Edit tour

Windows Analysis Report
http://wooo.otsproductions.ca//@

Overview

General Information

Sample URL:	http://wooo.otsproductions.ca//@
Analysis ID:	1672147
Infos:

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,14712591455113860603,9645355906726601553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2196 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wooo.otsproductions.ca//@" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://saldanayasoc.com/bid45.html

Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'saldanayasoc.com' does not match the legitimate domain for Microsoft., The URL 'saldanayasoc.com' does not contain any recognizable association with Microsoft., The use of 'Microsoft OneDrive' in the input fields suggests an attempt to impersonate Microsoft services., The domain 'saldanayasoc.com' appears unrelated to Microsoft and could be a phishing attempt. DOM: 0.0.pages.csv

AI detected landing page (webpage, office document or email)

Source: https://saldanayasoc.com/bid45.html	Joe Sandbox AI: Page contains button: 'View PDF' Source: '0.0.pages.csv'
Source: https://saldanayasoc.com/bid45.html	Joe Sandbox AI: Page contains button: 'View PDF' Source: '0.2.pages.csv'

Source: https://saldanayasoc.com/bid45.html

HTTP Parser: Number of links: 0

Source: https://saldanayasoc.com/bid45.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://saldanayasoc.com/bid45.html

HTTP Parser: Title: Protected File does not match URL

Source: https://saldanayasoc.com/bid45.html

HTTP Parser: <input type="password" .../> found

Source: https://saldanayasoc.com/bid45.html	HTTP Parser: No favicon
Source: https://saldanayasoc.com/bid45.html	HTTP Parser: No favicon

Source: https://saldanayasoc.com/bid45.html	HTTP Parser: No <meta name="author".. found
Source: https://saldanayasoc.com/bid45.html	HTTP Parser: No <meta name="author".. found

Source: https://saldanayasoc.com/bid45.html	HTTP Parser: No <meta name="copyright".. found
Source: https://saldanayasoc.com/bid45.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.7:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.222.174.97:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.235.162:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.235.162:443 -> 192.168.2.7:49696 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: wooo.otsproductions.ca to https://saldanayasoc.com/bid45.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: wooo.otsproductions.ca to https://saldanayasoc.com/bid45.html

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET //@ HTTP/1.1Host: wooo.otsproductions.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@ HTTP/1.1Host: wooo.otsproductions.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@ HTTP/1.1Host: wooo.otsproductions.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bid45.html HTTP/1.1Host: saldanayasoc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: saldanayasoc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://saldanayasoc.com/bid45.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET //@ HTTP/1.1Host: wooo.otsproductions.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: wooo.otsproductions.ca
Source: global traffic	DNS traffic detected: DNS query: saldanayasoc.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 22 Apr 2025 03:13:51 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Fri, 18 Aug 2023 18:56:08 GMTETag: "328-6033714d8d3d3"Accept-Ranges: bytes

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.7:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.222.174.97:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.235.162:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.235.162:443 -> 192.168.2.7:49696 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@22/6@10/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,14712591455113860603,9645355906726601553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2196 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wooo.otsproductions.ca//@"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,14712591455113860603,9645355906726601553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2196 /prefetch:3			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://wooo.otsproductions.ca//@	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://saldanayasoc.com/favicon.ico	0%	Avira URL Cloud	safe
https://wooo.otsproductions.ca//@	0%	Avira URL Cloud	safe
https://wooo.otsproductions.ca/@	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
wooo.otsproductions.ca	51.222.174.97	true	false		unknown
saldanayasoc.com	74.208.235.162	true	true		unknown
www.google.com	142.250.69.4	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://saldanayasoc.com/favicon.ico	false	Avira URL Cloud: safe	unknown
http://wooo.otsproductions.ca//@	false		unknown
https://wooo.otsproductions.ca/@	false	Avira URL Cloud: safe	unknown
https://saldanayasoc.com/bid45.html	true		unknown
https://wooo.otsproductions.ca//@	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.69.4	www.google.com	United States		15169	GOOGLEUS	false
74.208.235.162	saldanayasoc.com	United States		8560	ONEANDONE-ASBrauerstrasse48DE	true
51.222.174.97	wooo.otsproductions.ca	France		16276	OVHFR	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1672147
Start date and time:	2025-04-23 16:16:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://wooo.otsproductions.ca//@
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@22/6@10/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.68.238, 192.178.49.195, 192.178.49.174, 74.125.137.84, 142.250.69.14, 192.178.49.202, 142.250.68.234, 142.250.69.10, 192.178.49.170, 199.232.210.172, 192.178.49.163, 142.250.69.3, 20.109.210.53, 184.29.183.29
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: http://wooo.otsproductions.ca//@

