Edit tour

Windows Analysis Report
https://urldn.com/aznY3

Overview

General Information

Sample URL:	https://urldn.com/aznY3
Analysis ID:	1606863
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2208,i,13408538171806119008,16757192466884648778,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urldn.com/aznY3" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://urldn.com/aznY3

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://urldn.com/favicon.ico

Avira URL Cloud: Label: phishing

Source: global traffic

TCP traffic: 192.168.2.4:58365 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /aznY3 HTTP/1.1Host: urldn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: urldn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://urldn.com/aznY3Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: urldn.com

Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn
Source: sets.json.0.dr	String found in binary or memory: https://zoom.com
Source: sets.json.0.dr	String found in binary or memory: https://zoom.us

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 58381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58381
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_3332_1712071416

Jump to behavior

Source: classification engine

Classification label: mal56.win@17/9@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2208,i,13408538171806119008,16757192466884648778,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urldn.com/aznY3"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2208,i,13408538171806119008,16757192466884648778,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://urldn.com/aznY3	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://urldn.com/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	216.58.206.68	true	false		high
urldn.com	104.21.32.1	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://urldn.com/favicon.ico	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://wieistmeineip.de	sets.json.0.dr	false	high
https://mercadoshops.com.co	sets.json.0.dr	false	high
https://gliadomain.com	sets.json.0.dr	false	high
https://poalim.xyz	sets.json.0.dr	false	high
https://mercadolivre.com	sets.json.0.dr	false	high
https://reshim.org	sets.json.0.dr	false	high
https://nourishingpursuits.com	sets.json.0.dr	false	high
https://medonet.pl	sets.json.0.dr	false	high
https://unotv.com	sets.json.0.dr	false	high
https://mercadoshops.com.br	sets.json.0.dr	false	high
https://joyreactor.cc	sets.json.0.dr	false	high
https://zdrowietvn.pl	sets.json.0.dr	false	high
https://johndeere.com	sets.json.0.dr	false	high
https://songstats.com	sets.json.0.dr	false	high
https://baomoi.com	sets.json.0.dr	false	high
https://supereva.it	sets.json.0.dr	false	high
https://elfinancierocr.com	sets.json.0.dr	false	high
https://bolasport.com	sets.json.0.dr	false	high
https://rws1nvtvt.com	sets.json.0.dr	false	high
https://desimartini.com	sets.json.0.dr	false	high
https://hearty.app	sets.json.0.dr	false	high
https://hearty.gift	sets.json.0.dr	false	high
https://mercadoshops.com	sets.json.0.dr	false	high
https://heartymail.com	sets.json.0.dr	false	high
https://nlc.hu	sets.json.0.dr	false	high
https://p106.net	sets.json.0.dr	false	high
https://radio2.be	sets.json.0.dr	false	high
https://finn.no	sets.json.0.dr	false	high
https://hc1.com	sets.json.0.dr	false	high
https://kompas.tv	sets.json.0.dr	false	high
https://mystudentdashboard.com	sets.json.0.dr	false	high
https://songshare.com	sets.json.0.dr	false	high
https://smaker.pl	sets.json.0.dr	false	high
https://mercadopago.com.mx	sets.json.0.dr	false	high
https://p24.hu	sets.json.0.dr	false	high
https://talkdeskqaid.com	sets.json.0.dr	false	high
https://24.hu	sets.json.0.dr	false	high
