Edit tour

Windows Analysis Report
https://t.co/1A1wQwNFVf

Overview

General Information

Sample URL:	https://t.co/1A1wQwNFVf
Analysis ID:	1520357
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=2008,i,2581882664336918239,6513653453507597270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/1A1wQwNFVf" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://49anx.leadernegligent.top/contactos

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /1A1wQwNFVf HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: duckduckgo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://49anx.leadernegligent.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: duckduckgo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /contactos HTTP/1.1Host: 49anx.leadernegligent.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://t.co/1A1wQwNFVfAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 49anx.leadernegligent.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://49anx.leadernegligent.top/contactosAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: zcknrt_contactos=0

Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: 49anx.leadernegligent.top
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: duckduckgo.com

Source: chromecache_43.2.dr	String found in binary or memory: http://49anx.leadernegligent.top/contactos
Source: chromecache_42.2.dr	String found in binary or memory: https://duckduckgo.com
Source: chromecache_42.2.dr	String found in binary or memory: https://duckduckgo.com/?smartbanner=1
Source: chromecache_42.2.dr	String found in binary or memory: https://duckduckgo.com/assets/logo_social-media.png
Source: chromecache_42.2.dr	String found in binary or memory: https://html.duckduckgo.com/html"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/5@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=2008,i,2581882664336918239,6513653453507597270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/1A1wQwNFVf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=2008,i,2581882664336918239,6513653453507597270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://t.co/1A1wQwNFVf	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://html.duckduckgo.com/html"	0%	Avira URL Cloud	safe
http://49anx.leadernegligent.top/favicon.ico	0%	Avira URL Cloud	safe
https://duckduckgo.com/assets/logo_social-media.png	0%	Avira URL Cloud	safe
https://duckduckgo.com	0%	Avira URL Cloud	safe
https://duckduckgo.com/	0%	Avira URL Cloud	safe
https://duckduckgo.com/?smartbanner=1	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
t.co	172.66.0.227	true	false	unknown
duckduckgo.com	40.114.177.156	true	false	unknown
49anx.leadernegligent.top	23.177.184.66	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://49anx.leadernegligent.top/contactos	false		unknown
https://duckduckgo.com/	false	Avira URL Cloud: safe	unknown
http://49anx.leadernegligent.top/favicon.ico	false	Avira URL Cloud: safe	unknown
https://t.co/1A1wQwNFVf	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/assets/logo_social-media.png	chromecache_42.2.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/?smartbanner=1	chromecache_42.2.dr	false	Avira URL Cloud: safe	unknown
https://html.duckduckgo.com/html"	chromecache_42.2.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com	chromecache_42.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
40.114.177.156	duckduckgo.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.177.184.66	49anx.leadernegligent.top	Reserved	397321	PROVIDENCE-MB-CA-01CA	false
172.66.0.227	t.co	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520357
Start date and time:	2024-09-27 08:59:50 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://t.co/1A1wQwNFVf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/5@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.185.142, 142.251.168.84, 34.104.35.123, 20.12.23.50, 88.221.110.91, 2.16.100.168, 192.229.221.95, 20.3.187.198, 13.85.23.206, 13.85.23.86, 216.58.206.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://t.co/1A1wQwNFVf

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://49anx.leadernegligent.top/contactos Model: jbxai	{ "brand":["Globi"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: http://49anx.leadernegligent.top/contactos Model: jbxai