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 48

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	808
Entropy (8bit):	4.9078093738349065
Encrypted:	false
SSDEEP:	24:hYj0XJU5DgGeRpbufLUwDdVJUSdEj7RtiKAo1Mc:PS5gGe/uTUwhVJJEjCKN1h
MD5:	A943672A32297727BAB01C3E76977550
SHA1:	3A667C4B7A457EF6C586CC581D533C128737BF53
SHA-256:	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
SHA-512:	0965D415F3A0CEF31953702FDAE345D46FEFD72CE3C4C7A0255AEDE74A76E10B856892700529A444453A622793E0257248C5C99FAE17D5B0B9FD4118E208068C
Malicious:	false
Reputation:	low
URL:	https://saldanayasoc.com/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>404 Not Found</title>. <link rel="stylesheet" href="/error_docs/styles.css">.</head>.<body>.<div class="page">. <div class="main">. <h1>Server Error</h1>. <div class="error-code">404</div>. <h2>Page Not Found</h2>. <p class="lead">This page either doesn't exist, or it moved somewhere else.</p>. <hr/>. <p>That's what you can do</p>. <div class="help-actions">. <a href="javascript:location.reload();">Reload Page</a>. <a href="javascript:history.back();">Back to Previous Page</a>. <a href="/">Home Page</a>. </div>. </div>.</div>.</body>.</html>

Chrome Cache Entry: 49

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	10487
Entropy (8bit):	4.232429109377854
Encrypted:	false
SSDEEP:	192:rCRMZfZMrFiUEpRpfHUURR0hjF/yMak2WJBGbt3noiaCizoiLiDIFuDiI0EBOMeS:kFW70FdebhnoivizoiLi/id6iniriVip
MD5:	5B7442A000CD50577CC74DACC5C0E66B
SHA1:	34977522FAB44F1EC84C24BF7426F705F84BD443
SHA-256:	CBB75D61E9DDA3C09866ED569072D9A7B5E4EEA5AB9FABDF955D32DE4281AE76
SHA-512:	1B8D895E28C5206D66480AD49F0EBCF8A5ABA41F8FB775FC86386E1C0059C419AA26B6B8FF9F8E479D438A0408FE317F15C6F37BB76B1852D5F2AC42F1B264D4
Malicious:	false
Reputation:	low
URL:	https://saldanayasoc.com/bid45.html
Preview:	.<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="robots" content="noindex, nofollow">. <title>Protected File</title>. <style>. html, body {. margin: 0;. width: 100%;. height: 100%;. font-family: Arial, Helvetica, sans-serif;. }. #dialogText {. color: white;. background-color: #061bd1;. }. . #dialogWrap {. position: absolute;. top: 0;. left: 0;. width: 100%;. height: 100%;. display: table;. background-color: #e6e6e6;. }. . #dialogWrapCell {. display: table-cell;. text-align: center;. vertical-align: middle;. }. . #mainDialog {. max-width: 400px;. margin: 5px;. border: solid #061bd1 1

Chrome Cache Entry: 50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.577819531114783
Encrypted:	false
SSDEEP:	3:H5y0NY:Y
MD5:	90CB0A83A76570AD07B349BBB9F103A3
SHA1:	C1B6096ED2FABFA0A9DFDA501CB9AEEC14559908
SHA-256:	131F0A80B88EE2C7781DB0EE7F8B0E54DF59CCB934401C289BB16F9BB40DA15D
SHA-512:	6F229F11DF56DB77896492B56E472AA97336530822F8FDC71A44158A71A907F2C2E62BC9BB82FF58DD69D9B2180E7F9B426F1BB20F639C8B430C8AEA7CB27148
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCTGp86SeJclHEgUNxZPEJCHcRk5Zv_9bpg==?alt=proto
Preview:	CgkKBw3Fk8QkGgA=

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 99
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:17:10.056524992 CEST	49673	443	192.168.2.7	2.23.227.208
Apr 23, 2025 16:17:10.056528091 CEST	49675	443	192.168.2.7	2.23.227.208
Apr 23, 2025 16:17:10.056549072 CEST	49674	443	192.168.2.7	2.23.227.208
Apr 23, 2025 16:17:16.275789022 CEST	49676	80	192.168.2.7	23.199.215.203
Apr 23, 2025 16:17:16.275800943 CEST	49677	443	192.168.2.7	2.18.98.62
Apr 23, 2025 16:17:17.206290007 CEST	49689	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:17:17.206341982 CEST	443	49689	142.250.69.4	192.168.2.7
Apr 23, 2025 16:17:17.206521988 CEST	49689	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:17:17.206640959 CEST	49689	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:17:17.206650019 CEST	443	49689	142.250.69.4	192.168.2.7
Apr 23, 2025 16:17:17.524651051 CEST	443	49689	142.250.69.4	192.168.2.7
Apr 23, 2025 16:17:17.524743080 CEST	49689	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:17:17.526073933 CEST	49689	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:17:17.526086092 CEST	443	49689	142.250.69.4	192.168.2.7
Apr 23, 2025 16:17:17.526365042 CEST	443	49689	142.250.69.4	192.168.2.7
Apr 23, 2025 16:17:17.572982073 CEST	49689	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:17:18.952789068 CEST	49691	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:18.952830076 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:18.953026056 CEST	49691	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:18.953169107 CEST	49691	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:18.953186989 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:18.971023083 CEST	49692	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:18.971194029 CEST	49693	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.181127071 CEST	80	49692	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.181202888 CEST	49692	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.181528091 CEST	80	49693	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.181592941 CEST	49693	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.386776924 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.386848927 CEST	49691	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.388003111 CEST	49691	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.388010979 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.388318062 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.388596058 CEST	49691	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.432271957 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.660919905 CEST	49675	443	192.168.2.7	2.23.227.208
Apr 23, 2025 16:17:19.660921097 CEST	49673	443	192.168.2.7	2.23.227.208
Apr 23, 2025 16:17:19.660939932 CEST	49674	443	192.168.2.7	2.23.227.208
Apr 23, 2025 16:17:19.843352079 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.843417883 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.843504906 CEST	49691	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.843780041 CEST	49691	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.843807936 CEST	443	49691	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.846124887 CEST	49694	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.846179962 CEST	443	49694	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:19.846255064 CEST	49694	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.846380949 CEST	49694	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:19.846401930 CEST	443	49694	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:20.278193951 CEST	443	49694	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:20.290458918 CEST	49694	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:20.290498018 CEST	443	49694	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:20.290618896 CEST	49694	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:20.290627003 CEST	443	49694	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:20.753961086 CEST	443	49694	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:20.754018068 CEST	443	49694	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:20.754244089 CEST	49694	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:20.762578011 CEST	49694	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:20.762612104 CEST	443	49694	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:21.371965885 CEST	49692	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:21.582079887 CEST	80	49692	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:21.584760904 CEST	80	49692	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:21.586982012 CEST	49695	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:21.587021112 CEST	443	49695	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:21.587121010 CEST	49695	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:21.587285042 CEST	49695	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:21.587296009 CEST	443	49695	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:21.640275002 CEST	49692	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:22.067775965 CEST	443	49695	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:22.068059921 CEST	49695	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:22.068078995 CEST	443	49695	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:22.068203926 CEST	49695	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:22.068208933 CEST	443	49695	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:22.831882000 CEST	443	49695	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:22.831953049 CEST	443	49695	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:22.831998110 CEST	49695	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:22.833071947 CEST	49695	443	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:22.833089113 CEST	443	49695	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:23.513926029 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.513967991 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.514034986 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.514240980 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.514276981 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.514373064 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.514463902 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.514473915 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.514544010 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.514556885 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.889894009 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.890027046 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.891107082 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.891117096 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.891355038 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.891661882 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.912599087 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.912703037 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.913186073 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:23.913194895 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.913434029 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.932276964 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:23.965401888 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:24.251755953 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:24.251785994 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:24.251838923 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:24.251864910 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:24.251892090 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:24.251940012 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:24.253278971 CEST	49697	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:24.253298044 CEST	443	49697	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:24.379224062 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:24.424274921 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:24.577851057 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:24.577924013 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:24.578525066 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:24.578808069 CEST	49696	443	192.168.2.7	74.208.235.162
Apr 23, 2025 16:17:24.578816891 CEST	443	49696	74.208.235.162	192.168.2.7
Apr 23, 2025 16:17:27.542264938 CEST	443	49689	142.250.69.4	192.168.2.7
Apr 23, 2025 16:17:27.542346954 CEST	443	49689	142.250.69.4	192.168.2.7
Apr 23, 2025 16:17:27.542567015 CEST	49689	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:17:27.826431036 CEST	49689	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:17:27.826440096 CEST	443	49689	142.250.69.4	192.168.2.7
Apr 23, 2025 16:17:30.978398085 CEST	49672	443	192.168.2.7	2.23.227.208
Apr 23, 2025 16:17:30.978454113 CEST	443	49672	2.23.227.208	192.168.2.7
Apr 23, 2025 16:17:30.978547096 CEST	49672	443	192.168.2.7	2.23.227.208
Apr 23, 2025 16:17:30.978554964 CEST	443	49672	2.23.227.208	192.168.2.7
Apr 23, 2025 16:17:32.521209955 CEST	80	49692	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:32.521312952 CEST	49692	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:32.827474117 CEST	49692	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:33.037574053 CEST	80	49692	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:43.494854927 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 23, 2025 16:17:43.806910038 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 23, 2025 16:17:44.416539907 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 23, 2025 16:17:45.619805098 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 23, 2025 16:17:48.025949955 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 23, 2025 16:17:50.994674921 CEST	80	49693	51.222.174.97	192.168.2.7
Apr 23, 2025 16:17:50.994767904 CEST	49693	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:17:52.057307005 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 23, 2025 16:17:52.369324923 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 23, 2025 16:17:52.838063002 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 23, 2025 16:17:52.978688955 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 23, 2025 16:17:54.181829929 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 23, 2025 16:17:56.588283062 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 23, 2025 16:18:01.401498079 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 23, 2025 16:18:02.248342991 CEST	80	49693	51.222.174.97	192.168.2.7
Apr 23, 2025 16:18:02.248455048 CEST	49693	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:18:02.448265076 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 23, 2025 16:18:02.825434923 CEST	49693	80	192.168.2.7	51.222.174.97
Apr 23, 2025 16:18:03.035902023 CEST	80	49693	51.222.174.97	192.168.2.7
Apr 23, 2025 16:18:11.010662079 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 23, 2025 16:18:17.122339010 CEST	49717	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:18:17.122400999 CEST	443	49717	142.250.69.4	192.168.2.7
Apr 23, 2025 16:18:17.122473001 CEST	49717	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:18:17.122845888 CEST	49717	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:18:17.122864008 CEST	443	49717	142.250.69.4	192.168.2.7
Apr 23, 2025 16:18:17.438236952 CEST	443	49717	142.250.69.4	192.168.2.7
Apr 23, 2025 16:18:17.438688040 CEST	49717	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:18:17.438733101 CEST	443	49717	142.250.69.4	192.168.2.7
Apr 23, 2025 16:18:27.424835920 CEST	443	49717	142.250.69.4	192.168.2.7
Apr 23, 2025 16:18:27.424900055 CEST	443	49717	142.250.69.4	192.168.2.7
Apr 23, 2025 16:18:27.424993038 CEST	49717	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:18:27.625720024 CEST	49717	443	192.168.2.7	142.250.69.4
Apr 23, 2025 16:18:27.625756979 CEST	443	49717	142.250.69.4	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:17:12.968648911 CEST	53	53117	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:12.991373062 CEST	53	51576	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:13.828900099 CEST	53	51106	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:14.470767975 CEST	53	50919	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:17.058522940 CEST	63360	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:17.058865070 CEST	53040	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:17.200547934 CEST	53	53040	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:17.200567961 CEST	53	63360	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:18.358958006 CEST	54090	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:18.362827063 CEST	60511	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:18.382313967 CEST	65098	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:18.382535934 CEST	58318	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:18.951486111 CEST	53	60511	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:18.951508045 CEST	53	58318	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:18.952193975 CEST	53	65098	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:18.970170975 CEST	53	54090	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:20.764893055 CEST	63500	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:20.765274048 CEST	63991	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:21.778979063 CEST	51254	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:21.779153109 CEST	52796	53	192.168.2.7	1.1.1.1
Apr 23, 2025 16:17:23.512398005 CEST	53	63500	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:23.513454914 CEST	53	63991	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:23.515253067 CEST	53	51254	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:23.525249004 CEST	53	52796	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:24.491223097 CEST	53	57229	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:31.480079889 CEST	53	55983	1.1.1.1	192.168.2.7
Apr 23, 2025 16:17:55.012581110 CEST	53	60404	1.1.1.1	192.168.2.7
Apr 23, 2025 16:18:12.451781988 CEST	53	53198	1.1.1.1	192.168.2.7
Apr 23, 2025 16:18:15.792860985 CEST	53	57756	1.1.1.1	192.168.2.7
Apr 23, 2025 16:18:22.505558014 CEST	53	57354	1.1.1.1	192.168.2.7

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 23, 2025 16:17:23.515305042 CEST	192.168.2.7	1.1.1.1	c1f9	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2025 16:17:17.058522940 CEST	192.168.2.7	1.1.1.1	0xe6cf	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:17.058865070 CEST	192.168.2.7	1.1.1.1	0xd66	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 23, 2025 16:17:18.358958006 CEST	192.168.2.7	1.1.1.1	0xcc14	Standard query (0)	wooo.otsproductions.ca	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:18.362827063 CEST	192.168.2.7	1.1.1.1	0x3b4a	Standard query (0)	wooo.otsproductions.ca	65	IN (0x0001)	false
Apr 23, 2025 16:17:18.382313967 CEST	192.168.2.7	1.1.1.1	0x3c24	Standard query (0)	wooo.otsproductions.ca	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:18.382535934 CEST	192.168.2.7	1.1.1.1	0xcfd7	Standard query (0)	wooo.otsproductions.ca	65	IN (0x0001)	false
Apr 23, 2025 16:17:20.764893055 CEST	192.168.2.7	1.1.1.1	0x82bf	Standard query (0)	saldanayasoc.com	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:20.765274048 CEST	192.168.2.7	1.1.1.1	0x4b45	Standard query (0)	saldanayasoc.com	65	IN (0x0001)	false
Apr 23, 2025 16:17:21.778979063 CEST	192.168.2.7	1.1.1.1	0x737b	Standard query (0)	saldanayasoc.com	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:21.779153109 CEST	192.168.2.7	1.1.1.1	0xe649	Standard query (0)	saldanayasoc.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2025 16:17:17.200547934 CEST	1.1.1.1	192.168.2.7	0xd66	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 23, 2025 16:17:17.200567961 CEST	1.1.1.1	192.168.2.7	0xe6cf	No error (0)	www.google.com		142.250.69.4	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:18.952193975 CEST	1.1.1.1	192.168.2.7	0x3c24	No error (0)	wooo.otsproductions.ca		51.222.174.97	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:18.970170975 CEST	1.1.1.1	192.168.2.7	0xcc14	No error (0)	wooo.otsproductions.ca		51.222.174.97	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:23.512398005 CEST	1.1.1.1	192.168.2.7	0x82bf	No error (0)	saldanayasoc.com		74.208.235.162	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:17:23.515253067 CEST	1.1.1.1	192.168.2.7	0x737b	No error (0)	saldanayasoc.com		74.208.235.162	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

wooo.otsproductions.ca

saldanayasoc.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49692	51.222.174.97	80	3700	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2025 16:17:21.371965885 CEST	439	OUT	GET //@ HTTP/1.1 Host: wooo.otsproductions.ca Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Apr 23, 2025 16:17:21.584760904 CEST	1012	IN	HTTP/1.1 301 Moved Permanently Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html content-length: 795 date: Wed, 23 Apr 2025 14:17:21 GMT location: https://wooo.otsproductions.ca/@ Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49691	51.222.174.97	443	3700	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:17:19 UTC	674	OUT	GET //@ HTTP/1.1 Host: wooo.otsproductions.ca Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:17:19 UTC	358	IN	HTTP/1.1 301 Moved Permanently Connection: close content-type: text/html content-length: 795 date: Wed, 23 Apr 2025 14:17:19 GMT location: https://wooo.otsproductions.ca/@ alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-04-23 14:17:19 UTC	795	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!importan

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49694	51.222.174.97	443	3700	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:17:20 UTC	673	OUT	GET /@ HTTP/1.1 Host: wooo.otsproductions.ca Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:17:20 UTC	412	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Wed, 23 Apr 2025 14:17:20 GMT cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://saldanayasoc.com/bid45.html alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-04-23 14:17:20 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49695	51.222.174.97	443	3700	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:17:22 UTC	673	OUT	GET /@ HTTP/1.1 Host: wooo.otsproductions.ca Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:17:22 UTC	412	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Wed, 23 Apr 2025 14:17:22 GMT cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://saldanayasoc.com/bid45.html alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-04-23 14:17:22 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49697	74.208.235.162	443	3700	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:17:23 UTC	676	OUT	GET /bid45.html HTTP/1.1 Host: saldanayasoc.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:17:24 UTC	253	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 22 Apr 2025 03:13:51 GMT Content-Type: text/html Content-Length: 10487 Last-Modified: Mon, 21 Apr 2025 03:13:32 GMT Connection: close ETag: "6805b7dc-28f7" X-Powered-By: PleskLin Accept-Ranges: bytes
2025-04-23 14:17:24 UTC	10487	IN	Data Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 72 6f 74 65 63 74 65 64 20 46 69 6c 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 68 74 6d Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex, nofollow"> <title>Protected File</title> <style> htm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49696	74.208.235.162	443	3700	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:17:24 UTC	605	OUT	GET /favicon.ico HTTP/1.1 Host: saldanayasoc.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://saldanayasoc.com/bid45.html Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:17:24 UTC	238	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 22 Apr 2025 03:13:51 GMT Content-Type: text/html Content-Length: 808 Connection: close Last-Modified: Fri, 18 Aug 2023 18:56:08 GMT ETag: "328-6033714d8d3d3" Accept-Ranges: bytes
2025-04-23 14:17:24 UTC	808	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="s

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Behavior

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 528, Parent PID: 2032

General

Target ID:	0
Start time:	10:17:10
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3700, Parent PID: 528

General

Target ID:	1
Start time:	10:17:11
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,14712591455113860603,9645355906726601553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2196 /prefetch:3
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6292, Parent PID: 2032

General

Target ID:	5
Start time:	10:17:17
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wooo.otsproductions.ca//@"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly