Edit tour

Windows Analysis Report
http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php

Overview

General Information

Sample URL:	http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php
Analysis ID:	1521839
Tags:	openphish
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Suricata IDS alerts with low severity for network traffic

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1996,i,6011880305847496289,151698508360679670,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Suricata Signatures

ET PHISHING Multiple Javascript Unescapes - Common Obfuscation Observed in Phish Landing

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-29T04:31:37.423371+0200	2025231	2	Possible Social Engineering Attempted	192.185.157.252	80	192.168.2.4	49735	TCP

HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 29 Sep 2024 02:31:37 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2575Keep-Alive: timeout=5, max=75Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 5d 73 da 48 16 7d 0e bf 82 b0 a5 b2 3d 13 59 42 42 08 36 98 2a c0 22 b3 55 99 da 87 4c fc de a8 5b d0 b6 d4 d2 b6 ba 6d e3 5f bf b7 3f 00 c9 06 e2 6c f6 61 b7 8d 25 f5 b9 df e7 9e ce 64 23 8a 7c da 99 6c 08 c2 f0 aa 53 4e 2b d1 15 db 8a dc f4 04 79 16 de 3d 7a 44 06 ed 81 fd a3 eb 76 70 99 ca 82 30 71 fd c4 a9 20 97 92 91 3a 45 15 b9 bc 70 c2 85 a0 22 27 4e 98 38 32 8e c2 c8 91 d1 3c f2 1d 39 f6 67 80 0c 92 e5 d0 91 a3 f9 5c 59 97 c3 c4 89 17 4e a0 ac b3 d1 42 e1 8b 3e 24 f0 f6 19 fc 99 fa 85 8b 9c b2 07 f0 e3 24 77 c2 5b 27 08 68 5a 32 78 01 b4 e1 24 33 58 46 73 52 7b 14 5f 57 6c 6d 6c 35 7d 21 b5 31 f6 c3 e7 7e 68 50 35 97 cd 52 a0 35 f1 ac fb be 9a 2e e8 29 2e 2c 16 2e 56 25 de 42 64 81 f8 9a b2 0d a1 eb 8d 30 19 7c 93 d2 18 9e 28 16 9b 16 2e ca ca 98 5a e8 aa 14 a2 2c 8e 18 b8 4a 7c 04 cf 49 76 14 56 a4 68 c0 09 c2 70 19 8d 67 03 63 40 27 2d 8f 27 2c 0d aa 05 5a 01 f7 81 df 98 a6 ef 43 c5 c8 f2 dd 98 de 20 29 c9 f3 ba 42 29 05 1e 0f ed 35 33 72 75 83 37 7e 15 1f ee 08 59 a7 65 5e f2 7d 5f be 3e ed a5 8c 8f b7 b6 1f 78 6d b9 49 41 94 84 db d8 5d ed fd 62 4d 9a dd 62 f5 8d 16 6b 25 15 9e 36 55 54 20 9a 1f 74 d4 a8 37 f0 df d2 10 c4 8d 56 c7 5a bf f8 68 d5 56 a6 68 df e3 29 f7 46 c6 ac 64 02 c2 33 94 5a e9 7e 95 29 c5 08 a0 2f 1c 31 0c a4 2c e0 7b 0f 7e 43 ac 86 d7 77 46 d3 f2 84 51 41 b7 e4 1e dd c9 16 74 47 38 46 0c 99 4b 0d b0 5b 13 4e 33 33 74 4d 5f 6c 79 2b a7 f6 da 32 7d 5a 5c c8 38 0a 23 47 46 f3 c8 77 e4 d8 9f 25 8e 1c 24 cb a1 23 47 f3 39 7c c7 cb 61 83 35 3d e4 1b 1a 2f ae ae 3e 77 3c cf 75 a7 9d 89 57 a7 9c 56 62 da b1 e7 c3 44 e0 ae e6 f4 a6 37 f2 fd de 14 10 4c 1f bb 5a 0f 37 3d ae 76 a4 41 d4 dd 70 92 dd f4 7a dd 5a 6c 73 72 d3 13 e4 59 b8 98 a4 25 47 82 96 ec ef ac 64 44 7b aa 26 ba 8a e7 9b 9e 61 ac 6b 18 fe d4 b5 57 c5 55 d7 32 db 02 3f 75 0d 9f f6 62 99 fc d4 3d b0 08 d5 81 c1 9b de a0 d7 d5 cc dd f4 fe 66 38 53 95 3f 4c 34 01 aa 07 0f e9 27 4c a2 df 02 ab 81 27 66 f6 ae d8 56 b6 7f ef 1e 3d 22 83 42 82 c9 47 d7 ed e0 32 95 05 61 e2 fa 89 53 41 2e 25 23 75 8a 2a 72 79 f1 73 02 3c a3 44 a5 20 c5 e5 6e eb 2d e1 d3 62 ad 64 c2 53 63 cd 68 4e 6a 8f e2 eb 8a ad 8d 60 1a e5 83 91 81 36 44 6d a9 8d ad 4a 8e 89 15 96 ff aa 86 87 de 6a a4 d9 ae 27 f8 6e 2a b4 ca c9 c1 ba 77 de fb 1c 19 58 b9 ed 12 68 c2 9a ed 0d 7d db de ba 2d fc a5 3e af e9 3c c7 eb d9 32 ef 28 d2 5c 8f 9e b2 45 ed 30 b2 8d a2 9c ae 99 c1 52 50 05 50 aa e1 94 e4 79 5d a1 94 c2 5a de 70 bc 4b 7b e8 ae 41 b7 52 28 24 c8 50 4a 4c e4 57 99 52 ac 34 f1 85 23 86 a1 8f 05 7c ef c1 6f 88 d5 f0 fa ce 68 5a 9e 30 2a e8 96 dc a3 3b d9 82 ee 08 c7 88 21 73 a9 01 76 6b c2 69 66 fa af e9 8b 2d ff bb 25 ab 4d 55 b8 8c c6 b3 41 4b 37 32 4a fa be 23 87 41 18 3b 72 3c 1b 2d 1c 39 9a 2f

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-admin/pilgrim/upload/en.php HTTP/1.1Host: www.aichappraisers.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/pilgrim/upload/files/mail.png HTTP/1.1Host: www.aichappraisers.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/pilgrim/upload/files/id.png HTTP/1.1Host: www.aichappraisers.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/pilgrim/upload/files/mail.png HTTP/1.1Host: www.aichappraisers.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/pilgrim/upload/files/id.png HTTP/1.1Host: www.aichappraisers.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.aichappraisers.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 53860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53860
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: mal64.win@16/10@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1996,i,6011880305847496289,151698508360679670,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1996,i,6011880305847496289,151698508360679670,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	17%	Virustotal		Browse
http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Link
aichappraisers.com	8%	Virustotal	Browse
www.aichappraisers.com	10%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
206.23.85.13.in-addr.arpa	1%	Virustotal	Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.185.68	true	false	0%, Virustotal, Browse	unknown
aichappraisers.com	192.185.157.252	true	false	8%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
206.23.85.13.in-addr.arpa	unknown	unknown	false	1%, Virustotal, Browse	unknown
www.aichappraisers.com	unknown	unknown	false	10%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Reputation
http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	true	unknown
http://www.aichappraisers.com/wp-admin/pilgrim/upload/files/mail.png	false	unknown
http://www.aichappraisers.com/wp-admin/pilgrim/upload/files/id.png	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.185.157.252	aichappraisers.com	United States	46606	UNIFIEDLAYER-AS-1US	false
216.58.206.36	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521839
Start date and time:	2024-09-29 04:30:42 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.win@16/10@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.185.206, 74.125.71.84, 34.104.35.123, 142.250.181.234, 142.250.185.234, 142.250.185.202, 172.217.18.10, 142.250.185.106, 172.217.16.138, 216.58.206.42, 216.58.212.170, 142.250.184.234, 142.250.185.170, 142.250.185.138, 142.250.185.74, 142.250.184.202, 142.250.186.170, 172.217.23.106, 142.250.186.42, 4.175.87.197, 199.232.214.172, 192.229.221.95, 13.85.23.206, 52.165.164.15, 4.245.163.56, 131.107.255.255, 13.85.23.86, 142.250.184.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php Model: jbxai

