B05C86ECAEBBCAC125E1
Malicious:	false
Reputation:	low
Preview:	GIF89ad......6e............\|.....m.....\.......Nw................X..s........d.................{..~.....k.....c..Y......................................................................................!.......,....d......@.AB,...r.l:..tJ.Z..v..z..xL....z]T...\|N.....~.....OnB.............Un.............S......................................f..............D.........f..............D.#p.........E......H...2..............@....#..... C..I...(S.\...0c.I...8s.....6.*.d.......(ph.DC...8..Z...X.j....`..K...S9X Q"I..;

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15531
Entropy (8bit):	7.97271060485992
Encrypted:	false
SSDEEP:	384:siPlsK5KR+ofs9hwqLo4R2T6HwmNk8Yt25Ht2UGi/qr:dsK5KR+kswqLoG2TzmK8YtaHtSr
MD5:	0338BAD217810B4F084745BD38469A67
SHA1:	83EC76ECF73920A2500AF10318BC45BFE96CEA97
SHA-256:	4C2E4C7DF80B8530A36E3EA84C86016E19420F651D2136A9DE57D6EB994239EE
SHA-512:	CC3DAAFD5C0432BA66F9377B35BF448DDCD2E55C2A898A6421BD04335A6E754F659DB39B145F1A1AEDD590201D834263B7CCBDE2651F9CEFEC86D6D20CBBC9D8
Malicious:	false
Reputation:	low
URL:	https://dosagrillva.com/cgi-sys/images/w.png
Preview:	.PNG........IHDR.............<.q.....sRGB.........bKGD..............pHYs.................tIME......%./8... .IDATx..yt..y%~.W.+.h..J.$.. Ab..."h.(J.b.v..9g2>.9...'V...If&.Gr.K.l.b.,Y..Q.$R..M.....b_.......u...J...9u......}...oy@\|.G\|.G\|.G\|.G\|.G\|.G\|.G\|.G\|.G\|...:(~...:.....#..I_.cc.f<....[.d.. :.......~...............Q..........+...C.$R....w.g..\|?,......&b....^.xz....O.y.......t..qp.Ma.p8.......?./.U\|!7... UU.9...c...N.:......_.......`.....;.\R.N.LUU...~..ee..2?... .9...\..22.3.~o......Wu....V..6n.8..x.S....EAUU.V.\.y.....S.......)).i..]W.^.tY...k......#.9......nA!.#EQ.pa#N.:.........e.Zp..Yp...r..6.=zdk ....".....S.....w_.9......s...L..........A=..,c&..8....\|...1..e...~....t0....f5w..,--u.\|....8.....y........h..@...`..b...!55Y.....]..... .@"......8c........X.t:.s.3fL.... ZB..S&pNH.......\.D}...:u......I..........3.r..[w4.$I.E....Q.NI.t...x..(E0...~.bo.8.....rp..9. b.$.... b..S..;u......,.$.q...M!).......;..D..9+...3/.#.Q.p...bL7h.TW.W....

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 16:54:57.499716997 CET	49675	443	192.168.2.4	173.222.162.32
Jan 13, 2025 16:55:00.543090105 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:00.543097973 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:00.543158054 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:00.543334961 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:00.543343067 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:01.212713003 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:01.212950945 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:01.212965012 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:01.213819027 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:01.213881016 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:01.217004061 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:01.217103958 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:01.266333103 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:01.266338110 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:01.313208103 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:02.067184925 CET	49741	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:55:02.067395926 CET	49742	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:55:02.072123051 CET	80	49741	34.110.180.34	192.168.2.4
Jan 13, 2025 16:55:02.072237015 CET	80	49742	34.110.180.34	192.168.2.4
Jan 13, 2025 16:55:02.072370052 CET	49741	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:55:02.072370052 CET	49741	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:55:02.073091984 CET	49742	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:55:02.077174902 CET	80	49741	34.110.180.34	192.168.2.4
Jan 13, 2025 16:55:02.549377918 CET	80	49741	34.110.180.34	192.168.2.4
Jan 13, 2025 16:55:02.596276045 CET	49741	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:55:02.767519951 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:02.767612934 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:02.767714024 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:02.767898083 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:02.767919064 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.298197985 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.298584938 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.298648119 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.300313950 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.300390959 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.301422119 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.301517010 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.301585913 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.301603079 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.346369028 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.435641050 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.435708046 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.435798883 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.435863972 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.435908079 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.436067104 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.436640978 CET	49743	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.436671972 CET	443	49743	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.465961933 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.466051102 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.466165066 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.466181040 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.466223001 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.466276884 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.466419935 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.466427088 