{
"brand":["Globi"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (41898), with no line terminators
Category:	dropped
Size (bytes):	41976
Entropy (8bit):	5.230242913065828
Encrypted:	false
SSDEEP:	768:jRh3Dh4PrG0k+67kFZRugOK9TMtrEdc2Vm5ENm:jRhU9OUTMtMrV/c
MD5:	FBCDB99507159D5ADDFB611628D97B0D
SHA1:	212A53454C0708CC1FE7D9CDD6A6601D1A9928AD
SHA-256:	9E4F86A55CC1DA7B15691188799F9B66EAD59E1223DCCCED1AEE0AE90283B31E
SHA-512:	CD2DD15C5B670C1704C8D0D5AAA4DAD994CE883103CEB799B6AB6D2F843A545DF2E19852078F6803E14D9A38C9288594942CEF0350C14D2EFD7AB2C175E50E56
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=1 , viewport-fit=auto"/><link rel="preload" href="/static-assets/font/ProximaNova-RegIt-webfont.woff2" as="font" type="font/woff2" crossorigin="anonymous"/><link rel="preload" href="/static-assets/font/ProximaNova-ExtraBold-webfont.woff2" as="font" type="font/woff2" crossorigin="anonymous"/><meta name="apple-itunes-app" content="app-id=663592361, app-argument=https://duckduckgo.com/?smartbanner=1"/><noscript><meta http-equiv="refresh" content="0; url="https://html.duckduckgo.com/html""/><style>body { display: none }</style></noscript><title>DuckDuckGo . Privacy, simplified.</title><meta name="description" content="The Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs."/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:site" co

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (320), with no line terminators
Category:	downloaded
Size (bytes):	320
Entropy (8bit):	4.7688408145247045
Encrypted:	false
SSDEEP:	6:p/ntc7pc3MRJVxCxXYBAlhl3d+AUm0RlXYBAlhl3FX9BXW31AXVbXYBAlrv3ub:plcVc3MxxGQAt3dWm0RlQAt3FPXK+XV8
MD5:	E6BE8AEBAAD1FB100BC0BF4AFF4A57F2
SHA1:	474CD0F4588F669772C78304AD13516EFF6948DD
SHA-256:	6EB6DD179E319775FE73BD72E43738444AB71B4AE84CC7FD1DC644B80172D8F6
SHA-512:	EFCD9536B38F8CF6356C03B824EBFA8E29A367CAFAC26F6B0EF45CD4D93CCBDDF666AB7DC7427271EC256065E71D51828E9F91ADD4CD2EADF607AB9DD8516BEE
Malicious:	false
Reputation:	low
URL:	https://t.co/1A1wQwNFVf
Preview:	<head><meta name="referrer" content="always"><noscript><META http-equiv="refresh" content="0;URL=http://49anx.leadernegligent.top/contactos"></noscript><title>http://49anx.leadernegligent.top/contactos</title></head><script>window.opener = null; location.replace("http:\/\/49anx.leadernegligent.top\/contactos")</script>

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	286
Entropy (8bit):	4.619770731844525
Encrypted:	false
SSDEEP:	6:hxLMmyr5EdxqXCrHFWyh1L203OTxBVWR7qa0XyN3hO97KG4Qb:hKd4x5DsyhslhWRWUfpNQb
MD5:	D8826A6F923CF0B8A54FFF6694D7968D
SHA1:	8F58D51CF27F3736C6BE9AECAEF4B114A7FF6195
SHA-256:	05ACA3F12D00636ED4561BF87C6DFA3EDD2891D3B50DCD1C4A96EE4B5B30A2D6
SHA-512:	91FC3BF02B1E76667F0C1CED9B148EED32907DCB8E99F0B03C82219DF93BF0DBFCF9AD0B255ADA7B068315C62F47C5B8294E00EF02F09240CEF6BEEF07D06328
Malicious:	false
Reputation:	low
URL:	http://49anx.leadernegligent.top/contactos
Preview:	<!DOCTYPE html>.<head>.<title>Server error!</title>.</head>.<body>.<h1>Server error!</h1>.<p>.The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script..</p>.<h2>Error 500</h2>.</body>.</html>

