Edit tour

Windows Analysis Report
http://www.adidas-samba.es

Overview

General Information

Sample URL:	http://www.adidas-samba.es
Analysis ID:	1591070
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1980,i,15937542667802189854,15491723523841407498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.adidas-samba.es" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /report/v4?s=m88C356dVRn90TZZfz9Ix1b7a2WzERqXfZzTnTGl029V9nnZrSx0AYjjepCVj%2BU2Rhf5637SIlnUB5YZOIActEHh6hZOShtGuL0JNHXhPXp0awj5OFzb5KeM38oawfM9PCopeBUO HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 389Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: classification engine

Classification label: mal60.win@17/6@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1980,i,15937542667802189854,15491723523841407498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.adidas-samba.es"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1980,i,15937542667802189854,15491723523841407498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.adidas-samba.es	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://www.adidas-samba.es/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
www.google.com	142.250.185.100	true	false	high
www.adidas-samba.es	104.21.32.1	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.adidas-samba.es/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://www.adidas-samba.es/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.16.1	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591070
Start date and time:	2025-01-14 17:09:47 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.adidas-samba.es
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@17/6@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.185.142, 64.233.167.84, 142.250.184.206, 142.250.185.238, 172.217.23.110, 84.201.210.23, 142.250.185.206, 172.217.18.14, 142.250.186.110, 142.250.186.46, 142.250.186.99, 142.250.186.78, 216.58.212.142, 199.232.214.172, 184.28.90.27, 20.12.23.50, 20.109.210.53, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://www.adidas-samba.es