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.466444969 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.466528893 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.963145018 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.963532925 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.963597059 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.964095116 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.964591980 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.964591980 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.964730024 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.981015921 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.981236935 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.981250048 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.982400894 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.982726097 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.982840061 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:03.982844114 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:03.982887983 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.016216040 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.031573057 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.101942062 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.101999044 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.102144957 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.102181911 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.102251053 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.123414040 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.123483896 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.123505116 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.123663902 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.123663902 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.123682022 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.142575026 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.142685890 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.142693996 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.142743111 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.142787933 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.161120892 CET	49744	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.161184072 CET	443	49744	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.282250881 CET	49745	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.282270908 CET	443	49745	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.285168886 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.285254955 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.285375118 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.285635948 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.285659075 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.285712957 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.285990000 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.286083937 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.286151886 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.286282063 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.286308050 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.286503077 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.286518097 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.286693096 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.286731958 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.689055920 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.689112902 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.689133883 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.689199924 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.689208984 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.689275026 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.689384937 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.689403057 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.689600945 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.689675093 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.784437895 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.784826040 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.784889936 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.785386086 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.785756111 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.785831928 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.785850048 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.785876036 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.790879011 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.791052103 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.791112900 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.794322014 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.794398069 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.795150042 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.795236111 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.795257092 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.813244104 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.813508987 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.813520908 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.814626932 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.814913988 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.815002918 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.815006018 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.815073967 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.825447083 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.835349083 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.840935946 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.840962887 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.856148005 