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 09:00:44.825350046 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 27, 2024 09:00:50.420409918 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.420449972 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.420535088 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.420607090 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.420639992 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.420694113 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.420944929 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.420958042 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.421155930 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.421176910 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.905240059 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.906059027 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.906086922 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.906343937 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.906879902 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.906944990 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.907751083 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.907834053 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.907978058 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.907983065 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.911433935 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.911596060 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.912031889 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.912039042 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:50.912478924 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:50.912585020 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:51.042581081 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:51.042671919 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:51.120611906 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:51.245220900 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:51.315057039 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:51.315253973 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:51.315305948 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:51.320796013 CEST	49735	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:00:51.320812941 CEST	443	49735	172.66.0.227	192.168.2.4
Sep 27, 2024 09:00:51.835721016 CEST	49739	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:51.838349104 CEST	49740	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:51.840993881 CEST	80	49739	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:51.841094017 CEST	49739	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:51.841790915 CEST	49739	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:51.843415976 CEST	80	49740	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:51.843530893 CEST	49740	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:51.846991062 CEST	80	49739	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:51.965514898 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:00:51.965555906 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:00:51.965624094 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:00:51.970196009 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:00:51.970210075 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:00:52.615252018 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:00:52.615803957 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:00:52.615818024 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:00:52.617233038 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:00:52.617327929 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:00:52.829672098 CEST	80	49739	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:52.829731941 CEST	80	49739	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:52.829802036 CEST	49739	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:52.866596937 CEST	49739	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:52.872160912 CEST	80	49739	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:53.192028999 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:00:53.192234993 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:00:53.319489002 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:00:53.319497108 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:00:53.424654007 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:00:53.648497105 CEST	49740	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:53.653928041 CEST	80	49740	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:54.428189039 CEST	80	49740	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:54.428246975 CEST	80	49740	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:54.428277016 CEST	80	49740	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:54.428519964 CEST	49740	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:54.439403057 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:54.439431906 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:54.439636946 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:54.443872929 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:54.443883896 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:54.448615074 CEST	49740	80	192.168.2.4	23.177.184.66
Sep 27, 2024 09:00:54.454018116 CEST	80	49740	23.177.184.66	192.168.2.4
Sep 27, 2024 09:00:54.460378885 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:54.460417032 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:54.460501909 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:54.461134911 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:54.461150885 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.082967043 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.083334923 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.083353043 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.084923983 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.085040092 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.098882914 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.098994017 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.103507996 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.103514910 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.103729010 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.177306890 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.219481945 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.371391058 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.371433020 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.371620893 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.373481035 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.373491049 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.373642921 