https://mercadopago.com.pe	sets.json.0.dr	false	high
https://cardsayings.net	sets.json.0.dr	false	high
https://text.com	sets.json.0.dr	false	high
https://mightytext.net	sets.json.0.dr	false	high
https://pudelek.pl	sets.json.0.dr	false	high
https://hazipatika.com	sets.json.0.dr	false	high
https://joyreactor.com	sets.json.0.dr	false	high
https://cookreactor.com	sets.json.0.dr	false	high
https://wildixin.com	sets.json.0.dr	false	high
https://eworkbookcloud.com	sets.json.0.dr	false	high
https://cognitiveai.ru	sets.json.0.dr	false	high
https://nacion.com	sets.json.0.dr	false	high
https://chennien.com	sets.json.0.dr	false	high
https://drimer.travel	sets.json.0.dr	false	high
https://deccoria.pl	sets.json.0.dr	false	high
https://mercadopago.cl	sets.json.0.dr	false	high
https://talkdeskstgid.com	sets.json.0.dr	false	high
https://naukri.com	sets.json.0.dr	false	high
https://interia.pl	sets.json.0.dr	false	high
https://bonvivir.com	sets.json.0.dr	false	high
https://carcostadvisor.be	sets.json.0.dr	false	high
https://salemovetravel.com	sets.json.0.dr	false	high
https://sapo.io	sets.json.0.dr	false	high
https://wpext.pl	sets.json.0.dr	false	high
https://welt.de	sets.json.0.dr	false	high
https://poalim.site	sets.json.0.dr	false	high
https://drimer.io	sets.json.0.dr	false	high
https://infoedgeindia.com	sets.json.0.dr	false	high
https://blackrockadvisorelite.it	sets.json.0.dr	false	high
https://cognitive-ai.ru	sets.json.0.dr	false	high
https://cafemedia.com	sets.json.0.dr	false	high
https://graziadaily.co.uk	sets.json.0.dr	false	high
https://thirdspace.org.au	sets.json.0.dr	false	high
https://mercadoshops.com.ar	sets.json.0.dr	false	high
https://smpn106jkt.sch.id	sets.json.0.dr	false	high
https://elpais.uy	sets.json.0.dr	false	high
https://landyrev.com	sets.json.0.dr	false	high
https://the42.ie	sets.json.0.dr	false	high
https://commentcamarche.com	sets.json.0.dr	false	high
https://tucarro.com.ve	sets.json.0.dr	false	high
https://rws3nvtvt.com	sets.json.0.dr	false	high
https://eleconomista.net	sets.json.0.dr	false	high
https://helpdesk.com	sets.json.0.dr	false	high
https://mercadolivre.com.br	sets.json.0.dr	false	high
https://clmbtech.com	sets.json.0.dr	false	high
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	high
https://07c225f3.online	sets.json.0.dr	false	high
https://salemovefinancial.com	sets.json.0.dr	false	high
https://mercadopago.com.br	sets.json.0.dr	false	high
https://zoom.us	sets.json.0.dr	false	high
https://commentcamarche.net	sets.json.0.dr	false	high
https://etfacademy.it	sets.json.0.dr	false	high
https://mighty-app.appspot.com	sets.json.0.dr	false	high
https://hj.rs	sets.json.0.dr	false	high
https://hearty.me	sets.json.0.dr	false	high
https://mercadolibre.com.gt	sets.json.0.dr	false	high
https://timesinternet.in	sets.json.0.dr	false	high
https://indiatodayne.in	sets.json.0.dr	false	high
https://idbs-staging.com	sets.json.0.dr	false	high
https://blackrock.com	sets.json.0.dr	false	high
https://idbs-eworkbook.com	sets.json.0.dr	false	high
https://motherandbaby.com	sets.json.0.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.32.1	urldn.com	United States	13335	CLOUDFLARENETUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1606863
Start date and time:	2025-02-04 22:37:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://urldn.com/aznY3
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@17/9@4/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.174, 142.250.184.227, 74.125.206.84, 142.250.74.206, 142.250.184.206, 199.232.214.172, 2.17.190.73, 142.250.181.238, 142.250.185.142, 216.58.206.78, 142.250.185.78, 172.217.16.195, 142.250.186.174, 34.104.35.123, 184.28.90.27, 4.175.87.197, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://urldn.com/aznY3

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://urldn.com Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 1, "spoofed": 1, "reasoning": "The URL 'urldn.com' does not closely resemble any well-known brand or legitimate URL. There are no obvious character substitutions or visual similarities to a known brand. The domain name 'urldn' could be interpreted as an abbreviation or acronym, but it does not strongly suggest any specific brand. The '.com' extension is common and does not imply typosquatting. Without additional context or a clear connection to a known brand, the likelihood of this being a typosquatting attempt is very low."}
URL: https://urldn.com
URL: https://urldn.com/aznY3 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://urldn.com/aznY3 Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.018989605004616
Encrypted:	false
SSDEEP:	48:p/hUI1OwEU3AdIq7ak68O40E2szOxxUJ8BPFkf31U4PrHfqY3J5D:RnOwtQIq7aZ40E2sYUJAYRr/qYZ5D
MD5:	C4709C1D483C9233A3A66A7E157624EA
SHA1:	99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
SHA-256:	225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
SHA-512:	B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.820000180714897
Encrypted:	false
SSDEEP:	3:SVzHL3phUmWRDNKydvgHVz:SBHLLUmWRbCp
MD5:	BBEC7670A2519FEB0627F17D0C0B5276
SHA1:	9C30B996F1B069F86EF7C0136DFAF7E614674DEA
SHA-256:	670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
SHA-512:	1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
Malicious:	false
Reputation:	low
Preview:	1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1kULJVPY:F6VlM8aRWpqS1kSJVg
MD5:	084E339C0C9FE898102815EAC9A7CDEA
SHA1:	6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
SHA-256:	52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
SHA-512:	0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	4.629347296880043
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJl:v5C4ql7BkIVmtRTGXvcxBsl
MD5:	8C702C686B703020BC0290BAFC90D7A0
SHA1:	EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
SHA-256:	97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
SHA-512:	6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	55
Entropy (8bit):	4.135841650542515
Encrypted:	false
SSDEEP:	3:xiQ5RAadWFUfAiCjKRyL:x55RAaUFsAiCj
MD5:	1E8462F8FDE83981E63BA47FCFA189E7
SHA1:	197CC97D0101A4205BD174E9A39C8B29BD4A83ED
SHA-256:	68A87CC8E59C005917A5A9A00F24197F808E1A8C01FA3B45EB67A8D34C634727
SHA-512:	1CF399196A6F3C1A16F569CAD6AB1D307C782110F75EAE0446A362AE2D1A7B231AD25F14DE2006505A05A9B903D619C83894A5ADC4154A6281BF1AEF8E34B01F
Malicious:	false
Reputation:	low
URL:	https://urldn.com/favicon.ico
Preview:	Too many requests from this IP, please try again later.

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	55
Entropy (8bit):	4.135841650542515
Encrypted:	false
SSDEEP:	3:xiQ5RAadWFUfAiCjKRyL:x55RAaUFsAiCj
MD5:	1E8462F8FDE83981E63BA47FCFA189E7
SHA1:	197CC97D0101A4205BD174E9A39C8B29BD4A83ED
SHA-256:	68A87CC8E59C005917A5A9A00F24197F808E1A8C01FA3B45EB67A8D34C634727
SHA-512:	1CF399196A6F3C1A16F569CAD6AB1D307C782110F75EAE0446A362AE2D1A7B231AD25F14DE2006505A05A9B903D619C83894A5ADC4154A6281BF1AEF8E34B01F
Malicious:	false
Reputation:	low
URL:	https://urldn.com/aznY3
Preview:	Too many requests from this IP, please try again later.

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 52
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 4, 2025 22:38:05.471811056 CET	49675	443	192.168.2.4	173.222.162.32
Feb 4, 2025 22:38:09.855066061 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:09.855103016 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:09.855160952 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:09.855530024 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:09.855544090 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:10.514728069 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:10.515037060 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:10.515059948 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:10.516026020 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:10.516083002 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:10.517469883 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:10.517529964 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:10.564610958 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:10.564620972 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:10.611469984 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:12.012411118 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.012454987 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.012522936 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.013066053 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.013156891 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.013212919 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.013585091 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.013598919 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.014051914 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.014067888 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.502588034 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.502824068 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.502851009 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.504153013 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.504231930 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.505331993 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.512212992 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.512242079 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.513227940 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.513282061 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.514431000 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.514492035 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.514750957 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.514859915 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.515033960 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.515043020 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.566859961 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.566860914 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.566874981 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.615756989 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.896486998 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.896610022 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.896760941 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.897775888 CET	49743	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.897792101 CET	443	49743	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:12.950525045 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:12.995331049 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:13.316514015 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:13.316654921 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:13.316715002 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:13.318000078 CET	49742	443	192.168.2.4	104.21.32.1
Feb 4, 2025 22:38:13.318017006 CET	443	49742	104.21.32.1	192.168.2.4
Feb 4, 2025 22:38:20.420196056 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:20.420304060 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:20.420357943 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:20.459140062 CET	49739	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:38:20.459163904 CET	443	49739	216.58.206.68	192.168.2.4
Feb 4, 2025 22:38:21.263480902 CET	49723	80	192.168.2.4	199.232.210.172
Feb 4, 2025 22:38:21.268521070 CET	80	49723	199.232.210.172	192.168.2.4
Feb 4, 2025 22:38:21.268590927 CET	49723	80	192.168.2.4	199.232.210.172
Feb 4, 2025 22:39:05.049124956 CET	49724	80	192.168.2.4	199.232.210.172
Feb 4, 2025 22:39:05.054157019 CET	80	49724	199.232.210.172	192.168.2.4
Feb 4, 2025 22:39:05.054306030 CET	49724	80	192.168.2.4	199.232.210.172
Feb 4, 2025 22:39:07.588038921 CET	58365	53	192.168.2.4	1.1.1.1
Feb 4, 2025 22:39:07.593801975 CET	53	58365	1.1.1.1	192.168.2.4
Feb 4, 2025 22:39:07.593878031 CET	58365	53	192.168.2.4	1.1.1.1
Feb 4, 2025 22:39:07.599615097 CET	53	58365	1.1.1.1	192.168.2.4
Feb 4, 2025 22:39:08.076009035 CET	58365	53	192.168.2.4	1.1.1.1
Feb 4, 2025 22:39:08.084140062 CET	53	58365	1.1.1.1	192.168.2.4
Feb 4, 2025 22:39:08.084208965 CET	58365	53	192.168.2.4	1.1.1.1
Feb 4, 2025 22:39:09.909742117 CET	58381	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:39:09.909768105 CET	443	58381	216.58.206.68	192.168.2.4
Feb 4, 2025 22:39:09.909852028 CET	58381	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:39:09.910094976 CET	58381	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:39:09.910104990 CET	443	58381	216.58.206.68	192.168.2.4
Feb 4, 2025 22:39:10.558778048 CET	443	58381	216.58.206.68	192.168.2.4
Feb 4, 2025 22:39:10.559066057 CET	58381	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:39:10.559082985 CET	443	58381	216.58.206.68	192.168.2.4
Feb 4, 2025 22:39:10.559398890 CET	443	58381	216.58.206.68	192.168.2.4
Feb 4, 2025 22:39:10.559720039 CET	58381	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:39:10.559792995 CET	443	58381	216.58.206.68	192.168.2.4
Feb 4, 2025 22:39:10.610605955 CET	58381	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:39:20.496150017 CET	443	58381	216.58.206.68	192.168.2.4
Feb 4, 2025 22:39:20.496202946 CET	443	58381	216.58.206.68	192.168.2.4
Feb 4, 2025 22:39:20.496345997 CET	58381	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:39:22.456800938 CET	58381	443	192.168.2.4	216.58.206.68
Feb 4, 2025 22:39:22.456814051 CET	443	58381	216.58.206.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 4, 2025 22:38:05.916682959 CET	53	59430	1.1.1.1	192.168.2.4
Feb 4, 2025 22:38:05.956796885 CET	53	60850	1.1.1.1	192.168.2.4
Feb 4, 2025 22:38:06.957396030 CET	53	56601	1.1.1.1	192.168.2.4
Feb 4, 2025 22:38:09.846995115 CET	51415	53	192.168.2.4	1.1.1.1
Feb 4, 2025 22:38:09.847116947 CET	53281	53	192.168.2.4	1.1.1.1
Feb 4, 2025 22:38:09.853840113 CET	53	53281	1.1.1.1	192.168.2.4
Feb 4, 2025 22:38:09.853929996 CET	53	51415	1.1.1.1	192.168.2.4
Feb 4, 2025 22:38:11.966757059 CET	50808	53	192.168.2.4	1.1.1.1
Feb 4, 2025 22:38:11.966919899 CET	49490	53	192.168.2.4	1.1.1.1
Feb 4, 2025 22:38:11.976572990 CET	53	50808	1.1.1.1	192.168.2.4
Feb 4, 2025 22:38:12.138895988 CET	53	49490	1.1.1.1	192.168.2.4
Feb 4, 2025 22:38:16.618093014 CET	138	138	192.168.2.4	192.168.2.255
Feb 4, 2025 22:38:23.916475058 CET	53	54231	1.1.1.1	192.168.2.4
Feb 4, 2025 22:38:42.869111061 CET	53	51028	1.1.1.1	192.168.2.4
Feb 4, 2025 22:39:05.450691938 CET	53	60608	1.1.1.1	192.168.2.4
Feb 4, 2025 22:39:05.747632980 CET	53	61901	1.1.1.1	192.168.2.4
Feb 4, 2025 22:39:07.587645054 CET	53	61274	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Feb 4, 2025 22:38:12.138976097 CET	192.168.2.4	1.1.1.1	c2d7	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 4, 2025 22:38:09.846995115 CET	192.168.2.4	1.1.1.1	0xeab0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:09.847116947 CET	192.168.2.4	1.1.1.1	0x35ee	Standard query (0)	www.google.com	65	IN (0x0001)	false
Feb 4, 2025 22:38:11.966757059 CET	192.168.2.4	1.1.1.1	0x34fe	Standard query (0)	urldn.com	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:11.966919899 CET	192.168.2.4	1.1.1.1	0x46c3	Standard query (0)	urldn.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 4, 2025 22:38:09.853840113 CET	1.1.1.1	192.168.2.4	0x35ee	No error (0)	www.google.com		65	IN (0x0001)	false
Feb 4, 2025 22:38:09.853929996 CET	1.1.1.1	192.168.2.4	0xeab0	No error (0)	www.google.com	216.58.206.68	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:11.976572990 CET	1.1.1.1	192.168.2.4	0x34fe	No error (0)	urldn.com	104.21.32.1	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:11.976572990 CET	1.1.1.1	192.168.2.4	0x34fe	No error (0)	urldn.com	104.21.64.1	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:11.976572990 CET	1.1.1.1	192.168.2.4	0x34fe	No error (0)	urldn.com	104.21.16.1	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:11.976572990 CET	1.1.1.1	192.168.2.4	0x34fe	No error (0)	urldn.com	104.21.80.1	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:11.976572990 CET	1.1.1.1	192.168.2.4	0x34fe	No error (0)	urldn.com	104.21.48.1	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:11.976572990 CET	1.1.1.1	192.168.2.4	0x34fe	No error (0)	urldn.com	104.21.96.1	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:11.976572990 CET	1.1.1.1	192.168.2.4	0x34fe	No error (0)	urldn.com	104.21.112.1	A (IP address)	IN (0x0001)	false
Feb 4, 2025 22:38:12.138895988 CET	1.1.1.1	192.168.2.4	0x46c3	No error (0)	urldn.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

urldn.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49743	104.21.32.1	443	2692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-04 21:38:12 UTC	657	OUT	GET /aznY3 HTTP/1.1 Host: urldn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-04 21:38:12 UTC	1366	IN	HTTP/1.1 429 Too Many Requests Date: Tue, 04 Feb 2025 21:38:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close CF-Ray: 90cdce6c9d9d4344-EWR CF-Cache-Status: DYNAMIC Retry-After: 86 ETag: W/"37-GXzJfQEBpCBb0XTpo5yLKb1Kg+0" Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Accept-Encoding content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google.com https://cdn.jsdelivr.net https://code.jquery.com https://challenges.cloudflare.com https://cdn.emailjs.com https://cdn.tailwindcss.com;connect-src 'self' https://www.googletagmanager.com https://challenges.cloudflare.com https://cdn.emailjs.com https://api.emailjs.com;frame-src 'self' https://www.googletagmanager.com https://challenges.cloudflare.com https://www.youtube.com https://www.youtube-nocookie.com;img-src 'self' https://res.cloudinary.com https://cdn.buymeacoffee.com https://flagcdn.com https://www.google-analytics.com data:;media-src 'self';child-src 'self' https://www.youtube.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests rndr-id: 1f1b9e8f-2744-474a
2025-02-04 21:38:12 UTC	188	IN	Data Raw: 78 2d 70 6f 77 65 72 65 64 2d 62 79 3a 20 45 78 70 72 65 73 73 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 6c 69 6d 69 74 3a 20 32 30 30 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 72 65 6d 61 69 6e 69 6e 67 3a 20 30 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 72 65 73 65 74 3a 20 31 37 33 38 37 30 35 31 37 38 0d 0a 78 2d 72 65 6e 64 65 72 2d 6f 72 69 67 69 6e 2d 73 65 72 76 65 72 3a 20 52 65 6e 64 65 72 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: x-powered-by: Expressx-ratelimit-limit: 200x-ratelimit-remaining: 0x-ratelimit-reset: 1738705178x-render-origin-server: RenderServer: cloudflarealt-svc: h3=":443"; ma=86400
2025-02-04 21:38:12 UTC	61	IN	Data Raw: 33 37 0d 0a 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 20 66 72 6f 6d 20 74 68 69 73 20 49 50 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 0d 0a Data Ascii: 37Too many requests from this IP, please try again later.
2025-02-04 21:38:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	104.21.32.1	443	2692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-04 21:38:12 UTC	579	OUT	GET /favicon.ico HTTP/1.1 Host: urldn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://urldn.com/aznY3 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-04 21:38:13 UTC	1366	IN	HTTP/1.1 429 Too Many Requests Date: Tue, 04 Feb 2025 21:38:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close CF-Ray: 90cdce6f49ec72b9-EWR CF-Cache-Status: DYNAMIC Retry-After: 85 ETag: W/"37-GXzJfQEBpCBb0XTpo5yLKb1Kg+0" Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Accept-Encoding content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google.com https://cdn.jsdelivr.net https://code.jquery.com https://challenges.cloudflare.com https://cdn.emailjs.com https://cdn.tailwindcss.com;connect-src 'self' https://www.googletagmanager.com https://challenges.cloudflare.com https://cdn.emailjs.com https://api.emailjs.com;frame-src 'self' https://www.googletagmanager.com https://challenges.cloudflare.com https://www.youtube.com https://www.youtube-nocookie.com;img-src 'self' https://res.cloudinary.com https://cdn.buymeacoffee.com https://flagcdn.com https://www.google-analytics.com data:;media-src 'self';child-src 'self' https://www.youtube.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests rndr-id: 1884d75f-0701-47c6
2025-02-04 21:38:13 UTC	188	IN	Data Raw: 78 2d 70 6f 77 65 72 65 64 2d 62 79 3a 20 45 78 70 72 65 73 73 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 6c 69 6d 69 74 3a 20 32 30 30 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 72 65 6d 61 69 6e 69 6e 67 3a 20 30 0d 0a 78 2d 72 61 74 65 6c 69 6d 69 74 2d 72 65 73 65 74 3a 20 31 37 33 38 37 30 35 31 37 38 0d 0a 78 2d 72 65 6e 64 65 72 2d 6f 72 69 67 69 6e 2d 73 65 72 76 65 72 3a 20 52 65 6e 64 65 72 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: x-powered-by: Expressx-ratelimit-limit: 200x-ratelimit-remaining: 0x-ratelimit-reset: 1738705178x-render-origin-server: RenderServer: cloudflarealt-svc: h3=":443"; ma=86400
2025-02-04 21:38:13 UTC	61	IN	Data Raw: 33 37 0d 0a 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 20 66 72 6f 6d 20 74 68 69 73 20 49 50 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 0d 0a Data Ascii: 37Too many requests from this IP, please try again later.
2025-02-04 21:38:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3332, Parent PID: 1704

Function Logs

General

Target ID:	0
Start time:	16:38:02
Start date:	04/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2692, Parent PID: 3332

Function Logs

General

Target ID:	2
Start time:	16:38:04
Start date:	04/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2208,i,13408538171806119008,16757192466884648778,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6500, Parent PID: 1704

Function Logs

General

Target ID:	3
Start time:	16:38:11
Start date:	04/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urldn.com/aznY3"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://urldn.com/aznY3

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_586243589\sets.json

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3332, Parent PID: 1704

General

File Activities

File Opened

File Created

File Deleted

File Moved

Windows Analysis Report
https://urldn.com/aznY3