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.888187885 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.924329996 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.924386978 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.924463987 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.924523115 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.924576044 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.924587011 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.924623966 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.925430059 CET	49746	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.925492048 CET	443	49746	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.928347111 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.928430080 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.928502083 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.928534031 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.928647041 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.928723097 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.928853989 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.928935051 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.929188967 CET	49748	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.929243088 CET	443	49748	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.931509018 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.931593895 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.931706905 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.931854963 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.931898117 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.957039118 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.957206011 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.957259893 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.957753897 CET	49747	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.957767963 CET	443	49747	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.962280035 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.962322950 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.962384939 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.962591887 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.962625980 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.963310003 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.963332891 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:04.963546991 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.963659048 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:04.963697910 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.205257893 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.205605030 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.205774069 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.205837011 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.205955029 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.206017017 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.207206011 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.207277060 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.207528114 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.207571983 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.207592964 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.207638025 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.207825899 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.207916975 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.207947016 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.207962990 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.208033085 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.208051920 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.251022100 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.251024008 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.351406097 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.351459980 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.351597071 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.351823092 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.351823092 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.352349043 CET	49750	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.352363110 CET	443	49750	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.352783918 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.352848053 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.352868080 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.352921963 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.352989912 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.353025913 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.371515036 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.371666908 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.371702909 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.371917963 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.371917963 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.424171925 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.429099083 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.432790995 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.432852030 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.433959961 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.434020996 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.434747934 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.434937000 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.435635090 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.435718060 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.435774088 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.436841965 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.437069893 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.437465906 