CEST	49742	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.373647928 CEST	443	49742	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.518625021 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.519098997 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.520050049 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.520067930 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.616339922 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.616453886 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.616555929 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.617367029 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:55.617450953 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:55.621125937 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.769849062 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.769908905 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.769928932 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.769936085 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.769963026 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.769968987 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.770004988 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.770008087 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.770025015 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.770050049 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.770056963 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.770071030 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.770098925 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.770122051 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.780267000 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.780297041 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.780334949 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.780349970 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.780401945 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.780414104 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.780422926 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.780432940 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.780473948 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.782073975 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.782124996 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.782152891 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.782157898 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.782213926 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:55.782252073 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:55.782305002 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.023134947 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.023135900 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.023163080 CEST	443	49743	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.023243904 CEST	49743	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.067131996 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.067162037 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.067236900 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.068133116 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.068144083 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.262655020 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:56.262772083 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:56.273165941 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:56.273207903 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:56.273437977 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:56.276546001 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:56.319418907 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:56.545681000 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:56.545721054 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:56.545855999 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:56.547851086 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:56.547893047 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:56.547925949 CEST	49744	443	192.168.2.4	184.28.90.27
Sep 27, 2024 09:00:56.547940969 CEST	443	49744	184.28.90.27	192.168.2.4
Sep 27, 2024 09:00:56.688738108 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.689435959 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.689445972 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.691119909 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.691191912 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.692265034 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.692409039 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.692665100 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.692671061 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.746134043 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.948813915 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.948879004 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.948918104 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.948926926 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.948954105 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.948955059 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.949017048 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.949023962 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.949033022 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:56.949074030 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:56.949107885 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.030586004 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:57.030653954 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:57.030689955 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.030695915 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:57.030728102 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.030761957 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.031335115 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:57.031425953 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.031430960 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:57.031488895 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.031493902 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:57.031534910 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.031568050 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:00:57.031739950 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.031829119 CEST	49745	443	192.168.2.4	40.114.177.156
Sep 27, 2024 09:00:57.031836987 CEST	443	49745	40.114.177.156	192.168.2.4
Sep 27, 2024 09:01:02.522864103 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:02.523001909 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:02.523381948 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:01:02.805052042 CEST	49723	80	192.168.2.4	199.232.210.172