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://www.adidas-samba.es Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://www.adidas-samba.es
URL: https://www.adidas-samba.es/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.adidas-samba.es/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 15:10:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.980041284718237
Encrypted:	false
SSDEEP:	48:8j0dmTC2iyHsyidAKZdA1oehwiZUklqehZy+3:8jFniz6y
MD5:	A1DA641F242630221BAF405BB19AAF0F
SHA1:	E3F08A47461CD81B39030647F77BF097AD5CA7D0
SHA-256:	355457AC0ED0A33CDF1A850DE8B39B4670705AC90C3D7442B0F83970ADE2E224
SHA-512:	D2D845A0242465564F589F3CE210EC438C0CD49142110C2209DE08FDF3EAFB8CCF1B503A253752EA1C5FC54F3256A4D4FE8D0761297E4C1546BFCA9DABD4813D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.ZX.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.ZX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.ZX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.ZX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.ZY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$.~x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 15:10:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.994280059538739
Encrypted:	false
SSDEEP:	48:8M0dmTC2iyHsyidAKZdA1leh/iZUkAQkqehqy+2:8MFniB9Qry
MD5:	C28B5A869654E5FF2F899A50396503D4
SHA1:	8FC7A96199399279F210BA391FFEA248C6CC19F7
SHA-256:	44C54213B917A89A56BD443BF1ED3866FF2C4D9DD76AD0B2BDD4E8E3419B2266
SHA-512:	4366320E0F009D68D8EA20E23317B7C7B5D48EA0AC54B80F8F4390FC5B1FF0ADBA1CBA2ED4777A91B5FA21DEF1D18E87B90CE585EB8652DFC45118C29BD2333F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.ZX.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.ZX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.ZX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.ZX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.ZY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$.~x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005689449147738
Encrypted:	false
SSDEEP:	48:8b0dmTC2bHsyidAKZdA14t5eh7sFiZUkmgqeh7s8y+BX:8bFneney
MD5:	7F6EDDBDD261C09E8350CDEF7A494C5E
SHA1:	2E091DF93757CFDDDCF908AC3A5432113F374958
SHA-256:	12F03C496526CE0CFE0BBE088B86F748295906B7036E2050EBA042C6F631DB5A
SHA-512:	0C2BE92C2AC6A6790A926F55738C6E67910B7F4200981A31EFE3A4EBEAABBE61E3E628CE1853E73F06F8148183F4FC1F5C5D3FC57E3470E28DBE962083DF9A5C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.ZX.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.ZX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.ZX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.ZX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$.~x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 15:10:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991530499051083
Encrypted:	false
SSDEEP:	48:8T0dmTC2iyHsyidAKZdA16ehDiZUkwqehmy+R:8TFniyEy
MD5:	30B1DB7070A73A9E3A8A1FC4345D8502
SHA1:	36B764BBB5CE764297503D4753691CEB7DB1F57D
SHA-256:	37EBFBBA1032FE6BCDA5C53DBE77E897FA6C9DDB1D2EFACC3F34D3475708961E
SHA-512:	51F6E0BA17400D1557B7212096FA9ABC96D0B488FA2C5ED148628881E706B299A4A25BFAEF2EB3C5B1E4EC11E9EFBE4428805AF8AAB52C06F53C671E0FEAD938
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....t...f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.ZX.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.ZX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.ZX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.ZX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.ZY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$.~x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 15:10:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9825864041091106
Encrypted:	false
SSDEEP:	48:860dmTC2iyHsyidAKZdA1UehBiZUk1W1qehwy+C:86FniC9Qy
MD5:	59A13602B9E125677C3727412C6DC065
SHA1:	47B9C5E937629D6A7E8BE9826668C21E3E39EBC9
SHA-256:	CA803FDB888BC9660FC7075021B20BB31E4859A2C5AB34F11935C290A591F75A
SHA-512:	646BF8018908D57B9BFBBC9215E63CFC307BE09E1E3FDAC8116D68949B9DCA4C4D01635F08DDA1E97D6B682D5DFC53D160C47196DE420C8758E90FD1EA285A24
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....I....f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.ZX.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.ZX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.ZX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.ZX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.ZY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$.~x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 15:10:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.995068259916627
Encrypted:	false
SSDEEP:	48:8/0dmTC2iyHsyidAKZdA1duTrehOuTbbiZUk5OjqehOuTbey+yT+:8/FniDTYTbxWOvTbey7T
MD5:	0AB49915428E02BC611BC56BD7DB692F
SHA1:	2ED20020753BEAFC56A6A3AD376D5C8213A3E0C4
SHA-256:	065E97AB3669797C41E1403360F4E1A72EC2D7CC5ACCF1BD82211DA56A8936D0
SHA-512:	1878F5D6D2D77F09C97269669DB31C25D60139F6BCD6C9EFF221F0794D83E9312E3C88D4DB4F6F65638A5D5955C8034767BB9BD3480B7C8A228F5B99EB32CCB6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.ZX.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.ZX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.ZX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.ZX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.ZY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$.~x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 17:10:38.834156036 CET	49671	443	192.168.2.8	204.79.197.203
Jan 14, 2025 17:10:39.177911997 CET	49677	80	192.168.2.8	192.229.211.108
Jan 14, 2025 17:10:40.646693945 CET	49673	443	192.168.2.8	23.206.229.226
Jan 14, 2025 17:10:41.037404060 CET	49672	443	192.168.2.8	23.206.229.226
Jan 14, 2025 17:10:47.193485975 CET	49676	443	192.168.2.8	52.182.143.211
Jan 14, 2025 17:10:49.887893915 CET	49677	80	192.168.2.8	192.229.211.108
Jan 14, 2025 17:10:50.247277975 CET	49673	443	192.168.2.8	23.206.229.226
Jan 14, 2025 17:10:50.637907982 CET	49672	443	192.168.2.8	23.206.229.226
Jan 14, 2025 17:10:52.301297903 CET	443	49703	23.206.229.226	192.168.2.8
Jan 14, 2025 17:10:52.301389933 CET	49703	443	192.168.2.8	23.206.229.226
Jan 14, 2025 17:10:52.866189003 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:10:52.866228104 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:10:52.866386890 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:10:52.866662025 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:10:52.866674900 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:10:53.542716026 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:10:53.544586897 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:10:53.544596910 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:10:53.545691967 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:10:53.545792103 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:10:53.546788931 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:10:53.546858072 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:10:53.591758013 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:10:53.591768026 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:10:53.638710976 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:10:54.228120089 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.228204012 CET	443	49714	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:54.228283882 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.228599072 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.228627920 CET	443	49714	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:54.690284014 CET	443	49714	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:54.690684080 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.690711021 CET	443	49714	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:54.692414999 CET	443	49714	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:54.692492008 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.697730064 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.697823048 CET	443	49714	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:54.697906017 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.697906017 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.697941065 CET	443	49714	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:54.697978973 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.697990894 CET	49714	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.698332071 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.698369980 CET	443	49715	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:54.698436975 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.698749065 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:54.698765039 CET	443	49715	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:55.195346117 CET	443	49715	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:55.197133064 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:55.197175980 CET	443	49715	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:55.198685884 CET	443	49715	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:55.198765039 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:55.201122046 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:55.201244116 CET	443	49715	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:55.201641083 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:55.201658964 CET	443	49715	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:55.250611067 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.186813116 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.186952114 CET	443	49715	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.187041044 CET	49715	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.196377993 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.196433067 CET	443	49716	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.196518898 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.197077990 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.197088957 CET	443	49716	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.679497004 CET	443	49716	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.679799080 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.679817915 CET	443	49716	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.680772066 CET	443	49716	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.680839062 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.681241035 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.681293011 CET	443	49716	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.681313992 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.681406975 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.681413889 CET	443	49716	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.681441069 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.681443930 CET	443	49716	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.681469917 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.681504965 CET	49716	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.681968927 CET	49717	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.682013035 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:57.682080030 CET	49717	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.682348967 CET	49717	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:57.682362080 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:58.164587975 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:58.164928913 CET	49717	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:58.164949894 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:58.165266991 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:58.165616035 CET	49717	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:58.165668011 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:10:58.165854931 CET	49717	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:10:58.211337090 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:03.435607910 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:03.435762882 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:03.435825109 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:11:04.585491896 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:11:04.585519075 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:37.071794033 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.071866989 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.071930885 CET	49717	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.072484970 CET	49717	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.072500944 CET	443	49717	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.089075089 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.089116096 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.089190006 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.092124939 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.092135906 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.137788057 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.137835979 CET	443	49722	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.137903929 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.138282061 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.138294935 CET	443	49722	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.555222034 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.555607080 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.555634975 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.558406115 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.558573008 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.559562922 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.559686899 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.559835911 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.559848070 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.607537031 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.609955072 CET	443	49722	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.612243891 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.612263918 CET	443	49722	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.613692999 CET	443	49722	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.613774061 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.614203930 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.614218950 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.614268064 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.614278078 CET	443	49722	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.614329100 CET	49722	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.614756107 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.614793062 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.614950895 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.615118027 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:37.615128994 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:37.681443930 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.681564093 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.681946993 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.683553934 CET	49721	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.683578014 CET	443	49721	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.684261084 CET	49724	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.684324980 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:37.684401989 CET	49724	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.684604883 CET	49724	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:37.684627056 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:38.086000919 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:38.086381912 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:38.086405039 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:38.089900970 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:38.089984894 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:38.090459108 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:38.090459108 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:38.090476990 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:38.090703964 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:38.141295910 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:38.141320944 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:38.170679092 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:38.171050072 CET	49724	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:38.171082020 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:38.171437025 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:38.171835899 CET	49724	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:38.171902895 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:38.171984911 CET	49724	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:38.188138008 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:38.219329119 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:38.300822020 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:38.300905943 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:38.300966978 CET	49724	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:38.301163912 CET	49724	443	192.168.2.8	35.190.80.1
Jan 14, 2025 17:11:38.301208019 CET	443	49724	35.190.80.1	192.168.2.8
Jan 14, 2025 17:11:52.922194004 CET	49726	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:11:52.922245026 CET	443	49726	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:52.922319889 CET	49726	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:11:52.922736883 CET	49726	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:11:52.922772884 CET	443	49726	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:53.561917067 CET	443	49726	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:53.562338114 CET	49726	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:11:53.562367916 CET	443	49726	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:53.562686920 CET	443	49726	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:53.563081980 CET	49726	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:11:53.563138008 CET	443	49726	142.250.185.100	192.168.2.8
Jan 14, 2025 17:11:53.606981039 CET	49726	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:11:57.953051090 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:57.953150988 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:11:57.953262091 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:57.954226017 CET	49723	443	192.168.2.8	104.21.16.1
Jan 14, 2025 17:11:57.954255104 CET	443	49723	104.21.16.1	192.168.2.8
Jan 14, 2025 17:12:03.530936956 CET	443	49726	142.250.185.100	192.168.2.8
Jan 14, 2025 17:12:03.531006098 CET	443	49726	142.250.185.100	192.168.2.8
Jan 14, 2025 17:12:03.531064034 CET	49726	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:12:04.594403982 CET	49726	443	192.168.2.8	142.250.185.100
Jan 14, 2025 17:12:04.594435930 CET	443	49726	142.250.185.100	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 17:10:48.410082102 CET	53	64215	1.1.1.1	192.168.2.8
Jan 14, 2025 17:10:48.441572905 CET	53	50439	1.1.1.1	192.168.2.8
Jan 14, 2025 17:10:49.422219992 CET	53	62684	1.1.1.1	192.168.2.8
Jan 14, 2025 17:10:52.858313084 CET	64710	53	192.168.2.8	1.1.1.1
Jan 14, 2025 17:10:52.858433008 CET	51358	53	192.168.2.8	1.1.1.1
Jan 14, 2025 17:10:52.864949942 CET	53	64710	1.1.1.1	192.168.2.8
Jan 14, 2025 17:10:52.865081072 CET	53	51358	1.1.1.1	192.168.2.8
Jan 14, 2025 17:10:54.174587965 CET	53662	53	192.168.2.8	1.1.1.1
Jan 14, 2025 17:10:54.176606894 CET	60185	53	192.168.2.8	1.1.1.1
Jan 14, 2025 17:10:54.188632011 CET	53	53662	1.1.1.1	192.168.2.8
Jan 14, 2025 17:10:54.190500975 CET	53	60185	1.1.1.1	192.168.2.8
Jan 14, 2025 17:10:54.213815928 CET	60479	53	192.168.2.8	1.1.1.1
Jan 14, 2025 17:10:54.213979006 CET	59919	53	192.168.2.8	1.1.1.1
Jan 14, 2025 17:10:54.226011038 CET	53	59919	1.1.1.1	192.168.2.8
Jan 14, 2025 17:10:54.227526903 CET	53	60479	1.1.1.1	192.168.2.8
Jan 14, 2025 17:11:06.397258997 CET	53	62129	1.1.1.1	192.168.2.8
Jan 14, 2025 17:11:25.178982973 CET	53	60707	1.1.1.1	192.168.2.8
Jan 14, 2025 17:11:28.001226902 CET	138	138	192.168.2.8	192.168.2.255
Jan 14, 2025 17:11:37.081074953 CET	50663	53	192.168.2.8	1.1.1.1
Jan 14, 2025 17:11:37.081226110 CET	54588	53	192.168.2.8	1.1.1.1
Jan 14, 2025 17:11:37.087909937 CET	53	50663	1.1.1.1	192.168.2.8
Jan 14, 2025 17:11:37.088402987 CET	53	54588	1.1.1.1	192.168.2.8
Jan 14, 2025 17:11:48.136203051 CET	53	56321	1.1.1.1	192.168.2.8
Jan 14, 2025 17:11:48.272507906 CET	53	53458	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 14, 2025 17:10:52.858313084 CET	192.168.2.8	1.1.1.1	0xbe8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:52.858433008 CET	192.168.2.8	1.1.1.1	0x5238	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 14, 2025 17:10:54.174587965 CET	192.168.2.8	1.1.1.1	0xc1df	Standard query (0)	www.adidas-samba.es	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.176606894 CET	192.168.2.8	1.1.1.1	0x4276	Standard query (0)	www.adidas-samba.es	65	IN (0x0001)	false
Jan 14, 2025 17:10:54.213815928 CET	192.168.2.8	1.1.1.1	0x4d76	Standard query (0)	www.adidas-samba.es	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.213979006 CET	192.168.2.8	1.1.1.1	0x91a6	Standard query (0)	www.adidas-samba.es	65	IN (0x0001)	false
Jan 14, 2025 17:11:37.081074953 CET	192.168.2.8	1.1.1.1	0xa8cd	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:11:37.081226110 CET	192.168.2.8	1.1.1.1	0xfd6	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 14, 2025 17:10:52.864949942 CET	1.1.1.1	192.168.2.8	0xbe8	No error (0)	www.google.com	142.250.185.100	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:52.865081072 CET	1.1.1.1	192.168.2.8	0x5238	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 14, 2025 17:10:54.188632011 CET	1.1.1.1	192.168.2.8	0xc1df	No error (0)	www.adidas-samba.es	104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.188632011 CET	1.1.1.1	192.168.2.8	0xc1df	No error (0)	www.adidas-samba.es	104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.188632011 CET	1.1.1.1	192.168.2.8	0xc1df	No error (0)	www.adidas-samba.es	104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.188632011 CET	1.1.1.1	192.168.2.8	0xc1df	No error (0)	www.adidas-samba.es	104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.188632011 CET	1.1.1.1	192.168.2.8	0xc1df	No error (0)	www.adidas-samba.es	104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.188632011 CET	1.1.1.1	192.168.2.8	0xc1df	No error (0)	www.adidas-samba.es	104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.188632011 CET	1.1.1.1	192.168.2.8	0xc1df	No error (0)	www.adidas-samba.es	104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.190500975 CET	1.1.1.1	192.168.2.8	0x4276	No error (0)	www.adidas-samba.es		65	IN (0x0001)	false
Jan 14, 2025 17:10:54.226011038 CET	1.1.1.1	192.168.2.8	0x91a6	No error (0)	www.adidas-samba.es		65	IN (0x0001)	false
Jan 14, 2025 17:10:54.227526903 CET	1.1.1.1	192.168.2.8	0x4d76	No error (0)	www.adidas-samba.es	104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.227526903 CET	1.1.1.1	192.168.2.8	0x4d76	No error (0)	www.adidas-samba.es	104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.227526903 CET	1.1.1.1	192.168.2.8	0x4d76	No error (0)	www.adidas-samba.es	104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.227526903 CET	1.1.1.1	192.168.2.8	0x4d76	No error (0)	www.adidas-samba.es	104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.227526903 CET	1.1.1.1	192.168.2.8	0x4d76	No error (0)	www.adidas-samba.es	104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.227526903 CET	1.1.1.1	192.168.2.8	0x4d76	No error (0)	www.adidas-samba.es	104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:10:54.227526903 CET	1.1.1.1	192.168.2.8	0x4d76	No error (0)	www.adidas-samba.es	104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 17:11:37.087909937 CET	1.1.1.1	192.168.2.8	0xa8cd	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.adidas-samba.es

https:

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49715	104.21.16.1	443	7132	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:10:55 UTC	662	OUT	GET / HTTP/1.1 Host: www.adidas-samba.es Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49717	104.21.16.1	443	7132	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:10:58 UTC	662	OUT	GET / HTTP/1.1 Host: www.adidas-samba.es Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:11:37 UTC	952	IN	HTTP/1.1 522 Date: Tue, 14 Jan 2025 16:11:37 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m88C356dVRn90TZZfz9Ix1b7a2WzERqXfZzTnTGl029V9nnZrSx0AYjjepCVj%2BU2Rhf5637SIlnUB5YZOIActEHh6hZOShtGuL0JNHXhPXp0awj5OFzb5KeM38oawfM9PCopeBUO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 901ee63228680fa8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2967&min_rtt=2679&rtt_var=1211&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1240&delivery_rate=1089958&cwnd=252&unsent_bytes=0&cid=224f0ea7778fd56a&ts=38914&x=0"
2025-01-14 16:11:37 UTC	15	IN	Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32 Data Ascii: error code: 522

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49721	35.190.80.1	443	7132	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:11:37 UTC	538	OUT	OPTIONS /report/v4?s=m88C356dVRn90TZZfz9Ix1b7a2WzERqXfZzTnTGl029V9nnZrSx0AYjjepCVj%2BU2Rhf5637SIlnUB5YZOIActEHh6hZOShtGuL0JNHXhPXp0awj5OFzb5KeM38oawfM9PCopeBUO HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://www.adidas-samba.es Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:11:37 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Tue, 14 Jan 2025 16:11:37 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49723	104.21.16.1	443	7132	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:11:38 UTC	594	OUT	GET /favicon.ico HTTP/1.1 Host: www.adidas-samba.es Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.adidas-samba.es/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:11:57 UTC	955	IN	HTTP/1.1 522 Date: Tue, 14 Jan 2025 16:11:57 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TDTbi4pZRyg11r1UjLJ9ekjHkl1OIavSN3UHsTii78TQUAFywXFjyhr9Ylnw8Z1Fkr0ZFG4hGeQJNcuLruBnZR2mQZ0izwmz%2BovKXiryJbEPNCQjLW55gg%2FLToructb5GzQAThD%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 901ee72b79137293-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2207&min_rtt=1914&rtt_var=1304&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1172&delivery_rate=685285&cwnd=158&unsent_bytes=0&cid=2b987f0f2149737a&ts=19878&x=0"
2025-01-14 16:11:57 UTC	15	IN	Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32 Data Ascii: error code: 522

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49724	35.190.80.1	443	7132	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:11:38 UTC	476	OUT	POST /report/v4?s=m88C356dVRn90TZZfz9Ix1b7a2WzERqXfZzTnTGl029V9nnZrSx0AYjjepCVj%2BU2Rhf5637SIlnUB5YZOIActEHh6hZOShtGuL0JNHXhPXp0awj5OFzb5KeM38oawfM9PCopeBUO HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 389 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:11:38 UTC	389	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 38 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 39 38 37 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 31 36 2e 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 32 32 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 64 69 64 61 73 2d 73 61 6d 62 61 Data Ascii: [{"age":8,"body":{"elapsed_time":39876,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.16.1","status_code":522,"type":"http.error"},"type":"network-error","url":"https://www.adidas-samba
2025-01-14 16:11:38 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 14 Jan 2025 16:11:38 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1372, Parent PID: 2636

General

Target ID:	0
Start time:	11:10:43
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7132, Parent PID: 1372

General

Target ID:	2
Start time:	11:10:47
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1980,i,15937542667802189854,15491723523841407498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1612, Parent PID: 2636

General

Target ID:	3
Start time:	11:10:53
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.adidas-samba.es"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.adidas-samba.es
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://www.adidas-samba.es

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.adidas-samba.esConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.adidas-samba.esConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.adidas-samba.esConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.adidas-samba.es/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.adidas-samba.es
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.adidas-samba.es

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1372, Parent PID: 2636

General

Chronological Activities

Analysis Process: chrome.exePID: 7132, Parent PID: 1372

General

Chronological Activities

Analysis Process: chrome.exePID: 1612, Parent PID: 2636

General

Windows Analysis Report
http://www.adidas-samba.es