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.437550068 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.437693119 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.473304033 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.473551035 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.473615885 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.473929882 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.475172997 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.475234032 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.477161884 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.477229118 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.477281094 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.480006933 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.480067015 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.482259035 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.482680082 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.482742071 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.484338999 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.484550953 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.484858036 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.484858036 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.484988928 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.519409895 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.531269073 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.531297922 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.531300068 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.531299114 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.531368017 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.566873074 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.567038059 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.567195892 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.568030119 CET	49751	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.568092108 CET	443	49751	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.568685055 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.568742990 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.568787098 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.568909883 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.568941116 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.568941116 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.569011927 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.570192099 CET	49752	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.570229053 CET	443	49752	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.593363047 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.628796101 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.628851891 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.628978014 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.629033089 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.629039049 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.629167080 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.629167080 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.629862070 CET	49753	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.629901886 CET	443	49753	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.631020069 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.631062984 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.631134033 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.631289959 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.631298065 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.631419897 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.631494999 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.631675959 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.632117987 CET	49754	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.632179976 CET	443	49754	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:05.687144041 CET	49749	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:05.687205076 CET	443	49749	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.134068012 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.134465933 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:06.134500027 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.134972095 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.135243893 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:06.135340929 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.135374069 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:06.179348946 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.186984062 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:06.283777952 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.283834934 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.283993959 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:06.284015894 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.284063101 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:06.284086943 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:06.284121037 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:06.284832001 CET	49756	443	192.168.2.4	192.185.170.18
Jan 13, 2025 16:55:06.284851074 CET	443	49756	192.185.170.18	192.168.2.4
Jan 13, 2025 16:55:11.109622002 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:11.109674931 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:11.109719992 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:12.179323912 CET	49739	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:55:12.179344893 CET	443	49739	142.250.184.228	192.168.2.4
Jan 13, 2025 16:55:15.850991011 CET	80	49723	217.20.57.34	192.168.2.4
Jan 13, 2025 16:55:15.851475954 CET	49723	80	192.168.2.4	217.20.57.34
Jan 13, 2025 16:55:15.851475954 CET	49723	80	192.168.2.4	217.20.57.34
Jan 13, 2025 16:55:15.856372118 CET	80	49723	217.20.57.34	192.168.2.4