URL: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php Model: jbxai

URL: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php Model: jbxai

URL: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php Model: jbxai

URL: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php Model: jbxai

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4545
Entropy (8bit):	7.913787884103512
Encrypted:	false
SSDEEP:	96:kId9viKmNuAlugFx86YPARZxlZfYbZI2YMWM+aZLu:kyiKWu1Ux8HIDdYG/MWr
MD5:	20012B70E82C499B433B37B2A98B9079
SHA1:	847A4AA7495440EECA16EB6211EC72C7DEA2E22B
SHA-256:	272C9A8EE9FAF4BB46B70403CDA777CE98F24FD48B2083EE133478461261D5DD
SHA-512:	945EEA20183A0F698E691395FDD6CCBDDFD216906E1349B1DB1D46A6A7154825DF15E370F5F8729363848D3749B997B9E8F7704BBB045C9C971CB1F1B09090A6
Malicious:	false
Reputation:	low
URL:	http://www.aichappraisers.com/wp-admin/pilgrim/upload/files/id.png
Preview:	.PNG........IHDR..............X......pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<...NIDATx...q.H....Of@n..F \..#...x...`..D%p."X0.%#X0.##.....).......U(....f............}.q...Y}..k..?'..{....\|l.\....why.>. .....g-.....u`p..jp...q..........U......S.($j......0.....@:.Ks...{.}}.....@.P.[P....%y@8.(.E'..,5(k..7.S.....^+g!HV).J....>.f..%.........[..............c...@. ......r..r.e..\|..p,8...T....CT.;...u. n...j..4....$.3.....b.X.......7.......<S...f..q.......#h...MM....p...\#E.a.......ny.....C.. q...x.dAf0j.5 \.Z..g....Q....oh..^......6.:...........\~W......,.......&.R...^8V.-....\. ...A.,SXl'0P-..x.[...@......P......@..r.+..Pj.^.....$.kKp.l/R..g9GYX........p....;...o;}7U?.)6C.=.%......5j.s...c...$FH...".^..#....oc..9 ....9T..5.X......g."........JH....."..>....T~..U...=.r...8.R....B..H..ba.p...l..w..Y`..P7..p...P_.+J.$..k.I.J....p.0!...s=.[..Z.%..+..hB...^.c.S...@...p....o..Q....\..%...$./3.DQ@8)...D.as.q.IO..lI'.k%.h....H.._..~$..Ds.Lp4..S...

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 7878
Category:	downloaded
Size (bytes):	2575
Entropy (8bit):	7.905287871789873
Encrypted:	false
SSDEEP:	48:XKXbDCOkcpS/L913PfcnmonGjjEj9Eua6hTQfD27Lt1gzsHU+3yO66uPZh7otb90:aLGxJl+CQH50fD27Lt1oMUdhh7Qt74EW
MD5:	563EBF27777132D65E6D9C262C97E8AF
SHA1:	7024C07F594E670A2D8A8D420B5DE31A4DED8033
SHA-256:	19A0887942CC9E7B54CEA62951A7B73B4F441A8E80220FB0EF97EAF1362CCB74
SHA-512:	1298E53E666BEE9321E5C90A713028F7E7AD3CF395CEC28AEAF09EC996522AB08F7E22D2A098A0F10FFF17798DAB481DD5E526CCC636CEC9918796D765031767
Malicious:	false
Reputation:	low
URL:	http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php
Preview:	...........R]s.H.}......=.YBB.6..".U..L..[....m._..?....l.a..%.....d#.\|.l...SN+......y..=zD.....vp..0q.. ...:E...p.."'N.82....<..9.g.......\Y....N....B.>$.............$w.['.hZ2x...$3XFsR{._Wlml5}!.1...~hP5..R.5......).,..V%.Bd.......0.\|....(......Z...,...J\|..Iv.V.h...p..g.c@'-.',...Z......C..... )..B)....53ru.7~....Y.e^.}_.>.....xm.IA....]..bM..b...k%..6UT ..t.7.....V.Z..h.V.h..).F.d..3.Z.~.).../.1..,.{.~C...wF..QA......tG8F..K..[.N33tM_ly+...2}Z\.8.#GF..w..%..$.#G.9\|..a.5=.../..>w<.u...W..Vb...D....7.....L..Z.7=.v.A..p...z.Zlsr...Y...%G....dD{.&...a.k...W.U.2..?u...b...=............f8S.?L4.....'L.....'f...V....=".B..G...2..a...SA.%#u.ry.s.<.D. ..n.-..b.d.Sc.hNj....`...6Dm...J.........j..'.n.....w....X...h...}..-..>..<...2.(.\...E.0.......RP.P...y]...Z.p.K{.A.R($.PJL.W.R.4.#....\|..o.....hZ.0..;....!s..vk.if...-..%.MU...AK72J..#.A.;r<.-.9./........V..v.~]".......176.?...............h9.$......p4.g.F..A.r...G....C....?.rc.

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 312 x 214, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	34328
Entropy (8bit):	7.977432863813678
Encrypted:	false
SSDEEP:	768:Y35cI0uCwufT2AYwGdSLdge33Q4dw9nxCqkcDMxdbYviEBs7LA:zI01wk2vdveNwuxxivimgLA
MD5:	23F7E3555145F8B35F9187347E80B490
SHA1:	30BE3577BA0615B4A350FFEDE5BAB43332B7CEDF
SHA-256:	E11A6773A10302F1D4A38C34B58395884C4AD628FF0F7842AA03FBA5E8E50AB1
SHA-512:	96ACB3864D3ABA86ABE64FBE1579B7B640EBC31E4D92015CA52E425C962A0F97215AC201A51CABACD6D820FA5FBB63C64AAD963D53FCEE69D28625A13CCED748
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...8.........EF.,....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4545
Entropy (8bit):	7.913787884103512
Encrypted:	false
SSDEEP:	96:kId9viKmNuAlugFx86YPARZxlZfYbZI2YMWM+aZLu:kyiKWu1Ux8HIDdYG/MWr
MD5:	20012B70E82C499B433B37B2A98B9079
SHA1:	847A4AA7495440EECA16EB6211EC72C7DEA2E22B
SHA-256:	272C9A8EE9FAF4BB46B70403CDA777CE98F24FD48B2083EE133478461261D5DD
SHA-512:	945EEA20183A0F698E691395FDD6CCBDDFD216906E1349B1DB1D46A6A7154825DF15E370F5F8729363848D3749B997B9E8F7704BBB045C9C971CB1F1B09090A6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............X......pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<...NIDATx...q.H....Of@n..F \..#...x...`..D%p."X0.%#X0.##.....).......U(....f............}.q...Y}..k..?'..{....\|l.\....why.>. .....g-.....u`p..jp...q..........U......S.($j......0.....@:.Ks...{.}}.....@.P.[P....%y@8.(.E'..,5(k..7.S.....^+g!HV).J....>.f..%.........[..............c...@. ......r..r.e..\|..p,8...T....CT.;...u. n...j..4....$.3.....b.X.......7.......<S...f..q.......#h...MM....p...\#E.a.......ny.....C.. q...x.dAf0j.5 \.Z..g....Q....oh..^......6.:...........\~W......,.......&.R...^8V.-....\. ...A.,SXl'0P-..x.[...@......P......@..r.+..Pj.^.....$.kKp.l/R..g9GYX........p....;...o;}7U?.)6C.=.%......5j.s...c...$FH...".^..#....oc..9 ....9T..5.X......g."........JH....."..>....T~..U...=.r...8.R....B..H..ba.p...l..w..Y`..P7..p...P_.+J.$..k.I.J....p.0!...s=.[..Z.%..+..hB...^.c.S...@...p....o..Q....\..%...$./3.DQ@8)...D.as.q.IO..lI'.k%.h....H.._..~$..Ds.Lp4..S...

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HwT:QT
MD5:	344EB8D19F5C0A3435EF32FD9601F1FB
SHA1:	E082EB1D89D91CC1A25A1D510268E576109DA07E
SHA-256:	B44289B54959639FCA6A742F7CC2E2A5AF9C6E7B73C1B3E25227CA9790F3A587
SHA-512:	EB9F1CD4A566192160371F4B182EE00180F6912333FFB79C537BD80635A6AFE6379FBE7BB74043D635BA65C9F4F956D9E97E516E24E516F2591192A36F866EAE
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlcHWoz3f4MexIFDc5BTHo=?alt=proto
Preview:	CgkKBw3OQUx6GgA=

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 312 x 214, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	34328
Entropy (8bit):	7.977432863813678
Encrypted:	false
SSDEEP:	768:Y35cI0uCwufT2AYwGdSLdge33Q4dw9nxCqkcDMxdbYviEBs7LA:zI01wk2vdveNwuxxivimgLA
MD5:	23F7E3555145F8B35F9187347E80B490
SHA1:	30BE3577BA0615B4A350FFEDE5BAB43332B7CEDF
SHA-256:	E11A6773A10302F1D4A38C34B58395884C4AD628FF0F7842AA03FBA5E8E50AB1
SHA-512:	96ACB3864D3ABA86ABE64FBE1579B7B640EBC31E4D92015CA52E425C962A0F97215AC201A51CABACD6D820FA5FBB63C64AAD963D53FCEE69D28625A13CCED748
Malicious:	false
Reputation:	low
URL:	http://www.aichappraisers.com/wp-admin/pilgrim/upload/files/mail.png
Preview:	.PNG........IHDR...8.........EF.,....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-29T04:31:37.423371+0200	2025231	ET PHISHING Multiple Javascript Unescapes - Common Obfuscation Observed in Phish Landing	2	192.185.157.252	80	192.168.2.4	49735	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 04:31:36.624329090 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:36.624862909 CEST	49736	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:36.629251957 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:36.629338026 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:36.629529953 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:36.629609108 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:36.629667044 CEST	49736	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:36.634888887 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.169018030 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.169038057 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.169049978 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.169096947 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.418520927 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.423371077 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544637918 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544656992 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544675112 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544688940 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544701099 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544712067 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544725895 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544734955 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.544743061 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544754982 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.544792891 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.545301914 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.545351028 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.545355082 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.545361996 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.545399904 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.564265966 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.564279079 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.564289093 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.564336061 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.604775906 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.629911900 CEST	49736	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.634845018 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635406017 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635432005 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635442019 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635452986 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635499001 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.635533094 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.635900021 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635911942 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635922909 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635932922 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635942936 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635948896 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.635952950 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.635971069 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.635993958 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.636873007 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.636885881 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.636897087 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.636907101 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.636915922 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.636924982 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.636934996 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.636950970 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.636970043 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.762748003 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.762773037 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.762780905 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.762787104 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.762799025 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:37.762866020 CEST	49736	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:37.815680027 CEST	49736	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.447371960 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.447910070 CEST	49742	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.452857018 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.452950001 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.453136921 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.453202963 CEST	49742	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.453476906 CEST	49743	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.453809023 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.453877926 CEST	49742	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.458369970 CEST	80	49743	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.458436012 CEST	49743	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.458612919 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.458678007 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.966059923 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.966070890 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.966087103 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.966098070 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.966108084 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.966118097 CEST	49742	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.966145992 CEST	49742	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.968024015 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968070030 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968080997 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968111992 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.968183041 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968195915 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968206882 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968218088 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968225002 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.968233109 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968244076 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968252897 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.968255043 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.968288898 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:38.972939968 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.972951889 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.972961903 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:38.973005056 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.055187941 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055213928 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055227041 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055238008 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055250883 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055258989 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.055263996 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055277109 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.055314064 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.055509090 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055519104 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055538893 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055551052 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.055568933 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.055587053 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.056135893 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.056147099 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.056159973 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.056185961 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.056200981 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.056212902 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.056224108 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.056246996 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.056262970 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.057048082 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.057112932 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:39.057152987 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:39.121890068 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:39.121922970 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:39.121985912 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:39.122503996 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:39.122517109 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:39.382833958 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:39.382883072 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:39.382956982 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:39.388221979 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:39.388240099 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:39.783231020 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:39.789132118 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:39.789163113 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:39.790182114 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:39.790313005 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:39.791660070 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:39.791712999 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:39.844702959 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:39.844728947 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:39.891586065 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:40.029957056 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.030056953 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.032455921 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.032466888 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.032717943 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.069698095 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.111406088 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.294435024 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.294504881 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.294689894 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.294823885 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.294823885 CEST	49745	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.294840097 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.294847965 CEST	443	49745	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.335664034 CEST	49746	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.335690975 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.335917950 CEST	49746	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.336167097 CEST	49746	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:40.336177111 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.997029066 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:40.997108936 CEST	49746	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:41.000266075 CEST	49746	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:41.000277996 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:41.000516891 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:41.003735065 CEST	49746	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:41.051405907 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:41.297703981 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:41.297769070 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:41.297815084 CEST	49746	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:41.300141096 CEST	49746	443	192.168.2.4	2.19.244.127
Sep 29, 2024 04:31:41.300164938 CEST	443	49746	2.19.244.127	192.168.2.4
Sep 29, 2024 04:31:42.545644999 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:42.545711994 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:42.764729023 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:42.764811039 CEST	49736	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:42.810750008 CEST	49735	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:42.810887098 CEST	49736	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:42.815619946 CEST	80	49735	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:42.815707922 CEST	80	49736	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:43.967992067 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:43.968065977 CEST	49742	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:43.969100952 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:43.969146967 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:44.877852917 CEST	49742	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:44.877948046 CEST	49741	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:31:44.882910013 CEST	80	49742	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:44.882921934 CEST	80	49741	192.185.157.252	192.168.2.4
Sep 29, 2024 04:31:49.679898024 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:49.679963112 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:31:49.680017948 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:50.910378933 CEST	49744	443	192.168.2.4	142.250.185.68
Sep 29, 2024 04:31:50.910408974 CEST	443	49744	142.250.185.68	192.168.2.4
Sep 29, 2024 04:32:05.227844954 CEST	53854	53	192.168.2.4	162.159.36.2
Sep 29, 2024 04:32:05.232769966 CEST	53	53854	162.159.36.2	192.168.2.4
Sep 29, 2024 04:32:05.232870102 CEST	53854	53	192.168.2.4	162.159.36.2
Sep 29, 2024 04:32:05.232923985 CEST	53854	53	192.168.2.4	162.159.36.2
Sep 29, 2024 04:32:05.237642050 CEST	53	53854	162.159.36.2	192.168.2.4
Sep 29, 2024 04:32:05.696223021 CEST	53	53854	162.159.36.2	192.168.2.4
Sep 29, 2024 04:32:05.697036028 CEST	53854	53	192.168.2.4	162.159.36.2
Sep 29, 2024 04:32:05.702156067 CEST	53	53854	162.159.36.2	192.168.2.4
Sep 29, 2024 04:32:05.702241898 CEST	53854	53	192.168.2.4	162.159.36.2
Sep 29, 2024 04:32:23.469829082 CEST	49743	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:32:23.476077080 CEST	80	49743	192.185.157.252	192.168.2.4
Sep 29, 2024 04:32:38.882168055 CEST	49743	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:32:38.887789011 CEST	80	49743	192.185.157.252	192.168.2.4
Sep 29, 2024 04:32:38.888190031 CEST	49743	80	192.168.2.4	192.185.157.252
Sep 29, 2024 04:32:39.349000931 CEST	53860	443	192.168.2.4	216.58.206.36
Sep 29, 2024 04:32:39.349042892 CEST	443	53860	216.58.206.36	192.168.2.4
Sep 29, 2024 04:32:39.353183031 CEST	53860	443	192.168.2.4	216.58.206.36
Sep 29, 2024 04:32:39.353480101 CEST	53860	443	192.168.2.4	216.58.206.36
Sep 29, 2024 04:32:39.353499889 CEST	443	53860	216.58.206.36	192.168.2.4
Sep 29, 2024 04:32:40.000631094 CEST	443	53860	216.58.206.36	192.168.2.4
Sep 29, 2024 04:32:40.001168013 CEST	53860	443	192.168.2.4	216.58.206.36
Sep 29, 2024 04:32:40.001204014 CEST	443	53860	216.58.206.36	192.168.2.4
Sep 29, 2024 04:32:40.001527071 CEST	443	53860	216.58.206.36	192.168.2.4
Sep 29, 2024 04:32:40.004467964 CEST	53860	443	192.168.2.4	216.58.206.36
Sep 29, 2024 04:32:40.004540920 CEST	443	53860	216.58.206.36	192.168.2.4
Sep 29, 2024 04:32:40.048187971 CEST	53860	443	192.168.2.4	216.58.206.36
Sep 29, 2024 04:32:43.470817089 CEST	49723	80	192.168.2.4	93.184.221.240
Sep 29, 2024 04:32:43.470946074 CEST	49724	80	192.168.2.4	93.184.221.240
Sep 29, 2024 04:32:43.476099968 CEST	80	49723	93.184.221.240	192.168.2.4
Sep 29, 2024 04:32:43.476180077 CEST	49723	80	192.168.2.4	93.184.221.240
Sep 29, 2024 04:32:43.476507902 CEST	80	49724	93.184.221.240	192.168.2.4
Sep 29, 2024 04:32:43.476569891 CEST	49724	80	192.168.2.4	93.184.221.240
Sep 29, 2024 04:32:49.912539005 CEST	443	53860	216.58.206.36	192.168.2.4
Sep 29, 2024 04:32:49.912609100 CEST	443	53860	216.58.206.36	192.168.2.4
Sep 29, 2024 04:32:49.913065910 CEST	53860	443	192.168.2.4	216.58.206.36
Sep 29, 2024 04:32:50.921672106 CEST	53860	443	192.168.2.4	216.58.206.36
Sep 29, 2024 04:32:50.921720028 CEST	443	53860	216.58.206.36	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 04:31:34.546617985 CEST	53	53466	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:34.701508999 CEST	53	53768	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:35.847601891 CEST	53	54382	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:36.137546062 CEST	60043	53	192.168.2.4	1.1.1.1
Sep 29, 2024 04:31:36.137674093 CEST	60546	53	192.168.2.4	1.1.1.1
Sep 29, 2024 04:31:36.564260006 CEST	53	60043	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:36.676404953 CEST	53	60546	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:37.637603045 CEST	53	60326	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:37.805427074 CEST	56819	53	192.168.2.4	1.1.1.1
Sep 29, 2024 04:31:37.805757999 CEST	57202	53	192.168.2.4	1.1.1.1
Sep 29, 2024 04:31:38.231261015 CEST	53	57202	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:38.243540049 CEST	53	56819	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:39.109597921 CEST	49245	53	192.168.2.4	1.1.1.1
Sep 29, 2024 04:31:39.112133026 CEST	49919	53	192.168.2.4	1.1.1.1
Sep 29, 2024 04:31:39.116760015 CEST	53	49245	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:39.119366884 CEST	53	49919	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:52.964018106 CEST	53	53656	1.1.1.1	192.168.2.4
Sep 29, 2024 04:31:55.054013014 CEST	138	138	192.168.2.4	192.168.2.255
Sep 29, 2024 04:32:05.227394104 CEST	53	61058	162.159.36.2	192.168.2.4
Sep 29, 2024 04:32:05.724579096 CEST	58800	53	192.168.2.4	1.1.1.1
Sep 29, 2024 04:32:05.731606007 CEST	53	58800	1.1.1.1	192.168.2.4
Sep 29, 2024 04:32:39.337006092 CEST	52194	53	192.168.2.4	1.1.1.1
Sep 29, 2024 04:32:39.343583107 CEST	53	52194	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 29, 2024 04:31:36.676507950 CEST	192.168.2.4	1.1.1.1	c233	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 04:31:36.137546062 CEST	192.168.2.4	1.1.1.1	0xbf33	Standard query (0)	www.aichappraisers.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:31:36.137674093 CEST	192.168.2.4	1.1.1.1	0xf47f	Standard query (0)	www.aichappraisers.com	65	IN (0x0001)	false
Sep 29, 2024 04:31:37.805427074 CEST	192.168.2.4	1.1.1.1	0xac5e	Standard query (0)	www.aichappraisers.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:31:37.805757999 CEST	192.168.2.4	1.1.1.1	0x10d9	Standard query (0)	www.aichappraisers.com	65	IN (0x0001)	false
Sep 29, 2024 04:31:39.109597921 CEST	192.168.2.4	1.1.1.1	0x6d18	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:31:39.112133026 CEST	192.168.2.4	1.1.1.1	0x5671	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 04:32:05.724579096 CEST	192.168.2.4	1.1.1.1	0x4f3c	Standard query (0)	206.23.85.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Sep 29, 2024 04:32:39.337006092 CEST	192.168.2.4	1.1.1.1	0x859d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 04:31:36.564260006 CEST	1.1.1.1	192.168.2.4	0xbf33	No error (0)	www.aichappraisers.com	aichappraisers.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 04:31:36.564260006 CEST	1.1.1.1	192.168.2.4	0xbf33	No error (0)	aichappraisers.com		192.185.157.252	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:31:36.676404953 CEST	1.1.1.1	192.168.2.4	0xf47f	No error (0)	www.aichappraisers.com	aichappraisers.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 04:31:38.231261015 CEST	1.1.1.1	192.168.2.4	0x10d9	No error (0)	www.aichappraisers.com	aichappraisers.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 04:31:38.243540049 CEST	1.1.1.1	192.168.2.4	0xac5e	No error (0)	www.aichappraisers.com	aichappraisers.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 04:31:38.243540049 CEST	1.1.1.1	192.168.2.4	0xac5e	No error (0)	aichappraisers.com		192.185.157.252	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:31:39.116760015 CEST	1.1.1.1	192.168.2.4	0x6d18	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:31:39.119366884 CEST	1.1.1.1	192.168.2.4	0x5671	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 04:31:50.083789110 CEST	1.1.1.1	192.168.2.4	0xdcc3	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:31:50.083789110 CEST	1.1.1.1	192.168.2.4	0xdcc3	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:31:50.591532946 CEST	1.1.1.1	192.168.2.4	0x4624	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 04:31:50.591532946 CEST	1.1.1.1	192.168.2.4	0x4624	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:32:04.228832006 CEST	1.1.1.1	192.168.2.4	0xa9a7	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 04:32:04.228832006 CEST	1.1.1.1	192.168.2.4	0xa9a7	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 04:32:05.731606007 CEST	1.1.1.1	192.168.2.4	0x4f3c	Name error (3)	206.23.85.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Sep 29, 2024 04:32:39.343583107 CEST	1.1.1.1	192.168.2.4	0x859d	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

www.aichappraisers.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	192.185.157.252	80	3652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 29, 2024 04:31:36.629529953 CEST	467	OUT	GET /wp-admin/pilgrim/upload/en.php HTTP/1.1 Host: www.aichappraisers.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 29, 2024 04:31:37.169018030 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 02:31:37 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2575 Keep-Alive: timeout=5, max=75 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 5d 73 da 48 16 7d 0e bf 82 b0 a5 b2 3d 13 59 42 42 08 36 98 2a c0 22 b3 55 99 da 87 4c fc de a8 5b d0 b6 d4 d2 b6 ba 6d e3 5f bf b7 3f 00 c9 06 e2 6c f6 61 b7 8d 25 f5 b9 df e7 9e ce 64 23 8a 7c da 99 6c 08 c2 f0 aa 53 4e 2b d1 15 db 8a dc f4 04 79 16 de 3d 7a 44 06 ed 81 fd a3 eb 76 70 99 ca 82 30 71 fd c4 a9 20 97 92 91 3a 45 15 b9 bc 70 c2 85 a0 22 27 4e 98 38 32 8e c2 c8 91 d1 3c f2 1d 39 f6 67 80 0c 92 e5 d0 91 a3 f9 5c 59 97 c3 c4 89 17 4e a0 ac b3 d1 42 e1 8b 3e 24 f0 f6 19 fc 99 fa 85 8b 9c b2 07 f0 e3 24 77 c2 5b 27 08 68 5a 32 78 01 b4 e1 24 33 58 46 73 52 7b 14 5f 57 6c 6d 6c 35 7d 21 b5 31 f6 c3 e7 7e 68 50 35 97 cd 52 a0 35 f1 ac fb be 9a 2e e8 29 2e 2c 16 2e 56 25 de 42 64 81 f8 9a b2 0d a1 eb 8d 30 19 7c 93 d2 18 9e 28 16 9b 16 2e ca ca 98 5a e8 aa 14 a2 2c 8e 18 b8 4a 7c 04 cf 49 76 14 56 a4 68 c0 09 c2 70 19 8d 67 03 63 40 27 2d 8f 27 2c 0d aa 05 5a 01 f7 81 df 98 a6 ef 43 c5 c8 f2 dd 98 de 20 29 c9 f3 ba 42 29 05 1e 0f ed 35 33 72 75 83 37 7e 15 [TRUNCATED] Data Ascii: R]sH}=YBB6"UL[m_?la%d#\|lSN+y=zDvp0q :Ep"'N82<9g\YNB>$$w['hZ2x$3XFsR{_Wlml5}!1~hP5R5.).,.V%Bd0\|(.Z,J\|IvVhpgc@'-',ZC )B)53ru7~Ye^}_>xmIA]bMbk%6UT t7VZhVh)Fd3Z~)/1,{~CwFQAtG8FK[N33tM_ly+2}Z\8#GFw%$#G9\|a5=/>w<uWVbD7LZ7=vApzZlsrY%GdD{&akWU2?ub=f8S?L4'L'fV="BG2aSA.%#urys<D n-bdSchNj`6DmJj'nwXh}-><2(\E0RPPy]ZpK{AR($PJLWR4#\|ohZ0;!svkif-%MUAK72J#A;r<-9/Vv~]"176?h9$p4g
Sep 29, 2024 04:31:37.169038057 CEST	1236	IN	Data Raw: 46 80 cf 41 db 72 ec cf 12 47 0e 12 ed d9 8f 43 f0 8c c3 99 03 3f 90 72 63 f2 57 5b 6d 2e b6 49 f7 ff 07 6d 83 63 52 cf 32 1f 4e 83 d0 43 ff 2b 23 11 4c 1f 21 8a 62 13 b2 29 6a e3 ec f7 81 2e 50 2b 3c 7c c5 8a 72 33 8a 5c bd 4d 55 a7 9c 56 8a 0c Data Ascii: FArGC?rcW[m.ImcR2NC+#L!b)j.P+<\|r3\MUVl7<=ml`d%KmGq-Ua,k"Xgx1_~u%)@P=M%]2Bh#NDQJGh;J?)"FV
Sep 29, 2024 04:31:37.169049978 CEST	365	IN	Data Raw: 2e 43 05 b9 e9 91 02 d1 bc d7 15 db 0a 2e 1b 8a 31 61 bd ee 23 ca 25 5c 7b ca d9 cb 4a 5e e8 0f 08 86 07 b7 f9 3a 9d 89 c9 6f 63 05 79 16 de 3d 7a 44 06 85 d8 c9 47 d7 ed e0 32 95 05 61 e2 fa 89 53 41 2e 25 23 75 8a 2a 72 79 01 2d eb 8e d5 5b a9 Data Ascii: .C.1a#%\{J^:ocy=zDG2aSA.%#ury-[wCz#f\|_M2/A>@PF52O)2li53XN2`oNTnyv@jrzjm.&i%<c%#JJmWR2ap_Xn=-p2`&
Sep 29, 2024 04:31:37.418520927 CEST	445	OUT	GET /wp-admin/pilgrim/upload/files/mail.png HTTP/1.1 Host: www.aichappraisers.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 29, 2024 04:31:37.544637918 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 02:31:37 GMT Server: Apache Last-Modified: Sat, 21 Jan 2017 21:54:38 GMT Accept-Ranges: bytes Content-Length: 34328 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 38 00 00 00 d6 08 06 00 00 00 45 46 9e 2c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b 08 80 14 00 40 7a 8e 42 a6 00 40 46 01 80 9d 98 26 53 00 a0 04 00 60 cb 63 62 e3 00 50 2d 00 60 27 7f e6 d3 00 80 9d f8 99 7b 01 00 5b 94 21 15 01 a0 91 00 20 13 65 88 44 00 68 3b 00 ac cf 56 8a 45 00 58 30 00 14 66 4b c4 39 00 d8 2d 00 30 49 57 66 [TRUNCATED] Data Ascii: PNGIHDR8EF,pHYsOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbXQqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?DA,`6B$BBdr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#
Sep 29, 2024 04:31:37.544656992 CEST	1236	IN	Data Raw: 64 6b b2 07 39 94 2c 20 2b c8 85 e4 9d e4 c3 e4 33 e4 1b e4 21 f2 5b 0a 9d 62 40 71 a4 f8 53 e2 28 52 ca 6a 4a 19 e5 10 e5 34 e5 06 65 98 32 41 55 a3 9a 52 dd a8 a1 54 11 35 8f 5a 42 ad a1 b6 52 af 51 87 a8 13 34 75 9a 39 cd 83 16 49 4b a5 ad a2 Data Ascii: dk9, +3![b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX*\|J&/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,
Sep 29, 2024 04:31:37.544675112 CEST	1236	IN	Data Raw: 0d df 56 b4 ed f5 f6 45 db 2f 97 cd 28 db bb 83 b6 43 b9 a3 bf 3c b8 bc 65 a7 c9 ce cd 3b 3f 54 a4 54 f4 54 fa 54 36 ee d2 dd b5 61 d7 f8 6e d1 ee 1b 7b bc f6 34 ec d5 db 5b bc f7 fd 3e c9 be db 55 01 55 4d d5 66 d5 65 fb 49 fb b3 f7 3f ae 89 aa Data Ascii: VE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\
Sep 29, 2024 04:31:37.544688940 CEST	1236	IN	Data Raw: 9e 6b fe ec 0c 41 1a 4d 40 cf bf a7 0b 6e 58 52 13 fb ec fa 2c 80 df 01 f0 1b 87 12 f5 ea 5d 7f 2e e1 67 b6 f7 7d b9 d1 76 d2 d9 46 8c 9b 81 4c 3f 92 33 95 f0 10 c9 b8 e8 6a 86 12 17 e4 1c bc a6 45 4b f8 c2 59 7e 76 3e 29 a1 29 30 6c 16 b8 7f 16 Data Ascii: kAM@nXR,].g}vFL?3jEKY~v>))0l?e,/'xhyzq$%(F-Ai?hGrt(y>`>g^{gcngm3,/yU7>S_5]%h3$<!el(/1d
Sep 29, 2024 04:31:37.544701099 CEST	896	IN	Data Raw: c2 d7 50 83 96 77 93 69 dd c4 8c d5 a1 50 4f 9c fe 02 e4 8c 31 66 f5 b1 f3 4f 20 65 68 31 00 47 08 21 1e b0 b9 71 e3 87 37 73 67 9b 01 f6 d8 49 4b d1 5c 2e 7b a0 95 70 9e a4 fb 02 f8 f0 31 f6 ff df 99 f6 fe 65 53 2c d8 af 00 47 f2 71 92 be 41 c2 Data Ascii: PwiPO1fO eh1G!q7sgIK\.{p1eS,GqA!UJ0q~I@T)j7g5.wRi3$}?5?s*(e!@6X8v7Ztz0:"ww03%'uf$Tu)_5-
Sep 29, 2024 04:31:37.544712067 CEST	1236	IN	Data Raw: 72 93 79 9b d1 e8 08 25 f3 b2 ac 2d 66 00 a9 3c 6c a3 93 4a c0 5b c6 c9 96 2e 9d 67 5e 69 f6 53 7d f3 25 77 f4 62 13 a8 72 15 bb e7 12 7f 3e f6 33 3a 61 84 05 db 43 c9 ea b7 0d 80 14 2c 1b 3c af 2b df eb f3 e9 ef 71 0a 33 44 5f 5e a3 3e a3 d4 8c Data Ascii: ry%-f<lJ[.g^iS}%wbr>3:aC,<+q3D_^>(]{q%1vsD@hNY{hE?GY>q 5\|he=+sZZg9R\|s ytJ4ga5@n@v]&s{GVo\/Xlvz`:Y3
Sep 29, 2024 04:31:37.544725895 CEST	1236	IN	Data Raw: 30 5d 93 80 a5 7c 55 04 52 6f 32 e1 04 4f 05 70 9d a3 b7 39 f0 26 49 77 23 f1 fb d9 7f 00 26 d3 9d 07 e5 fb e0 97 b3 ab 36 4b 03 fb 52 dd 9a 07 e3 f2 6b a0 ce 1b b3 48 98 62 47 c2 e7 90 25 ca 89 c2 d5 aa 54 10 eb fa 05 86 fd f2 7b 59 03 48 19 c2 Data Ascii: 0]\|URo2Op9&Iw#&6KRkHbG%T{YHw^jh=/:jV9:L$lgs1{SEY$k9uYf\|T8N$ yB7oPpOypHU742kKx>W1H_NKEO%X/G\92jH
Sep 29, 2024 04:31:37.544743061 CEST	1236	IN	Data Raw: 83 ba 21 80 97 90 7c 21 80 eb c6 89 93 52 1a a3 97 ce e2 4a a3 a7 fa 5c ec 51 06 97 e7 13 b5 b2 71 9b 1b 14 40 71 ef 6e 4d cf f2 21 d3 83 bd cd 31 de e2 ef 02 f8 7e 40 6f 29 a7 5c a3 e7 bf ec 9a a6 14 85 ab 0b 2f 1b 1e ea bd 35 13 de 37 a0 31 a8 Data Ascii: !\|!RJ\Qq@qnM!1~@o)\/571`Z"Vv:P96YapH}Fz.b@$eC#m2\!-{]S<}phj"!I,KT=$]X~1!/y4?a
Sep 29, 2024 04:31:37.544754982 CEST	1236	IN	Data Raw: 4a 70 5d 5a ca 26 37 12 69 17 cd 5e 20 de a4 cd 41 fb 5f 8e b1 8e 6f 0f e0 67 25 dd 25 61 95 60 e1 e5 75 be b9 de 1c 8c 87 80 37 a1 3c 05 20 4e 6e 70 3b e9 01 2e 9a 7f 70 92 ae 6e 37 19 77 68 d8 97 d3 17 80 d8 94 1d e9 79 dc 16 1b 01 cd 07 ec 6a Data Ascii: Jp]Z&7i^ A_og%%a`u7< Nnp;.pn7whyj` uGgcRsGG+Qu Kgu))clE~0% X)7+g]@wN75W&$y!Z@qIvVU]Zt<\|=8M3#f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	192.185.157.252	80	3652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 29, 2024 04:31:37.629911900 CEST	443	OUT	GET /wp-admin/pilgrim/upload/files/id.png HTTP/1.1 Host: www.aichappraisers.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 29, 2024 04:31:37.762748003 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 02:31:37 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Sat, 21 Jan 2017 21:54:38 GMT Accept-Ranges: bytes Content-Length: 4545 Keep-Alive: timeout=5, max=75 Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 11 4e 49 44 41 54 78 da ec 9d ed 71 db 48 12 86 c7 a8 fb 4f 66 40 6e 04 e2 46 20 5c 04 a6 23 10 1c 81 78 11 98 8a 60 e9 08 44 25 70 a6 22 58 30 82 25 23 58 30 82 23 23 d0 a1 e5 c6 0a 92 29 11 98 e9 19 cc c7 db 55 28 cb 2e 8b 04 66 fa 99 b7 bb e7 03 9f 9e 9e 9e 14 cc 8e 7d fa 71 cc f9 c7 59 7d 8d eb 6b ca 97 e2 3f 27 1a 1f 7b aa af 1d ff 7c 6c fd 5c d2 df 9f be 8c 77 68 79 c1 3e 04 20 c6 10 cc d8 d9 67 2d 00 e8 e7 d1 80 b7 75 60 70 fe b9 6a 70 2a f4 16 00 71 a1 08 b3 16 0c d7 01 dd fe 89 55 e6 f9 82 d2 00 10 53 18 28 24 6a 80 c8 03 83 a1 0f 30 1b 06 06 0a 03 40 3a 85 4b 73 be ae 12 7b fc 7d 7d ad 09 18 c0 02 40 da 50 cc 5b 50 8c e0 12 80 25 79 40 38 97 28 00 45 27 db 12 2c 35 28 6b 00 12 37 14 53 86 82 ae 09 fc 5e 2b 67 21 48 [TRUNCATED] Data Ascii: PNGIHDRXpHYs.#.#x?vtEXtSoftwareAdobe ImageReadyqe<NIDATxqHOf@nF \#x`D%p"X0%#X0##)U(.f}qY}k?'{\|l\why> g-u`pjpqUS($j0@:Ks{}}@P[P%y@8(E',5(k7S^+g!HV)J>.f%[c@ rre\|p,8TCT;u nj4$3bX7<Sfq#hMMp\#Ea.nyC qxdAf0j5 \ZgQoh^6:\~W,&R^8V-\ A,SXl'0P-x[@P@r+Pj^$kKpl/Rg9GYXp;o;}7U?)6C=%5jsc$FH"^#oc9 9T5Xg"JH">T~U=r8RBHbaplwY`P7pP_+J$kIJp0!s=[Z%+hB.^cS@p.oQ\%$/3DQ@8)DasqIOlI
Sep 29, 2024 04:31:37.762773037 CEST	224	IN	Data Raw: 27 e9 6b 25 b3 68 0d 8b 0d d3 48 de c9 5f be 0a 7e 24 15 84 44 73 91 4c 70 34 a0 99 53 89 a5 cf 5f 53 3d 38 01 90 88 d8 0d 2b 93 3f 21 96 60 de 91 4c 42 ce e1 68 fb dd ea ef d9 f3 a9 8d b1 2b aa f0 89 99 62 f9 88 14 20 3b 65 3e df 11 f5 52 75 1e Data Ascii: 'k%hH_~$DsLp4S_S=8+?!`LBh+b ;e>RuD3x6Q=M1N2\s%Ul[E"RFu2PnN?1(HNzy&) cc$KmY0o$hb)Q(7Sw 4p
Sep 29, 2024 04:31:37.762780905 CEST	1236	IN	Data Raw: 7f f2 12 9f a0 8d 47 7c a9 90 fb 8a 2b ac ee 14 84 4f b4 d8 19 12 6e 6d fd cc 00 aa 61 6b 9b a9 49 7e 12 fc 96 00 c1 f5 7c da 55 2d 5d 05 31 3d 37 f7 31 12 38 0a 56 0d df 5e 01 47 2a 56 71 a8 12 b2 92 2c 18 76 53 1b 29 cd 09 c4 4c c3 29 68 c4 34 Data Ascii: G\|+OnmakI~\|U-]1=718V^GVq,vS)L)h4<p{\|e\|no@}#H8,:tevz,\@!AYPfZ-clVa3Q"ZNkrr`'<EmPReVs^
Sep 29, 2024 04:31:37.762787104 CEST	1236	IN	Data Raw: d2 3c 16 a5 8e 9d 67 68 77 58 e4 80 ec 4c 92 74 e4 21 97 07 90 f1 99 e4 bb dd 69 74 55 ea fc 19 63 ed 7f af 50 ce 1d c6 08 10 dd d9 d7 5c a5 75 3e ef 47 20 e4 ec ec 33 be 46 3d 3e e2 ba e3 f7 d0 1f 27 ee af 06 9e 1d c3 83 19 f4 cb be aa ad 20 ba Data Ascii: <ghwXLt!itUcP\u>G 3F=>' %q@FS1Pg20tP;(,!('k8=X7F7Sg6^3)CQ8Vg`)d&u;}jt1b"z+n+k%vej.yFE[N3~
Sep 29, 2024 04:31:37.762799025 CEST	881	IN	Data Raw: 63 13 84 83 ec cb 7b 87 c0 0d 0e 08 3f ec 52 c9 bc 03 f0 c4 90 a0 fa 14 b1 09 c3 71 27 15 5a 59 03 84 1f 9a 1e f8 1a 90 c0 1c c2 f1 58 fb 89 f8 74 41 66 e9 d9 e7 42 09 71 93 93 e0 dd 1e 80 e3 52 48 5e d8 b8 4f 2b 80 70 ee 20 91 b4 37 90 fc 08 e4 Data Ascii: c{?Rq'ZYXtAfBqRH^O+p 7npxNmVBVC~$(q!uVelB}/$si_J@,5L#X>NA[oB Hk"C$K`!Z9) !td_`4uEHhjSVkv^qeH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	192.185.157.252	80	3652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 29, 2024 04:31:38.453809023 CEST	313	OUT	GET /wp-admin/pilgrim/upload/files/mail.png HTTP/1.1 Host: www.aichappraisers.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 29, 2024 04:31:38.968024015 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 02:31:38 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Sat, 21 Jan 2017 21:54:38 GMT Accept-Ranges: bytes Content-Length: 34328 Keep-Alive: timeout=5, max=75 Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 38 00 00 00 d6 08 06 00 00 00 45 46 9e 2c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b 08 80 14 00 40 7a 8e 42 a6 00 40 46 01 80 9d 98 26 53 00 a0 04 00 60 cb 63 62 e3 00 50 2d 00 60 27 7f e6 d3 00 80 9d f8 99 7b 01 00 5b 94 21 15 01 a0 91 00 20 13 65 88 44 00 68 3b 00 ac cf 56 8a 45 00 58 30 00 14 66 4b c4 39 00 d8 2d 00 30 49 57 66 [TRUNCATED] Data Ascii: PNGIHDR8EF,pHYsOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbXQqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?DA,`6B$BBdr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'
Sep 29, 2024 04:31:38.968070030 CEST	1236	IN	Data Raw: b9 90 02 49 b1 a4 54 d2 12 d2 46 d2 6e 52 23 e9 2c a9 9b 34 48 1a 23 93 c9 da 64 6b b2 07 39 94 2c 20 2b c8 85 e4 9d e4 c3 e4 33 e4 1b e4 21 f2 5b 0a 9d 62 40 71 a4 f8 53 e2 28 52 ca 6a 4a 19 e5 10 e5 34 e5 06 65 98 32 41 55 a3 9a 52 dd a8 a1 54 Data Ascii: ITFnR#,4H#dk9, +3![b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX*\|J&/TUUT^S}FU3SUPSSg;goT?
Sep 29, 2024 04:31:38.968080997 CEST	1236	IN	Data Raw: ab c4 b9 64 cf 66 d2 66 e9 e6 de 2d 9e 5b 0e 96 aa 97 e6 97 0e 6e 0d d9 da b4 0d df 56 b4 ed f5 f6 45 db 2f 97 cd 28 db bb 83 b6 43 b9 a3 bf 3c b8 bc 65 a7 c9 ce cd 3b 3f 54 a4 54 f4 54 fa 54 36 ee d2 dd b5 61 d7 f8 6e d1 ee 1b 7b bc f6 34 ec d5 Data Ascii: dff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`
Sep 29, 2024 04:31:38.968183041 CEST	1236	IN	Data Raw: df e3 f7 3f 06 50 0f 10 cb df 61 ff 3d 5e f4 4d 10 41 8e d0 2a 6b 78 fb 3e 18 9e 6b fe ec 0c 41 1a 4d 40 cf bf a7 0b 6e 58 52 13 fb ec fa 2c 80 df 01 f0 1b 87 12 f5 ea 5d 7f 2e e1 67 b6 f7 7d b9 d1 76 d2 d9 46 8c 9b 81 4c 3f 92 33 95 f0 10 c9 b8 Data Ascii: ?Pa=^MA*kx>kAM@nXR,].g}vFL?3jEKY~v>))0l?e,/'xhyzq$%(F-Ai?hGrt(y>`>g^{gcngm3,/yU7>S_5]%
Sep 29, 2024 04:31:38.968195915 CEST	896	IN	Data Raw: 30 7f fd 5a ee a8 29 f3 90 ba b9 6d 17 aa 40 10 cb 6b 66 da 4e cc c4 d9 f0 c4 c2 d7 50 83 96 77 93 69 dd c4 8c d5 a1 50 4f 9c fe 02 e4 8c 31 66 f5 b1 f3 4f 20 65 68 31 00 47 08 21 1e b0 b9 71 e3 87 37 73 67 9b 01 f6 d8 49 4b d1 5c 2e 7b a0 95 70 Data Ascii: 0Z)m@kfNPwiPO1fO eh1G!q7sgIK\.{p1eS,GqA!UJ0q~I@T)j7g5.wRi3$}?5?s*(e!@6X8v7Ztz0:"ww03%'
Sep 29, 2024 04:31:38.968206882 CEST	1236	IN	Data Raw: 4b 76 65 1b ce 83 78 01 26 98 41 e8 18 50 63 70 43 33 c7 ba e0 8b 68 3b ab 0e 72 93 79 9b d1 e8 08 25 f3 b2 ac 2d 66 00 a9 3c 6c a3 93 4a c0 5b c6 c9 96 2e 9d 67 5e 69 f6 53 7d f3 25 77 f4 62 13 a8 72 15 bb e7 12 7f 3e f6 33 3a 61 84 05 db 43 c9 Data Ascii: Kvex&APcpC3h;ry%-f<lJ[.g^iS}%wbr>3:aC,<+q3D_^>(]{q%1vsD@hNY{hE?GY>q 5\|he=+sZZg9R\|s ytJ4ga5@n@v]&s{G
Sep 29, 2024 04:31:38.968218088 CEST	1236	IN	Data Raw: c0 f7 61 43 27 f9 9b e9 3d 32 34 91 12 8e 1c 1b 34 3c a9 6a 23 27 2f 83 0b 12 30 5d 93 80 a5 7c 55 04 52 6f 32 e1 04 4f 05 70 9d a3 b7 39 f0 26 49 77 23 f1 fb d9 7f 00 26 d3 9d 07 e5 fb e0 97 b3 ab 36 4b 03 fb 52 dd 9a 07 e3 f2 6b a0 ce 1b b3 48 Data Ascii: aC'=244<j#'/0]\|URo2Op9&Iw#&6KRkHbG%T{YHw^jh=/:jV9:L$lgs1{SEY$k9uYf\|T8N$ yB7oPpOypHU742kKx>W1H_NKEO
Sep 29, 2024 04:31:38.968233109 CEST	1236	IN	Data Raw: 4f c0 87 fa 2b 6d 04 8d e9 0d 06 ea bd 29 78 fc 27 92 f7 00 70 e9 1a 92 bf 23 83 ba 21 80 97 90 7c 21 80 eb c6 89 93 52 1a a3 97 ce e2 4a a3 a7 fa 5c ec 51 06 97 e7 13 b5 b2 71 9b 1b 14 40 71 ef 6e 4d cf f2 21 d3 83 bd cd 31 de e2 ef 02 f8 7e 40 Data Ascii: O+m)x'p#!\|!RJ\Qq@qnM!1~@o)\/571`Z"Vv:P96YapH}Fz.b@$eC#m2\!-{]S<}phj"!I,KT=$
Sep 29, 2024 04:31:38.968244076 CEST	1236	IN	Data Raw: c9 cb 31 e0 8f 80 fc 8c e9 d5 7b 94 d4 55 e2 54 86 ad bb 92 cd 35 34 a5 b5 fd 4a 70 5d 5a ca 26 37 12 69 17 cd 5e 20 de a4 cd 41 fb 5f 8e b1 8e 6f 0f e0 67 25 dd 25 61 95 60 e1 e5 75 be b9 de 1c 8c 87 80 37 a1 3c 05 20 4e 6e 70 3b e9 01 2e 9a 7f Data Ascii: 1{UT54Jp]Z&7i^ A_og%%a`u7< Nnp;.pn7whyj` uGgcRsGG+Qu Kgu)*)clE~0% X)7+g]@wN75W&$y!Z@qIvVU]Zt<
Sep 29, 2024 04:31:38.968255043 CEST	328	IN	Data Raw: c4 0d 83 a4 6f f7 7e 92 21 d3 25 cc 4a d0 4b c1 91 89 74 c1 70 d6 b3 a7 c4 f8 77 b3 9b 46 d0 31 1e 60 8b 0a 0a 8b 37 ab af be 0e 32 28 3a 77 11 52 2f 9e a2 5d b3 21 0e ef 57 ca 8d 0b 13 64 ca 0a 20 e9 7f 0a 7a 3a c9 73 a4 f1 64 c2 8e 0c e8 b4 a9 Data Ascii: o~!%JKtpwF1`72(:wR/]!Wd z:sd7^n77l.+XVV^jENuIlF"jV,=Pl@_`#tc\|w?H"j:ebP:rBs75L_[ZSRw.Q>cXD20*gyZ
Sep 29, 2024 04:31:38.972939968 CEST	1236	IN	Data Raw: 4e ee 2c ee 55 49 3d 37 db 02 86 d3 e6 7e 04 df 8c 15 d9 a5 13 48 b3 3f 20 e1 3e 00 de 9e a2 0a 58 55 48 84 79 18 dd b3 5a 04 2c 04 06 e4 47 30 3f ba 88 77 41 c6 25 e0 bd 03 59 a7 2d ba c1 7c f5 01 4c 55 48 c1 b1 29 97 26 4f 32 e0 40 72 ba 4f 14 Data Ascii: N,UI=7~H? >XUHyZ,G0?wA%Y-\|LUH)&O2@rOJOlJAZc59a7]j5&e,xu]3Nzj"=#9"7/GP,Dmp*LCG"SOxs2[}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	192.185.157.252	80	3652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 29, 2024 04:31:38.453877926 CEST	311	OUT	GET /wp-admin/pilgrim/upload/files/id.png HTTP/1.1 Host: www.aichappraisers.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 29, 2024 04:31:38.966059923 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 02:31:38 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Sat, 21 Jan 2017 21:54:38 GMT Accept-Ranges: bytes Content-Length: 4545 Keep-Alive: timeout=5, max=75 Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 11 4e 49 44 41 54 78 da ec 9d ed 71 db 48 12 86 c7 a8 fb 4f 66 40 6e 04 e2 46 20 5c 04 a6 23 10 1c 81 78 11 98 8a 60 e9 08 44 25 70 a6 22 58 30 82 25 23 58 30 82 23 23 d0 a1 e5 c6 0a 92 29 11 98 e9 19 cc c7 db 55 28 cb 2e 8b 04 66 fa 99 b7 bb e7 03 9f 9e 9e 9e 14 cc 8e 7d fa 71 cc f9 c7 59 7d 8d eb 6b ca 97 e2 3f 27 1a 1f 7b aa af 1d ff 7c 6c fd 5c d2 df 9f be 8c 77 68 79 c1 3e 04 20 c6 10 cc d8 d9 67 2d 00 e8 e7 d1 80 b7 75 60 70 fe b9 6a 70 2a f4 16 00 71 a1 08 b3 16 0c d7 01 dd fe 89 55 e6 f9 82 d2 00 10 53 18 28 24 6a 80 c8 03 83 a1 0f 30 1b 06 06 0a 03 40 3a 85 4b 73 be ae 12 7b fc 7d 7d ad 09 18 c0 02 40 da 50 cc 5b 50 8c e0 12 80 25 79 40 38 97 28 00 45 27 db 12 2c 35 28 6b 00 12 37 14 53 86 82 ae 09 fc 5e 2b 67 21 48 [TRUNCATED] Data Ascii: PNGIHDRXpHYs.#.#x?vtEXtSoftwareAdobe ImageReadyqe<NIDATxqHOf@nF \#x`D%p"X0%#X0##)U(.f}qY}k?'{\|l\why> g-u`pjpqUS($j0@:Ks{}}@P[P%y@8(E',5(k7S^+g!HV)J>.f%[c@ rre\|p,8TCT;u nj4$3bX7<Sfq#hMMp\#Ea.nyC qxdAf0j5 \ZgQoh^6:\~W,&R^8V-\ A,SXl'0P-x[@P@r+Pj^$kKpl/Rg9GYXp;o;}7U?)6C=%5jsc$FH"^#oc9 9T5Xg"JH">T~U=r8RBHbaplwY`P7pP_+J$kIJp0!s=[Z%+hB.^cS@p.oQ\%$/3DQ@8)DasqIOlI
Sep 29, 2024 04:31:38.966070890 CEST	224	IN	Data Raw: 27 e9 6b 25 b3 68 0d 8b 0d d3 48 de c9 5f be 0a 7e 24 15 84 44 73 91 4c 70 34 a0 99 53 89 a5 cf 5f 53 3d 38 01 90 88 d8 0d 2b 93 3f 21 96 60 de 91 4c 42 ce e1 68 fb dd ea ef d9 f3 a9 8d b1 2b aa f0 89 99 62 f9 88 14 20 3b 65 3e df 11 f5 52 75 1e Data Ascii: 'k%hH_~$DsLp4S_S=8+?!`LBh+b ;e>RuD3x6Q=M1N2\s%Ul[E"RFu2PnN?1(HNzy&) cc$KmY0o$hb)Q(7Sw 4p
Sep 29, 2024 04:31:38.966087103 CEST	1236	IN	Data Raw: 7f f2 12 9f a0 8d 47 7c a9 90 fb 8a 2b ac ee 14 84 4f b4 d8 19 12 6e 6d fd cc 00 aa 61 6b 9b a9 49 7e 12 fc 96 00 c1 f5 7c da 55 2d 5d 05 31 3d 37 f7 31 12 38 0a 56 0d df 5e 01 47 2a 56 71 a8 12 b2 92 2c 18 76 53 1b 29 cd 09 c4 4c c3 29 68 c4 34 Data Ascii: G\|+OnmakI~\|U-]1=718V^GVq,vS)L)h4<p{\|e\|no@}#H8,:tevz,\@!AYPfZ-clVa3Q"ZNkrr`'<EmPReVs^
Sep 29, 2024 04:31:38.966098070 CEST	1236	IN	Data Raw: d2 3c 16 a5 8e 9d 67 68 77 58 e4 80 ec 4c 92 74 e4 21 97 07 90 f1 99 e4 bb dd 69 74 55 ea fc 19 63 ed 7f af 50 ce 1d c6 08 10 dd d9 d7 5c a5 75 3e ef 47 20 e4 ec ec 33 be 46 3d 3e e2 ba e3 f7 d0 1f 27 ee af 06 9e 1d c3 83 19 f4 cb be aa ad 20 ba Data Ascii: <ghwXLt!itUcP\u>G 3F=>' %q@FS1Pg20tP;(,!('k8=X7F7Sg6^3)CQ8Vg`)d&u;}jt1b"z+n+k%vej.yFE[N3~
Sep 29, 2024 04:31:38.966108084 CEST	881	IN	Data Raw: 63 13 84 83 ec cb 7b 87 c0 0d 0e 08 3f ec 52 c9 bc 03 f0 c4 90 a0 fa 14 b1 09 c3 71 27 15 5a 59 03 84 1f 9a 1e f8 1a 90 c0 1c c2 f1 58 fb 89 f8 74 41 66 e9 d9 e7 42 09 71 93 93 e0 dd 1e 80 e3 52 48 5e d8 b8 4f 2b 80 70 ee 20 91 b4 37 90 fc 08 e4 Data Ascii: c{?Rq'ZYXtAfBqRH^O+p 7npxNmVBVC~$(q!uVelB}/$si_J@,5L#X>NA[oB Hk"C$K`!Z9) !td_`4uEHhjSVkv^qeH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	192.185.157.252	80	3652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 29, 2024 04:32:23.469829082 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49745	2.19.244.127	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 02:31:40 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 02:31:40 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=137631 Date: Sun, 29 Sep 2024 02:31:40 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49746	2.19.244.127	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 02:31:40 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 02:31:41 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=137682 Date: Sun, 29 Sep 2024 02:31:41 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 02:31:41 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	22:31:31
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	22:31:33
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1996,i,6011880305847496289,151698508360679670,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	22:31:35
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: aichappraisers.com	Virustotal: Detection: 8%			Perma Link
Source: www.aichappraisers.com	Virustotal: Detection: 10%			Perma Link

Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: Form action: post.php
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: Form action: post.php
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: Form action: post.php
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: Form action: post.php
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: Form action: post.php

Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="author".. found
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="author".. found
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="author".. found
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="author".. found
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="author".. found

Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="copyright".. found
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="copyright".. found
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="copyright".. found
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="copyright".. found
Source: http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php	HTTP Parser: No <meta name="copyright".. found

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3740, Parent PID: 5344

General

Chronological Activities

Analysis Process: chrome.exePID: 3652, Parent PID: 3740

General

Windows Analysis Report
http://www.aichappraisers.com/wp-admin/pilgrim/upload/en.php