Sep 27, 2024 09:01:02.810446978 CEST	80	49723	199.232.210.172	192.168.2.4
Sep 27, 2024 09:01:02.810522079 CEST	49723	80	192.168.2.4	199.232.210.172
Sep 27, 2024 09:01:02.862371922 CEST	49741	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:01:02.862385035 CEST	443	49741	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:05.806961060 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:01:05.807116032 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:01:05.807203054 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:01:06.445677996 CEST	49736	443	192.168.2.4	172.66.0.227
Sep 27, 2024 09:01:06.445750952 CEST	443	49736	172.66.0.227	192.168.2.4
Sep 27, 2024 09:01:51.997675896 CEST	49754	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:01:51.997721910 CEST	443	49754	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:51.997840881 CEST	49754	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:01:51.998076916 CEST	49754	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:01:51.998092890 CEST	443	49754	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:52.137140036 CEST	49724	80	192.168.2.4	199.232.210.172
Sep 27, 2024 09:01:52.142518997 CEST	80	49724	199.232.210.172	192.168.2.4
Sep 27, 2024 09:01:52.142699003 CEST	49724	80	192.168.2.4	199.232.210.172
Sep 27, 2024 09:01:52.635481119 CEST	443	49754	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:52.635812044 CEST	49754	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:01:52.635822058 CEST	443	49754	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:52.636943102 CEST	443	49754	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:52.637378931 CEST	49754	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:01:52.637546062 CEST	443	49754	142.250.184.196	192.168.2.4
Sep 27, 2024 09:01:52.683892965 CEST	49754	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:02:02.541260958 CEST	443	49754	142.250.184.196	192.168.2.4
Sep 27, 2024 09:02:02.541407108 CEST	443	49754	142.250.184.196	192.168.2.4
Sep 27, 2024 09:02:02.541501045 CEST	49754	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:02:02.857712030 CEST	49754	443	192.168.2.4	142.250.184.196
Sep 27, 2024 09:02:02.857738972 CEST	443	49754	142.250.184.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 09:00:48.269263029 CEST	53	52100	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:48.386667967 CEST	53	65015	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:49.410310030 CEST	53	51695	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:50.411662102 CEST	58206	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:50.411988020 CEST	50323	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:50.419127941 CEST	53	50323	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:50.419202089 CEST	53	58206	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:51.586205006 CEST	50047	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:51.586760044 CEST	58835	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:51.790177107 CEST	53	58835	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:51.827811003 CEST	53	50047	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:51.954835892 CEST	55245	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:51.955826044 CEST	61211	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:51.962346077 CEST	53	55245	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:51.962466955 CEST	53	61211	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:54.451858997 CEST	52615	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:54.452483892 CEST	53612	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:54.458830118 CEST	53	52615	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:54.459621906 CEST	53	53612	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:56.057943106 CEST	61988	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:56.058917999 CEST	60621	53	192.168.2.4	1.1.1.1
Sep 27, 2024 09:00:56.065258980 CEST	53	61988	1.1.1.1	192.168.2.4
Sep 27, 2024 09:00:56.066328049 CEST	53	60621	1.1.1.1	192.168.2.4
Sep 27, 2024 09:01:03.742456913 CEST	138	138	192.168.2.4	192.168.2.255
Sep 27, 2024 09:01:06.453170061 CEST	53	57316	1.1.1.1	192.168.2.4
Sep 27, 2024 09:01:25.482306004 CEST	53	56240	1.1.1.1	192.168.2.4
Sep 27, 2024 09:01:47.754214048 CEST	53	55694	1.1.1.1	192.168.2.4
Sep 27, 2024 09:01:48.245408058 CEST	53	62834	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 09:00:50.411662102 CEST	192.168.2.4	1.1.1.1	0xbc0d	Standard query (0)	t.co	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:50.411988020 CEST	192.168.2.4	1.1.1.1	0xafa2	Standard query (0)	t.co	65	IN (0x0001)	false
Sep 27, 2024 09:00:51.586205006 CEST	192.168.2.4	1.1.1.1	0x1341	Standard query (0)	49anx.leadernegligent.top	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:51.586760044 CEST	192.168.2.4	1.1.1.1	0xd1ab	Standard query (0)	49anx.leadernegligent.top	65	IN (0x0001)	false
Sep 27, 2024 09:00:51.954835892 CEST	192.168.2.4	1.1.1.1	0x230d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:51.955826044 CEST	192.168.2.4	1.1.1.1	0xd85c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 27, 2024 09:00:54.451858997 CEST	192.168.2.4	1.1.1.1	0x9e21	Standard query (0)	duckduckgo.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:54.452483892 CEST	192.168.2.4	1.1.1.1	0x9e06	Standard query (0)	duckduckgo.com	65	IN (0x0001)	false
Sep 27, 2024 09:00:56.057943106 CEST	192.168.2.4	1.1.1.1	0x1ab4	Standard query (0)	duckduckgo.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:56.058917999 CEST	192.168.2.4	1.1.1.1	0xe7ab	Standard query (0)	duckduckgo.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 09:00:50.419202089 CEST	1.1.1.1	192.168.2.4	0xbc0d	No error (0)	t.co		172.66.0.227	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:51.827811003 CEST	1.1.1.1	192.168.2.4	0x1341	No error (0)	49anx.leadernegligent.top		23.177.184.66	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:51.962346077 CEST	1.1.1.1	192.168.2.4	0x230d	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:51.962466955 CEST	1.1.1.1	192.168.2.4	0xd85c	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 27, 2024 09:00:54.458830118 CEST	1.1.1.1	192.168.2.4	0x9e21	No error (0)	duckduckgo.com		40.114.177.156	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:00:56.065258980 CEST	1.1.1.1	192.168.2.4	0x1ab4	No error (0)	duckduckgo.com		40.114.177.156	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:01:00.774249077 CEST	1.1.1.1	192.168.2.4	0xd43f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 09:01:00.774249077 CEST	1.1.1.1	192.168.2.4	0xd43f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 27, 2024 09:01:14.206955910 CEST	1.1.1.1	192.168.2.4	0x4cbb	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 09:01:14.206955910 CEST	1.1.1.1	192.168.2.4	0x4cbb	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.co

49anx.leadernegligent.top

duckduckgo.com

fs.microsoft.com

https:

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	23.177.184.66	80	3716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 09:00:51.841790915 CEST	483	OUT	GET /contactos HTTP/1.1 Host: 49anx.leadernegligent.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: https://t.co/1A1wQwNFVf Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 09:00:52.829672098 CEST	580	IN	HTTP/1.0 500 Internal Server Error Date: Fri, 27 Sep 2024 07:00:52 GMT Server: Apache/2.4.38 (Debian) Access-Control-Allow-Origin: * Set-Cookie: zcknrt_contactos=0; expires=Sat, 28-Sep-2024 07:00:52 GMT; Max-Age=86400; path=/ Content-Length: 286 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 65 72 76 65 72 20 65 72 72 6f 72 21 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 53 65 72 76 65 72 20 65 72 72 6f 72 21 3c 2f 68 31 3e 0a 3c 70 3e 0a 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 2e 20 45 69 74 68 65 72 20 74 68 65 20 73 65 72 76 65 72 20 69 73 20 6f 76 65 72 6c 6f 61 64 65 64 20 6f 72 20 74 68 65 72 65 20 77 61 73 20 61 6e 20 65 72 72 6f 72 20 69 6e 20 61 20 43 47 49 20 73 63 72 69 70 74 2e 0a 3c 2f 70 3e 0a 3c 68 32 3e 45 72 72 6f 72 20 35 30 30 3c 2f 68 32 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><head><title>Server error!</title></head><body><h1>Server error!</h1><p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script.</p><h2>Error 500</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	23.177.184.66	80	3716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 09:00:53.648497105 CEST	431	OUT	GET /favicon.ico HTTP/1.1 Host: 49anx.leadernegligent.top Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://49anx.leadernegligent.top/contactos Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: zcknrt_contactos=0
Sep 27, 2024 09:00:54.428189039 CEST	235	IN	HTTP/1.1 302 Found Date: Fri, 27 Sep 2024 07:00:53 GMT Server: Apache/2.4.38 (Debian) Access-Control-Allow-Origin: * Location: https://duckduckgo.com Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	172.66.0.227	443	3716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 07:00:50 UTC	657	OUT	GET /1A1wQwNFVf HTTP/1.1 Host: t.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 07:00:51 UTC	1176	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 07:00:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close perf: 7402827104 vary: Origin expires: Fri, 27 Sep 2024 07:05:51 GMT set-cookie: muc=069bfb43-921a-48dc-96cf-fa6ec233c2bd; Max-Age=63072000; Expires=Sun, 27 Sep 2026 07:00:51 GMT; Domain=t.co; Secure; SameSite=None Cache-Control: private,max-age=300 referrer-policy: unsafe-url x-transaction-id: 504adde728fdbbf8 x-xss-protection: 0 content-security-policy: referrer always; strict-transport-security: max-age=0 x-response-time: 211 x-connection-hash: 9a441af7147ff47c087354e394da3c7d138400cb8550700d5a3880a67fdae616 CF-Cache-Status: DYNAMIC Set-Cookie: muc_ads=069bfb43-921a-48dc-96cf-fa6ec233c2bd; Max-Age=63072000; Expires=Sun, 27 Sep 2026 07:00:51 GMT; Path=/; Domain=t.co; Secure; SameSite=None Set-Cookie: __cf_bm=Yoo5sHYOlHpkDSMUqftBhA.Ov64pJL.qkKaG32pGfQY-1727420451-1.0.1.1-ftQFmW86n7kGwru0EhMj2kvIWrkzvILhp8AKubRicjIRtEr77OX31izeXiSAGhm3qP9KphIDfsFe3mI66hB5fw; path=/; expires=Fri, 27-Sep-24 07:30:51 GMT; domain=.t.co; HttpOnly; Secure; SameSite=None Server: cloudflare tsa_b CF-RAY: 8c999e7aaf817c84-EWR
2024-09-27 07:00:51 UTC	193	IN	Data Raw: 31 34 30 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 61 6c 77 61 79 73 22 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 68 74 74 70 3a 2f 2f 34 39 61 6e 78 2e 6c 65 61 64 65 72 6e 65 67 6c 69 67 65 6e 74 2e 74 6f 70 2f 63 6f 6e 74 61 63 74 6f 73 22 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 74 69 74 6c 65 3e 68 74 74 70 3a 2f 2f 34 39 61 6e 78 2e 6c 65 61 64 65 72 6e 65 67 6c 69 67 65 6e 74 2e Data Ascii: 140<head><meta name="referrer" content="always"><noscript><META http-equiv="refresh" content="0;URL=http://49anx.leadernegligent.top/contactos"></noscript><title>http://49anx.leadernegligent.
2024-09-27 07:00:51 UTC	134	IN	Data Raw: 74 6f 70 2f 63 6f 6e 74 61 63 74 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 70 65 6e 65 72 20 3d 20 6e 75 6c 6c 3b 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 22 68 74 74 70 3a 5c 2f 5c 2f 34 39 61 6e 78 2e 6c 65 61 64 65 72 6e 65 67 6c 69 67 65 6e 74 2e 74 6f 70 5c 2f 63 6f 6e 74 61 63 74 6f 73 22 29 3c 2f 73 63 72 69 70 74 3e 0d 0a Data Ascii: top/contactos</title></head><script>window.opener = null; location.replace("http:\/\/49anx.leadernegligent.top\/contactos")</script>
2024-09-27 07:00:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 07:00:55 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 07:00:55 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=35119 Date: Fri, 27 Sep 2024 07:00:55 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	40.114.177.156	443	3716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 07:00:55 UTC	452	OUT	GET / HTTP/1.1 Host: duckduckgo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://49anx.leadernegligent.top/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 07:00:55 UTC	2365	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 07:00:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 41976 Connection: close Vary: Accept-Encoding ETag: "66f5d3eb-a3f8" Strict-Transport-Security: max-age=31536000 Permissions-Policy: interest-cohort=() Content-Security-Policy: default-src 'none' ; connect-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ h [TRUNCATED] X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block X-Content-Type-Options: nosniff Referrer-Policy: origin Expect-CT: max-age=0 Expires: Fri, 27 Sep 2024 07:00:54 GMT Cache-Control: no-cache Accept-Ranges: bytes
2024-09-27 07:00:55 UTC	14019	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 31 20 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 61 75 74 6f 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 2f 73 74 61 74 69 63 2d 61 73 73 65 74 73 2f 66 6f 6e 74 2f 50 72 6f 78 69 6d 61 4e 6f 76 61 2d 52 65 67 49 74 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 32 22 20 61 73 3d 22 66 6f 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=1 , viewport-fit=auto"/><link rel="preload" href="/static-assets/font/ProximaNova-RegIt-webfont.woff2" as="fon
2024-09-27 07:00:55 UTC	16384	IN	Data Raw: 72 6f 6d 20 74 68 65 20 64 72 6f 70 64 6f 77 6e 2e 22 7d 5d 2c 22 4b 65 4f 69 4c 71 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 43 6c 69 63 6b 20 22 7d 2c 7b 22 74 79 70 65 22 3a 31 2c 22 76 61 6c 75 65 22 3a 22 73 65 61 72 63 68 49 63 6f 6e 22 7d 2c 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 20 22 7d 2c 7b 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 53 65 61 72 63 68 20 65 6e 67 69 6e 65 22 7d 5d 2c 22 74 79 70 65 22 3a 38 2c 22 76 61 6c 75 65 22 3a 22 42 6f 6c 64 22 7d 2c 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 2e 22 7d 5d 2c 22 55 46 78 67 63 53 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 43 6c 69 63 6b 20 22 7d 2c 7b 22 74 79 70 Data Ascii: rom the dropdown."}],"KeOiLq":[{"type":0,"value":"Click "},{"type":1,"value":"searchIcon"},{"type":0,"value":" "},{"children":[{"type":0,"value":"Search engine"}],"type":8,"value":"Bold"},{"type":0,"value":"."}],"UFxgcS":[{"type":0,"value":"Click "},{"typ
2024-09-27 07:00:55 UTC	11573	IN	Data Raw: 61 72 73 2e 20 57 65 20 61 6c 73 6f 20 6d 61 6b 65 20 6d 6f 6e 65 79 20 66 72 6f 6d 20 74 68 65 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 66 65 65 20 74 68 61 74 20 75 73 65 72 73 20 70 61 79 20 74 6f 20 61 63 63 65 73 73 20 22 7d 2c 7b 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 50 72 69 76 61 63 79 20 50 72 6f 22 7d 5d 2c 22 74 79 70 65 22 3a 38 2c 22 76 61 6c 75 65 22 3a 22 70 72 69 76 61 63 79 50 72 6f 4c 69 6e 6b 22 7d 2c 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 2c 20 6f 75 72 20 74 68 72 65 65 2d 69 6e 2d 6f 6e 65 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 73 65 72 76 69 63 65 2e 20 22 7d 2c 7b 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 Data Ascii: ars. We also make money from the subscription fee that users pay to access "},{"children":[{"type":0,"value":"Privacy Pro"}],"type":8,"value":"privacyProLink"},{"type":0,"value":", our three-in-one subscription service. "},{"children":[{"type":0,"value":"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 07:00:56 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 07:00:56 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=35064 Date: Fri, 27 Sep 2024 07:00:56 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-27 07:00:56 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	40.114.177.156	443	3716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 07:00:56 UTC	338	OUT	GET / HTTP/1.1 Host: duckduckgo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 07:00:56 UTC	2365	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 07:00:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 41976 Connection: close Vary: Accept-Encoding ETag: "66f5d3ec-a3f8" Strict-Transport-Security: max-age=31536000 Permissions-Policy: interest-cohort=() Content-Security-Policy: default-src 'none' ; connect-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ h [TRUNCATED] X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block X-Content-Type-Options: nosniff Referrer-Policy: origin Expect-CT: max-age=0 Expires: Fri, 27 Sep 2024 07:00:55 GMT Cache-Control: no-cache Accept-Ranges: bytes
2024-09-27 07:00:56 UTC	14019	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 31 20 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 61 75 74 6f 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 2f 73 74 61 74 69 63 2d 61 73 73 65 74 73 2f 66 6f 6e 74 2f 50 72 6f 78 69 6d 61 4e 6f 76 61 2d 52 65 67 49 74 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 32 22 20 61 73 3d 22 66 6f 6e Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=1 , viewport-fit=auto"/><link rel="preload" href="/static-assets/font/ProximaNova-RegIt-webfont.woff2" as="fon
2024-09-27 07:00:57 UTC	16384	IN	Data Raw: 72 6f 6d 20 74 68 65 20 64 72 6f 70 64 6f 77 6e 2e 22 7d 5d 2c 22 4b 65 4f 69 4c 71 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 43 6c 69 63 6b 20 22 7d 2c 7b 22 74 79 70 65 22 3a 31 2c 22 76 61 6c 75 65 22 3a 22 73 65 61 72 63 68 49 63 6f 6e 22 7d 2c 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 20 22 7d 2c 7b 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 53 65 61 72 63 68 20 65 6e 67 69 6e 65 22 7d 5d 2c 22 74 79 70 65 22 3a 38 2c 22 76 61 6c 75 65 22 3a 22 42 6f 6c 64 22 7d 2c 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 2e 22 7d 5d 2c 22 55 46 78 67 63 53 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 43 6c 69 63 6b 20 22 7d 2c 7b 22 74 79 70 Data Ascii: rom the dropdown."}],"KeOiLq":[{"type":0,"value":"Click "},{"type":1,"value":"searchIcon"},{"type":0,"value":" "},{"children":[{"type":0,"value":"Search engine"}],"type":8,"value":"Bold"},{"type":0,"value":"."}],"UFxgcS":[{"type":0,"value":"Click "},{"typ
2024-09-27 07:00:57 UTC	11573	IN	Data Raw: 61 72 73 2e 20 57 65 20 61 6c 73 6f 20 6d 61 6b 65 20 6d 6f 6e 65 79 20 66 72 6f 6d 20 74 68 65 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 66 65 65 20 74 68 61 74 20 75 73 65 72 73 20 70 61 79 20 74 6f 20 61 63 63 65 73 73 20 22 7d 2c 7b 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 50 72 69 76 61 63 79 20 50 72 6f 22 7d 5d 2c 22 74 79 70 65 22 3a 38 2c 22 76 61 6c 75 65 22 3a 22 70 72 69 76 61 63 79 50 72 6f 4c 69 6e 6b 22 7d 2c 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 2c 20 6f 75 72 20 74 68 72 65 65 2d 69 6e 2d 6f 6e 65 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 73 65 72 76 69 63 65 2e 20 22 7d 2c 7b 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 74 79 70 65 22 3a 30 2c 22 76 61 6c 75 65 22 3a 22 Data Ascii: ars. We also make money from the subscription fee that users pay to access "},{"children":[{"type":0,"value":"Privacy Pro"}],"type":8,"value":"privacyProLink"},{"type":0,"value":", our three-in-one subscription service. "},{"children":[{"type":0,"value":"

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4444, Parent PID: 3568

General

Target ID:	0
Start time:	03:00:39
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3716, Parent PID: 4444

General

Target ID:	2
Start time:	03:00:46
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=2008,i,2581882664336918239,6513653453507597270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6428, Parent PID: 3568

General

Target ID:	3
Start time:	03:00:49
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/1A1wQwNFVf"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://t.co/1A1wQwNFVf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4444, Parent PID: 3568

General

Chronological Activities

Analysis Process: chrome.exePID: 3716, Parent PID: 4444

General

Chronological Activities

Analysis Process: chrome.exePID: 6428, Parent PID: 3568

General

Chronological Activities

Disassembly

Windows Analysis Report
https://t.co/1A1wQwNFVf