Jan 13, 2025 16:55:47.082506895 CET	49742	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:55:47.087738991 CET	80	49742	34.110.180.34	192.168.2.4
Jan 13, 2025 16:55:47.551501036 CET	49741	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:55:47.556759119 CET	80	49741	34.110.180.34	192.168.2.4
Jan 13, 2025 16:55:57.710762024 CET	65399	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:57.716520071 CET	53	65399	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:57.716602087 CET	65399	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:57.722347021 CET	53	65399	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:59.167434931 CET	65399	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:59.168190956 CET	65399	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:59.169245958 CET	65399	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:59.170178890 CET	65399	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:59.177453995 CET	53	65399	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:59.177633047 CET	65399	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:56:00.594885111 CET	65412	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:56:00.594916105 CET	443	65412	142.250.184.228	192.168.2.4
Jan 13, 2025 16:56:00.594995022 CET	65412	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:56:00.595172882 CET	65412	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:56:00.595180035 CET	443	65412	142.250.184.228	192.168.2.4
Jan 13, 2025 16:56:01.241138935 CET	443	65412	142.250.184.228	192.168.2.4
Jan 13, 2025 16:56:01.241399050 CET	65412	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:56:01.241420031 CET	443	65412	142.250.184.228	192.168.2.4
Jan 13, 2025 16:56:01.242491007 CET	443	65412	142.250.184.228	192.168.2.4
Jan 13, 2025 16:56:01.243195057 CET	65412	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:56:01.243273973 CET	443	65412	142.250.184.228	192.168.2.4
Jan 13, 2025 16:56:01.297141075 CET	65412	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:56:02.189152002 CET	49742	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:56:02.194839954 CET	80	49742	34.110.180.34	192.168.2.4
Jan 13, 2025 16:56:02.194899082 CET	49742	80	192.168.2.4	34.110.180.34
Jan 13, 2025 16:56:04.859916925 CET	49724	80	192.168.2.4	199.232.214.172
Jan 13, 2025 16:56:04.865616083 CET	80	49724	199.232.214.172	192.168.2.4
Jan 13, 2025 16:56:04.865700960 CET	49724	80	192.168.2.4	199.232.214.172
Jan 13, 2025 16:56:11.143305063 CET	443	65412	142.250.184.228	192.168.2.4
Jan 13, 2025 16:56:11.143383026 CET	443	65412	142.250.184.228	192.168.2.4
Jan 13, 2025 16:56:11.143435001 CET	65412	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:56:12.189611912 CET	65412	443	192.168.2.4	142.250.184.228
Jan 13, 2025 16:56:12.189636946 CET	443	65412	142.250.184.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 16:54:55.868485928 CET	53	54658	1.1.1.1	192.168.2.4
Jan 13, 2025 16:54:55.874236107 CET	53	52320	1.1.1.1	192.168.2.4
Jan 13, 2025 16:54:56.892180920 CET	53	59416	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:00.532836914 CET	51902	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:00.533051014 CET	55901	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:00.541851044 CET	53	51902	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:00.542465925 CET	53	55901	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:02.035612106 CET	59068	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:02.035743952 CET	61940	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:02.054044008 CET	53	59068	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:02.080646992 CET	53	61940	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:02.552126884 CET	50342	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:02.552377939 CET	60060	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:02.765311003 CET	53	50342	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:02.767177105 CET	53	60060	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:04.327564955 CET	57756	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:04.331211090 CET	59507	53	192.168.2.4	1.1.1.1
Jan 13, 2025 16:55:04.614890099 CET	53	59507	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:04.688210964 CET	53	57756	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:13.883727074 CET	53	57178	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:16.458177090 CET	138	138	192.168.2.4	192.168.2.255
Jan 13, 2025 16:55:32.634434938 CET	53	61199	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:55.369234085 CET	53	50364	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:55.760684013 CET	53	59730	1.1.1.1	192.168.2.4
Jan 13, 2025 16:55:57.710371971 CET	53	51371	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 13, 2025 16:55:02.080738068 CET	192.168.2.4	1.1.1.1	c255	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 16:55:00.532836914 CET	192.168.2.4	1.1.1.1	0x69c8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 16:55:00.533051014 CET	192.168.2.4	1.1.1.1	0xf22e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 16:55:02.035612106 CET	192.168.2.4	1.1.1.1	0x62a4	Standard query (0)	email.bigcontacts.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 16:55:02.035743952 CET	192.168.2.4	1.1.1.1	0x811b	Standard query (0)	email.bigcontacts.com	65	IN (0x0001)	false
Jan 13, 2025 16:55:02.552126884 CET	192.168.2.4	1.1.1.1	0xeb49	Standard query (0)	dosagrillva.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 16:55:02.552377939 CET	192.168.2.4	1.1.1.1	0x80ab	Standard query (0)	dosagrillva.com	65	IN (0x0001)	false
Jan 13, 2025 16:55:04.327564955 CET	192.168.2.4	1.1.1.1	0xf346	Standard query (0)	dosagrillva.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 16:55:04.331211090 CET	192.168.2.4	1.1.1.1	0x4c6	Standard query (0)	dosagrillva.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 16:55:00.541851044 CET	1.1.1.1	192.168.2.4	0x69c8	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Jan 13, 2025 16:55:00.542465925 CET	1.1.1.1	192.168.2.4	0xf22e	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 13, 2025 16:55:02.054044008 CET	1.1.1.1	192.168.2.4	0x62a4	No error (0)	email.bigcontacts.com	mailgun.org		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 16:55:02.054044008 CET	1.1.1.1	192.168.2.4	0x62a4	No error (0)	mailgun.org		34.110.180.34	A (IP address)	IN (0x0001)	false
Jan 13, 2025 16:55:02.080646992 CET	1.1.1.1	192.168.2.4	0x811b	No error (0)	email.bigcontacts.com	mailgun.org		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 16:55:02.765311003 CET	1.1.1.1	192.168.2.4	0xeb49	No error (0)	dosagrillva.com		192.185.170.18	A (IP address)	IN (0x0001)	false
Jan 13, 2025 16:55:04.688210964 CET	1.1.1.1	192.168.2.4	0xf346	No error (0)	dosagrillva.com		192.185.170.18	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dosagrillva.com

https:

email.bigcontacts.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	34.110.180.34	80	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 16:55:02.072370052 CET	737	OUT	GET /c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk HTTP/1.1 Host: email.bigcontacts.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 13, 2025 16:55:02.549377918 CET	722	IN	HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Cache-Control: no-store Content-Length: 418 Content-Type: text/html Date: Mon, 13 Jan 2025 15:55:02 GMT Location: https://dosagrillva.com/share.html X-Robots-Tag: noindex X-Xss-Protection: 1; mode=block Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 73 68 6f 75 6c 64 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 74 6f 20 74 61 72 67 65 74 20 55 52 4c 3a 20 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 73 61 67 72 69 6c 6c 76 61 2e 63 6f 6d 2f 73 68 61 72 65 2e 68 74 6d 6c 22 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta name="robots" content="noindex"><meta charset="utf-8"></head><body><title>Redirecting...</title><h1>Redirecting...</h1><p>You should be redirected automatically to target URL: <a href="https://dosagrillva.com/share.html">https://dosagrillva.com/share.html</a>. If not click the link.</body></html>
Jan 13, 2025 16:55:47.551501036 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	34.110.180.34	80	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 16:55:47.082506895 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49743	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:03 UTC	668	OUT	GET /share.html HTTP/1.1 Host: dosagrillva.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:03 UTC	272	IN	HTTP/1.1 503 Service Unavailable Date: Mon, 13 Jan 2025 15:55:03 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:56 GMT Accept-Ranges: bytes Content-Length: 5463 Vary: Accept-Encoding Content-Type: text/html
2025-01-13 15:55:03 UTC	5463	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:03 UTC	556	OUT	GET /cgi-sys/js/simple-expand.min.js HTTP/1.1 Host: dosagrillva.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://dosagrillva.com/share.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:04 UTC	268	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:04 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:48:50 GMT Accept-Ranges: bytes Content-Length: 2782 Vary: Accept-Encoding Content-Type: application/javascript
2025-01-13 15:55:04 UTC	2782	IN	Data Raw: 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 32 30 31 32 20 53 79 6c 76 61 69 6e 20 48 61 6d 65 6c 0a 50 72 6f 6a 65 63 74 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 64 68 6f 74 73 6c 79 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 0a 4d 49 54 20 4c 69 63 65 6e 63 65 3a 20 68 74 74 70 73 3a 2f 2f 72 61 77 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 64 68 6f 74 73 6c 79 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2f 6d 61 73 74 65 72 2f 6c 69 63 65 6e 63 65 2d 6d 69 74 2e 74 78 74 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 24 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 65 2e 64 65 66 61 75 6c 74 73 3d 7b 68 69 64 65 4d 6f 64 65 3a 22 66 61 64 65 54 6f 67 67 6c Data Ascii: /* Copyright (C) 2012 Sylvain HamelProject: https://github.com/redhotsly/simple-expandMIT Licence: https://raw.github.com/redhotsly/simple-expand/master/licence-mit.txt */(function($){"use strict";function e(){var e=this;e.defaults={hideMode:"fadeToggl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:03 UTC	605	OUT	GET /cgi-sys/images/w.png HTTP/1.1 Host: dosagrillva.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dosagrillva.com/share.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:04 UTC	233	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:04 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:24 GMT Accept-Ranges: bytes Content-Length: 15531 Content-Type: image/png
2025-01-13 15:55:04 UTC	7959	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 96 08 06 00 00 00 3c 01 71 e2 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 07 74 49 4d 45 07 dd 08 1b 0d 13 25 f7 2f 38 88 00 00 20 00 49 44 41 54 78 da ed bd 79 74 1c d7 79 25 7e bf 57 d5 2b 1a 68 ec fb 4a 12 24 08 10 20 41 62 07 08 ee 22 68 ee a4 28 4a d4 62 c5 76 c6 fe 39 67 32 3e 99 39 b1 9d d8 27 56 e2 d8 e3 49 66 26 b1 47 72 12 4b b6 6c c7 b6 62 cb 8e 2c 59 8b b5 51 a2 24 52 12 f7 4d dc f7 05 04 01 62 5f bb bb ea fd fe a8 ed 75 a1 bb 01 4a 94 c4 a5 df 39 75 ba ba aa bb d1 a8 ba 7d bf ef dd 6f 79 40 7c c4 47 7c c4 47 7c c4 47 7c c4 47 7c c4 47 7c c4 47 7c c4 47 7c Data Ascii: PNGIHDR<qsRGBbKGDpHYstIME%/8 IDATxyty%~W+hJ$ Ab"h(Jbv9g2>9'VIf&GrKlb,YQ$RMb_uJ9u}oy@\|G\|G\|G\|G\|G\|G\|G\|
2025-01-13 15:55:04 UTC	7572	IN	Data Raw: a5 ef 24 c0 47 00 59 06 c8 ea 3e ac 4d dd c5 6c 50 41 4a 10 fc 26 26 f8 4e 86 29 34 d8 8a 31 6e 26 16 84 9b 3f 60 60 60 c0 8c fb 45 db 44 50 d9 59 4b 96 65 0c 8f 8c c0 93 18 05 54 b1 9e 47 63 2a fb 79 d8 98 99 80 b2 99 7d a8 9b fd 2a 7e f8 c3 7f 47 79 f9 34 28 8a 0a 22 a2 b2 b2 4a cc 9f bf 70 33 c2 db 21 b9 3f 29 45 fe 13 03 56 46 46 06 db b8 71 63 5b 55 55 75 8b d3 e9 e0 00 90 90 e0 c1 ae 5d 07 d0 d9 3d 88 a9 83 3f 85 c2 c9 2c e8 b4 00 61 74 85 21 ab 10 02 dc 6a 6c 46 d0 18 cb c8 b3 32 34 2f 33 bf 1d 56 1e 3c 0f 8f 0d 8b 4b 14 8a 52 43 b4 d9 a1 c8 5e 06 b8 64 59 73 53 bd 5e 6f f8 8d 17 59 06 13 f8 58 2c 8a 2f 16 cd 14 8a e7 15 e0 c1 bb f7 e3 cc 99 13 d8 b7 ef 03 54 56 ce 00 91 e6 72 d4 d4 34 f8 57 af 5e fd df 60 15 ba 7e 62 71 c4 4f 0a 58 d4 d9 d9 a9 16 Data Ascii: $GY>MlPAJ&&N)41n&?```EDPYKeTGcy}~Gy4("Jp3!?)EVFFqc[UUu]=?,at!jlF24/3V<KRC^dYsS^oYX,/TVr4W^`~bqOX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:04 UTC	612	OUT	GET /cgi-sys/images/404top_w.jpg HTTP/1.1 Host: dosagrillva.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dosagrillva.com/share.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:04 UTC	233	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:04 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sat, 01 Oct 2022 07:19:14 GMT Accept-Ranges: bytes Content-Length: 4335 Content-Type: image/jpeg
2025-01-13 15:55:04 UTC	4335	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c0 00 11 08 00 a9 03 64 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 01 01 00 02 03 01 00 00 00 00 00 00 00 00 00 00 00 01 02 04 03 07 08 05 ff c4 00 3a 10 01 00 01 03 00 07 04 07 07 04 02 03 00 00 00 00 00 01 03 07 11 02 04 06 16 17 81 c2 12 21 94 d2 31 36 46 51 74 84 91 05 13 14 61 71 Data Ascii: JFIFHHC!"$"$Cd:!16FQtaq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49748	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:04 UTC	610	OUT	GET /cgi-sys/images/404mid.gif HTTP/1.1 Host: dosagrillva.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dosagrillva.com/share.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:04 UTC	231	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:04 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:55 GMT Accept-Ranges: bytes Content-Length: 120 Content-Type: image/gif
2025-01-13 15:55:04 UTC	120	IN	Data Raw: 47 49 46 38 39 61 64 03 04 00 91 00 00 9a b2 c9 ff ff ff a0 b6 cc a1 b7 cd 21 f9 04 00 07 00 ff 00 2c 00 00 00 00 64 03 04 00 00 02 49 dc 82 a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a6 ea ca b6 ee 9b 00 80 01 d7 f6 8d e7 fa ce f7 fe 0f 0c 0a 87 44 8a 8c 56 4c 2a 97 cc a6 f3 09 8d 4a a7 54 cc f1 50 cd 6a b7 dc ae f7 0b 0e 8b 2d b2 02 00 3b Data Ascii: GIF89ad!,dIHDVL*JTPj-;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:04 UTC	613	OUT	GET /cgi-sys/images/404bottom.gif HTTP/1.1 Host: dosagrillva.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dosagrillva.com/share.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:04 UTC	231	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:04 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:19 GMT Accept-Ranges: bytes Content-Length: 537 Content-Type: image/gif
2025-01-13 15:55:04 UTC	537	IN	Data Raw: 47 49 46 38 39 61 64 03 0e 00 d5 00 00 36 65 94 f7 f9 fb ad c0 d4 9d b4 cb cd d9 e4 7c 9b b9 a2 b8 ce 6d 8f b1 e6 ec f2 5c 82 a9 8c a7 c2 bd cd dc 4e 77 a1 f2 f5 f8 b0 c3 d5 85 a2 be dc e4 ec 93 ad c6 ff ff ff 58 7f a6 73 94 b5 a7 bc d0 c5 d2 e0 64 89 ad 81 9e bc d1 dc e7 ea ef f4 f6 f8 fa b3 c5 d7 7b 94 b5 7e 9d bb 8c ad c5 6b 94 b5 8c a5 bd 63 87 ac 59 80 a7 d4 de e8 ed f1 f5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 07 00 ff 00 2c 00 00 00 00 64 03 0e 00 00 06 ff 40 83 41 42 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 b0 Data Ascii: GIF89ad6e\|m\NwXsd{~kcY!,d@AB,rl:tJZvz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49750	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:05 UTC	370	OUT	GET /cgi-sys/js/simple-expand.min.js HTTP/1.1 Host: dosagrillva.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:05 UTC	268	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:05 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:48:50 GMT Accept-Ranges: bytes Content-Length: 2782 Vary: Accept-Encoding Content-Type: application/javascript
2025-01-13 15:55:05 UTC	2782	IN	Data Raw: 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 32 30 31 32 20 53 79 6c 76 61 69 6e 20 48 61 6d 65 6c 0a 50 72 6f 6a 65 63 74 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 64 68 6f 74 73 6c 79 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 0a 4d 49 54 20 4c 69 63 65 6e 63 65 3a 20 68 74 74 70 73 3a 2f 2f 72 61 77 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 64 68 6f 74 73 6c 79 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2f 6d 61 73 74 65 72 2f 6c 69 63 65 6e 63 65 2d 6d 69 74 2e 74 78 74 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 24 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 65 2e 64 65 66 61 75 6c 74 73 3d 7b 68 69 64 65 4d 6f 64 65 3a 22 66 61 64 65 54 6f 67 67 6c Data Ascii: /* Copyright (C) 2012 Sylvain HamelProject: https://github.com/redhotsly/simple-expandMIT Licence: https://raw.github.com/redhotsly/simple-expand/master/licence-mit.txt */(function($){"use strict";function e(){var e=this;e.defaults={hideMode:"fadeToggl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:05 UTC	359	OUT	GET /cgi-sys/images/w.png HTTP/1.1 Host: dosagrillva.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:05 UTC	233	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:05 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:24 GMT Accept-Ranges: bytes Content-Length: 15531 Content-Type: image/png
2025-01-13 15:55:05 UTC	7959	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 96 08 06 00 00 00 3c 01 71 e2 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 07 74 49 4d 45 07 dd 08 1b 0d 13 25 f7 2f 38 88 00 00 20 00 49 44 41 54 78 da ed bd 79 74 1c d7 79 25 7e bf 57 d5 2b 1a 68 ec fb 4a 12 24 08 10 20 41 62 07 08 ee 22 68 ee a4 28 4a d4 62 c5 76 c6 fe 39 67 32 3e 99 39 b1 9d d8 27 56 e2 d8 e3 49 66 26 b1 47 72 12 4b b6 6c c7 b6 62 cb 8e 2c 59 8b b5 51 a2 24 52 12 f7 4d dc f7 05 04 01 62 5f bb bb ea fd fe a8 ed 75 a1 bb 01 4a 94 c4 a5 df 39 75 ba ba aa bb d1 a8 ba 7d bf ef dd 6f 79 40 7c c4 47 7c c4 47 7c c4 47 7c c4 47 7c c4 47 7c c4 47 7c c4 47 7c Data Ascii: PNGIHDR<qsRGBbKGDpHYstIME%/8 IDATxyty%~W+hJ$ Ab"h(Jbv9g2>9'VIf&GrKlb,YQ$RMb_uJ9u}oy@\|G\|G\|G\|G\|G\|G\|G\|
2025-01-13 15:55:05 UTC	7572	IN	Data Raw: a5 ef 24 c0 47 00 59 06 c8 ea 3e ac 4d dd c5 6c 50 41 4a 10 fc 26 26 f8 4e 86 29 34 d8 8a 31 6e 26 16 84 9b 3f 60 60 60 c0 8c fb 45 db 44 50 d9 59 4b 96 65 0c 8f 8c c0 93 18 05 54 b1 9e 47 63 2a fb 79 d8 98 99 80 b2 99 7d a8 9b fd 2a 7e f8 c3 7f 47 79 f9 34 28 8a 0a 22 a2 b2 b2 4a cc 9f bf 70 33 c2 db 21 b9 3f 29 45 fe 13 03 56 46 46 06 db b8 71 63 5b 55 55 75 8b d3 e9 e0 00 90 90 e0 c1 ae 5d 07 d0 d9 3d 88 a9 83 3f 85 c2 c9 2c e8 b4 00 61 74 85 21 ab 10 02 dc 6a 6c 46 d0 18 cb c8 b3 32 34 2f 33 bf 1d 56 1e 3c 0f 8f 0d 8b 4b 14 8a 52 43 b4 d9 a1 c8 5e 06 b8 64 59 73 53 bd 5e 6f f8 8d 17 59 06 13 f8 58 2c 8a 2f 16 cd 14 8a e7 15 e0 c1 bb f7 e3 cc 99 13 d8 b7 ef 03 54 56 ce 00 91 e6 72 d4 d4 34 f8 57 af 5e fd df 60 15 ba 7e 62 71 c4 4f 0a 58 d4 d9 d9 a9 16 Data Ascii: $GY>MlPAJ&&N)41n&?```EDPYKeTGcy}~Gy4("Jp3!?)EVFFqc[UUu]=?,at!jlF24/3V<KRC^dYsS^oYX,/TVr4W^`~bqOX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49752	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:05 UTC	366	OUT	GET /cgi-sys/images/404top_w.jpg HTTP/1.1 Host: dosagrillva.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:05 UTC	233	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:05 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sat, 01 Oct 2022 07:19:14 GMT Accept-Ranges: bytes Content-Length: 4335 Content-Type: image/jpeg
2025-01-13 15:55:05 UTC	4335	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c0 00 11 08 00 a9 03 64 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 01 01 00 02 03 01 00 00 00 00 00 00 00 00 00 00 00 01 02 04 03 07 08 05 ff c4 00 3a 10 01 00 01 03 00 07 04 07 07 04 02 03 00 00 00 00 00 01 03 07 11 02 04 06 16 17 81 c2 12 21 94 d2 31 36 46 51 74 84 91 05 13 14 61 71 Data Ascii: JFIFHHC!"$"$Cd:!16FQtaq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49751	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:05 UTC	364	OUT	GET /cgi-sys/images/404mid.gif HTTP/1.1 Host: dosagrillva.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:05 UTC	231	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:05 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:55 GMT Accept-Ranges: bytes Content-Length: 120 Content-Type: image/gif
2025-01-13 15:55:05 UTC	120	IN	Data Raw: 47 49 46 38 39 61 64 03 04 00 91 00 00 9a b2 c9 ff ff ff a0 b6 cc a1 b7 cd 21 f9 04 00 07 00 ff 00 2c 00 00 00 00 64 03 04 00 00 02 49 dc 82 a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a6 ea ca b6 ee 9b 00 80 01 d7 f6 8d e7 fa ce f7 fe 0f 0c 0a 87 44 8a 8c 56 4c 2a 97 cc a6 f3 09 8d 4a a7 54 cc f1 50 cd 6a b7 dc ae f7 0b 0e 8b 2d b2 02 00 3b Data Ascii: GIF89ad!,dIHDVL*JTPj-;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49753	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:05 UTC	596	OUT	GET /favicon.ico HTTP/1.1 Host: dosagrillva.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dosagrillva.com/share.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:05 UTC	272	IN	HTTP/1.1 503 Service Unavailable Date: Mon, 13 Jan 2025 15:55:05 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:56 GMT Accept-Ranges: bytes Content-Length: 5463 Vary: Accept-Encoding Content-Type: text/html
2025-01-13 15:55:05 UTC	5463	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49754	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:05 UTC	367	OUT	GET /cgi-sys/images/404bottom.gif HTTP/1.1 Host: dosagrillva.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:05 UTC	231	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 15:55:05 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:19 GMT Accept-Ranges: bytes Content-Length: 537 Content-Type: image/gif
2025-01-13 15:55:05 UTC	537	IN	Data Raw: 47 49 46 38 39 61 64 03 0e 00 d5 00 00 36 65 94 f7 f9 fb ad c0 d4 9d b4 cb cd d9 e4 7c 9b b9 a2 b8 ce 6d 8f b1 e6 ec f2 5c 82 a9 8c a7 c2 bd cd dc 4e 77 a1 f2 f5 f8 b0 c3 d5 85 a2 be dc e4 ec 93 ad c6 ff ff ff 58 7f a6 73 94 b5 a7 bc d0 c5 d2 e0 64 89 ad 81 9e bc d1 dc e7 ea ef f4 f6 f8 fa b3 c5 d7 7b 94 b5 7e 9d bb 8c ad c5 6b 94 b5 8c a5 bd 63 87 ac 59 80 a7 d4 de e8 ed f1 f5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 07 00 ff 00 2c 00 00 00 00 64 03 0e 00 00 06 ff 40 83 41 42 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 b0 Data Ascii: GIF89ad6e\|m\NwXsd{~kcY!,d@AB,rl:tJZvz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49756	192.185.170.18	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 15:55:06 UTC	596	OUT	GET /favicon.ico HTTP/1.1 Host: dosagrillva.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dosagrillva.com/share.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 15:55:06 UTC	272	IN	HTTP/1.1 503 Service Unavailable Date: Mon, 13 Jan 2025 15:55:06 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 30 Sep 2022 11:49:56 GMT Accept-Ranges: bytes Content-Length: 5463 Vary: Accept-Encoding Content-Type: text/html
2025-01-13 15:55:06 UTC	5463	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5964, Parent PID: 3568

General

Target ID:	0
Start time:	10:54:53
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5316, Parent PID: 5964

General

Target ID:	2
Start time:	10:54:54
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2044,i,15650951175937279479,2571281116311432070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6496, Parent PID: 3568

General

Target ID:	3
Start time:	10:55:01
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://email.bigcontacts.com/c/eJw8jsuKAyEQAL-m55ag7Ws8eMjukt8IPdqZEXQMownk75ewsMei6lApJCsXmjhIp6yRTimctqCjsPfIJDwlr3i2VntpZstGKWHuPOWAAo2QUkhljMJz1JQs6eRmHb1fImix5DW2fVAc_RxbnUrYxnh0UBfAK-A1tU7rkUt50ccDXvtGB5-3UctU36f47KPVU6JBAdwXINb3rXLvtPItJ0AEdVEaZ4fOAH4DYqT6oLzut9LW_wQQtTd-_pD7mY6Q8sI7Jx6jDdBi48I75T09-zgy_82-Av4GAAD__yLjVpk"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_77097866\sets.json

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics