Edit tour

Windows Analysis Report
https://thinklegal.net/

Overview

General Information

Sample URL:	https://thinklegal.net/
Analysis ID:	1522270
Tags:	urlscan
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=1992,i,17598560738078567772,1359864553804586954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://thinklegal.net/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.godaddy.com/forsale/thinklegal.net?utm_source=TDFS_BINNS2&utm_medium=parkedpages&utm_campaign=x_corp_tdfs-binns2_base&traffic_type=TDFS_BINNS2&traffic_id=binns2&

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49725 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49728 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49725 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: thinklegal.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lander HTTP/1.1Host: thinklegal.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://thinklegal.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2CGkTvhYYCsDEfr&MD=A5+srNLx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2CGkTvhYYCsDEfr&MD=A5+srNLx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: thinklegal.net
Source: global traffic	DNS traffic detected: DNS query: www.godaddy.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49728 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/10@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=1992,i,17598560738078567772,1359864553804586954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://thinklegal.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=1992,i,17598560738078567772,1359864553804586954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
thinklegal.net	13.248.169.48	true	false	unknown
www.google.com	216.58.206.36	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
www.godaddy.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.godaddy.com/forsale/thinklegal.net?utm_source=TDFS_BINNS2&utm_medium=parkedpages&utm_campaign=x_corp_tdfs-binns2_base&traffic_type=TDFS_BINNS2&traffic_id=binns2&	false	unknown
https://thinklegal.net/	false	unknown
https://thinklegal.net/lander	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.248.169.48	thinklegal.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522270
Start date and time:	2024-09-29 15:43:45 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://thinklegal.net/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@17/10@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.186.142, 74.125.133.84, 34.104.35.123, 23.201.246.20, 93.184.221.240, 192.229.221.95, 52.165.164.15, 20.3.187.198, 142.250.185.99
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, e6001.dscx.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, wildcard-ipv6.godaddy.com.edgekey.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://thinklegal.net/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://thinklegal.net/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.godaddy.com/forsale/thinklegal.net?utm_source=TDFS_BINNS2&utm_medium=parkedpages&utm_campaign=x_corp_tdfs-binns2_base&traffic_type=TDFS_BINNS2&traffic_id=binns2& Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:44:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9739116319035026
Encrypted:	false
SSDEEP:	48:8OdrTzTJHaidAKZdA19ehwiZUklqehjy+3:8GTuoy
MD5:	3B926A0C7E9E3B01A1B597854C65987B
SHA1:	2799001DC8DD2873143BB2BB430DA9A527BFAE05
SHA-256:	ABD6A1F2434445D7749BAA362ECEBB205AC9241949607D9019676C4F2B29BFC0
SHA-512:	B92E4BB9D2AEB52CE8808E3615879919D0F3E2803CBA1DE6252ECCD2078E73FD111DB304339FB42DC62F72ED4E77B52DBF480E41AF07C67046972B003398B5CD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....1.u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<J-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:44:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.990517178242049
Encrypted:	false
SSDEEP:	48:88drTzTJHaidAKZdA1weh/iZUkAQkqehYy+2:8kTs9Qpy
MD5:	0114630501C77433755D2D4511BAA43F
SHA1:	93174FAFBC6FE8353DDD9E4EF11EC0DBFB1FA323
SHA-256:	E3AAA642A596CDB8F2725C66263BD714BA48E6E7DF368B8ED8F1B5B85971E05D
SHA-512:	87CE653E92ADC4F9D9BAB33ED18373AD5686FCFEAA09EACB618F5BA3CE99717563FB046F381D3ED26E68ABFBEB2A712451F5A6EEF8438B366B09E1779B2C29BB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<J-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.004627682697309
Encrypted:	false
SSDEEP:	48:8x0drTzTsHaidAKZdA14tseh7sFiZUkmgqeh7s2y+BX:8x8Tvn0y
MD5:	FF53662B8CE981AAF9D43D644B36030F
SHA1:	882750E5B74A5E67E98BC8AE7B2CB926DA2BCDCA
SHA-256:	9325BC0A3C6746CAF0D7B6728B72015BAF20992218FF77F26FC9624D81E7E6AE
SHA-512:	4F93DD37AB283E50C7BD45BD0C843EC320DDEEC7CF33BD83CC04E613692A7EBFE626DD5E6352330C64E820E4721940755DA3BF964C93BDA02989CCC4D9DE7B04
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<J-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:44:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9927808138789485
Encrypted:	false
SSDEEP:	48:8KdrTzTJHaidAKZdA1vehDiZUkwqehMy+R:8iTXuy
MD5:	9E979D7F98CED941310A4F12B19836FF
SHA1:	2BC5F0D8BC225C4DEDA312EA81CB1D46A549D3F7
SHA-256:	41746DD7AD02B65771C77299E93D1911944B8685FD79F6517EDA8230CAAE2BDB
SHA-512:	0BCE7629EE45C7E81BDCDE90377E9F0C95215AFC175FE057EEE7FA674112C3E26A7B1E202940BD2D62839B2A4157A97223F6BA32DEE2F7CEDFD6E86A34C218C2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<J-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:44:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9792583618435553
Encrypted:	false
SSDEEP:	48:8gdrTzTJHaidAKZdA1hehBiZUk1W1qehCy+C:8YTn9iy
MD5:	3410A084DCE3F8CB1FE6D65A240DC910
SHA1:	ACA95ED7856585238F38555C5A9088BD3CDC1B02
SHA-256:	CDA65D84B54270976E6BE37004872A94CA68FA319C0070EA8F14D3030A2D6809
SHA-512:	9723F3B7F42851337B714ADE3C859014E80A0E3B9F09E82D5DC1E87A91C6909659EE4B5067897803C93E62ED01F3D935F4BBD706080C25D8436E7C265BD80029
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<J-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 12:44:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9860729650533955
Encrypted:	false
SSDEEP:	48:8pdrTzTJHaidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb0y+yT+:8nTvT/TbxWOvTb0y7T
MD5:	D7150EE8B7FAAD84C694DF03F9BA707A
SHA1:	99ED72E0AE94C97ED1C8F53908BD891D9B97AABC
SHA-256:	A9696A40F1FD8491EB8AC6DF6384DC72E9732D215B795EDDEF6724B1314AA159
SHA-512:	3C63C6DD13756ABEDF7481953028B12F58BF5371FAE698B0DE200DA61E9B26858A12BA3C1B2565837D307C550AAF0473E5F3C9F4F3D14E0415C677A6BFB1D4DA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Y...u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<J-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	384
Entropy (8bit):	5.310737279512071
Encrypted:	false
SSDEEP:	6:wBqWekiTakpxxdGztoIhS3EaXqnRCsDPLCmKUlvZgbcaS3jfU0cMglaQT:dkK9dg5qEaXSc2ZTjfQ
MD5:	9EF7F198441D3420606E75D9AC895BA7
SHA1:	E6233EDBFCDE03B2F30B52FBFF7489C17B9DDA50
SHA-256:	1053C909296AEB969CA6679F6770D7FBCB42E12B07389BCF4EDC112334003673
SHA-512:	45326C475029A365AB9C80AE223E9175EE3DDCA4B5D5791F0A653871EFB0FA51536A4429AB93CC42D55F84DEE1125ED4D3D5FB9F4C8332320776146B62D30DF2
Malicious:	false
Reputation:	low
URL:	https://www.godaddy.com/favicon.ico
Preview:	<HTML><HEAD>.<TITLE>Access Denied</TITLE>.</HEAD><BODY>.<H1>Access Denied</H1>. .You don't have permission to access "http://www.godaddy.com/favicon.ico" on this server.<P>.Reference #18.9cf01002.1727617485.17520b77.<P>https://errors.edgesuite.net/18.9cf01002.1727617485.17520b77</P>.</BODY>.</HTML>.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	114
Entropy (8bit):	4.802925647778009
Encrypted:	false
SSDEEP:	3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
MD5:	E89F75F918DBDCEE28604D4E09DD71D7
SHA1:	F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
SHA-256:	6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
SHA-512:	8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
Malicious:	false
Reputation:	low
URL:	https://thinklegal.net/
Preview:	<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 15:44:30.395742893 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:30.395744085 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:30.505111933 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:40.100548029 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:40.116238117 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:40.288203001 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:41.747287989 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 15:44:41.747425079 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:41.894238949 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:41.894269943 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:41.894474030 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:41.895576000 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:41.895582914 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:41.895721912 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:41.895827055 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:41.895838976 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:41.896044970 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:41.896056890 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.381803036 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.384716988 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.385181904 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.385190010 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.385510921 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.385519028 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.386626959 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.386645079 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.386734009 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.389904976 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.389945984 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.390038967 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.390269995 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.390408039 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.390417099 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.390593052 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.443444014 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.443444014 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.443449020 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.491199970 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.520275116 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.520414114 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.520512104 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.612410069 CEST	49710	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.612415075 CEST	443	49710	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.688299894 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.688337088 CEST	443	49713	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.688406944 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.688693047 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.688710928 CEST	443	49713	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.692203999 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:42.735399961 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.821486950 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.821563959 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:42.821608067 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:43.048139095 CEST	49709	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:43.048150063 CEST	443	49709	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:43.169548035 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:43.169569016 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:43.169617891 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:43.170001030 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:43.170012951 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:43.179102898 CEST	443	49713	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:43.185570955 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:43.185581923 CEST	443	49713	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:43.185945034 CEST	443	49713	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:43.198085070 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:43.198173046 CEST	443	49713	13.248.169.48	192.168.2.5
Sep 29, 2024 15:44:43.243002892 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:44:43.960202932 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:44.012109995 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:44.210050106 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:44.210069895 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:44.211061954 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:44.211076975 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:44.211116076 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:44.253822088 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:44.387651920 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:44.387743950 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:44.428985119 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:44.428992033 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:44.474524021 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:45.356744051 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:45.356774092 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:45.356924057 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:45.371710062 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:45.371728897 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:46.035948038 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:46.036024094 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:46.108896971 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:46.108917952 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:46.109136105 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:46.225085020 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:46.815985918 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:46.859448910 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.021317005 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.021375895 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.021508932 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.021578074 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.021598101 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.021609068 CEST	49717	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.021620035 CEST	443	49717	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.058032036 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.058058977 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.058245897 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.058777094 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.058789968 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.718226910 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.718317986 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.720002890 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.720011950 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.720215082 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:47.722114086 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:47.763431072 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:48.001827955 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:48.001894951 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:48.002012968 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:48.003093958 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 15:44:48.003108978 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 15:44:50.632889986 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:50.632922888 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:50.632997036 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:50.634310961 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:50.634322882 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:51.745862007 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:51.745966911 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:51.754913092 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:51.754929066 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:51.755223989 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:51.805774927 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:52.718357086 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:52.759434938 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.760508060 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:52.760742903 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:52.761275053 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:52.761298895 CEST	443	49725	23.1.237.91	192.168.2.5
Sep 29, 2024 15:44:52.761356115 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:52.761683941 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:52.761694908 CEST	443	49725	23.1.237.91	192.168.2.5
Sep 29, 2024 15:44:52.766468048 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 15:44:52.766493082 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 15:44:52.987381935 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.987416983 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.987426996 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.987438917 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.987472057 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.987489939 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:52.987504959 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.987523079 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.987533092 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:52.987549067 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:52.987555027 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.987584114 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:52.987600088 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:52.988481998 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.988535881 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:52.988579988 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:53.372011900 CEST	443	49725	23.1.237.91	192.168.2.5
Sep 29, 2024 15:44:53.372205019 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:44:53.710964918 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:53.710964918 CEST	49720	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:44:53.710994959 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:53.711004972 CEST	443	49720	4.175.87.197	192.168.2.5
Sep 29, 2024 15:44:53.735825062 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:53.735874891 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:44:53.736185074 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:54.482378006 CEST	49715	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:44:54.482400894 CEST	443	49715	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:12.526051044 CEST	443	49725	23.1.237.91	192.168.2.5
Sep 29, 2024 15:45:12.526249886 CEST	49725	443	192.168.2.5	23.1.237.91
Sep 29, 2024 15:45:28.210098982 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:45:28.210129023 CEST	443	49713	13.248.169.48	192.168.2.5
Sep 29, 2024 15:45:30.907903910 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:30.907973051 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:30.908281088 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:30.908610106 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:30.908622980 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:31.814934015 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:31.814999104 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:31.826256037 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:31.826273918 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:31.826663971 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:31.855773926 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:31.903414965 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.158504009 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.158523083 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.158535004 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.158605099 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:32.158637047 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.158699036 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:32.158919096 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.158962011 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.158972025 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:32.158982038 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.159013033 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:32.159765005 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:32.159812927 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:32.171516895 CEST	49728	443	192.168.2.5	4.175.87.197
Sep 29, 2024 15:45:32.171545982 CEST	443	49728	4.175.87.197	192.168.2.5
Sep 29, 2024 15:45:43.211158991 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:45:43.211306095 CEST	443	49713	13.248.169.48	192.168.2.5
Sep 29, 2024 15:45:43.211462021 CEST	49713	443	192.168.2.5	13.248.169.48
Sep 29, 2024 15:45:43.211462021 CEST	49730	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:45:43.211515903 CEST	443	49730	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:43.211931944 CEST	49730	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:45:43.211931944 CEST	49730	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:45:43.211971045 CEST	443	49730	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:43.849751949 CEST	443	49730	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:43.888672113 CEST	49730	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:45:43.888704062 CEST	443	49730	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:43.889015913 CEST	443	49730	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:43.889873028 CEST	49730	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:45:43.889929056 CEST	443	49730	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:43.944142103 CEST	49730	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:45:53.755564928 CEST	443	49730	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:53.755635977 CEST	443	49730	216.58.206.36	192.168.2.5
Sep 29, 2024 15:45:53.755701065 CEST	49730	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:45:54.024583101 CEST	49730	443	192.168.2.5	216.58.206.36
Sep 29, 2024 15:45:54.024615049 CEST	443	49730	216.58.206.36	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 15:44:39.624684095 CEST	53	54300	1.1.1.1	192.168.2.5
Sep 29, 2024 15:44:39.627104998 CEST	53	58554	1.1.1.1	192.168.2.5
Sep 29, 2024 15:44:40.720220089 CEST	53	51048	1.1.1.1	192.168.2.5
Sep 29, 2024 15:44:41.581489086 CEST	49360	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:44:41.581650019 CEST	55151	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:44:41.600219965 CEST	53	49360	1.1.1.1	192.168.2.5
Sep 29, 2024 15:44:41.622319937 CEST	53	55151	1.1.1.1	192.168.2.5
Sep 29, 2024 15:44:43.064898968 CEST	63560	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:44:43.065563917 CEST	60003	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:44:43.159622908 CEST	59767	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:44:43.160145044 CEST	50218	53	192.168.2.5	1.1.1.1
Sep 29, 2024 15:44:43.167428017 CEST	53	50218	1.1.1.1	192.168.2.5
Sep 29, 2024 15:44:43.167671919 CEST	53	59767	1.1.1.1	192.168.2.5
Sep 29, 2024 15:44:58.750008106 CEST	53	60813	1.1.1.1	192.168.2.5
Sep 29, 2024 15:45:18.182085991 CEST	53	53677	1.1.1.1	192.168.2.5
Sep 29, 2024 15:45:39.017134905 CEST	53	56829	1.1.1.1	192.168.2.5
Sep 29, 2024 15:45:41.489891052 CEST	53	62377	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 15:44:41.581489086 CEST	192.168.2.5	1.1.1.1	0x8c62	Standard query (0)	thinklegal.net	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:44:41.581650019 CEST	192.168.2.5	1.1.1.1	0x76e	Standard query (0)	thinklegal.net	65	IN (0x0001)	false
Sep 29, 2024 15:44:43.064898968 CEST	192.168.2.5	1.1.1.1	0x9818	Standard query (0)	www.godaddy.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:44:43.065563917 CEST	192.168.2.5	1.1.1.1	0x84f5	Standard query (0)	www.godaddy.com	65	IN (0x0001)	false
Sep 29, 2024 15:44:43.159622908 CEST	192.168.2.5	1.1.1.1	0x1834	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:44:43.160145044 CEST	192.168.2.5	1.1.1.1	0xe01f	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 15:44:41.600219965 CEST	1.1.1.1	192.168.2.5	0x8c62	No error (0)	thinklegal.net		13.248.169.48	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:44:41.600219965 CEST	1.1.1.1	192.168.2.5	0x8c62	No error (0)	thinklegal.net		76.223.54.146	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:44:43.073271990 CEST	1.1.1.1	192.168.2.5	0x9818	No error (0)	www.godaddy.com	wildcard-ipv6.godaddy.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:44:43.073678017 CEST	1.1.1.1	192.168.2.5	0x84f5	No error (0)	www.godaddy.com	wildcard-ipv6.godaddy.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:44:43.167428017 CEST	1.1.1.1	192.168.2.5	0xe01f	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 15:44:43.167671919 CEST	1.1.1.1	192.168.2.5	0x1834	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:44:51.998284101 CEST	1.1.1.1	192.168.2.5	0xdaf4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:44:51.998284101 CEST	1.1.1.1	192.168.2.5	0xdaf4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:45:06.424123049 CEST	1.1.1.1	192.168.2.5	0xc3d7	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:45:06.424123049 CEST	1.1.1.1	192.168.2.5	0xc3d7	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:45:33.288959980 CEST	1.1.1.1	192.168.2.5	0xa75c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:45:33.288959980 CEST	1.1.1.1	192.168.2.5	0xa75c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 15:45:52.520065069 CEST	1.1.1.1	192.168.2.5	0x8c1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 15:45:52.520065069 CEST	1.1.1.1	192.168.2.5	0x8c1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

thinklegal.net

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	13.248.169.48	443	1200	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:44:42 UTC	657	OUT	GET / HTTP/1.1 Host: thinklegal.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:44:42 UTC	121	IN	HTTP/1.1 200 OK Content-Type: text/html Date: Sun, 29 Sep 2024 13:44:42 GMT Content-Length: 114 Connection: close
2024-09-29 13:44:42 UTC	114	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49709	13.248.169.48	443	1200	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:44:42 UTC	684	OUT	GET /lander HTTP/1.1 Host: thinklegal.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://thinklegal.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 13:44:42 UTC	853	IN	HTTP/1.1 307 Temporary Redirect Content-Type: text/html; charset=utf-8 Location: https://www.godaddy.com/forsale/thinklegal.net?utm_source=TDFS_BINNS2&utm_medium=parkedpages&utm_campaign=x_corp_tdfs-binns2_base&traffic_type=TDFS_BINNS2&traffic_id=binns2& Set-Cookie: fb_sessiontraffic=S_TOUCH=&pathway=756f443e-23a7-45ad-92b5-1e2299c6477a&V_DATE=&pc=0; Path=/; Domain=afternic.com; Expires=Sun, 29 Sep 2024 14:04:42 GMT Set-Cookie: pathway=756f443e-23a7-45ad-92b5-1e2299c6477a; Path=/; Domain=afternic.com; Expires=Sun, 29 Sep 2024 14:04:42 GMT Set-Cookie: visitor=vid=756f443e-23a7-45ad-92b5-1e2299c6477a; Path=/; Domain=afternic.com; Expires=Sun, 28 Sep 2025 13:44:42 GMT Set-Cookie: market=en-US; Path=/; Domain=afternic.com; Expires=Mon, 29 Sep 2025 13:44:42 GMT Date: Sun, 29 Sep 2024 13:44:42 GMT Content-Length: 229 Connection: close
2024-09-29 13:44:42 UTC	229	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 64 61 64 64 79 2e 63 6f 6d 2f 66 6f 72 73 61 6c 65 2f 74 68 69 6e 6b 6c 65 67 61 6c 2e 6e 65 74 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 54 44 46 53 5f 42 49 4e 4e 53 32 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 65 64 70 61 67 65 73 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 78 5f 63 6f 72 70 5f 74 64 66 73 2d 62 69 6e 6e 73 32 5f 62 61 73 65 26 61 6d 70 3b 74 72 61 66 66 69 63 5f 74 79 70 65 3d 54 44 46 53 5f 42 49 4e 4e 53 32 26 61 6d 70 3b 74 72 61 66 66 69 63 5f 69 64 3d 62 69 6e 6e 73 32 26 61 6d 70 3b 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://www.godaddy.com/forsale/thinklegal.net?utm_source=TDFS_BINNS2&utm_medium=parkedpages&utm_campaign=x_corp_tdfs-binns2_base&traffic_type=TDFS_BINNS2&traffic_id=binns2&">Temporary Redirect</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49717	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:44:46 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 13:44:47 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=97216 Date: Sun, 29 Sep 2024 13:44:46 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49719	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:44:47 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 13:44:47 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=97245 Date: Sun, 29 Sep 2024 13:44:47 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 13:44:47 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49720	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:44:52 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2CGkTvhYYCsDEfr&MD=A5+srNLx HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-29 13:44:52 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4e460b36-6e07-4393-9cd6-db8c15e60e76 MS-RequestId: 6af2ca1c-2a79-4bf5-a960-90bb9e0a64d0 MS-CV: 3xX+b4XueUSmsA3J.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 29 Sep 2024 13:44:52 GMT Connection: close Content-Length: 24490
2024-09-29 13:44:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-29 13:44:52 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49728	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 13:45:31 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2CGkTvhYYCsDEfr&MD=A5+srNLx HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-29 13:45:32 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: b34bbad1-15e5-4dfd-a913-f6959868cba6 MS-RequestId: e827a88f-38d2-4083-ad38-708ae00f20cf MS-CV: QL2AprmMdEmhqIiR.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 29 Sep 2024 13:45:31 GMT Connection: close Content-Length: 30005
2024-09-29 13:45:32 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-29 13:45:32 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3944, Parent PID: 5472

General

Target ID:	0
Start time:	09:44:32
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1200, Parent PID: 3944

General

Target ID:	2
Start time:	09:44:37
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=1992,i,17598560738078567772,1359864553804586954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5256, Parent PID: 5472

General

Target ID:	3
Start time:	09:44:40
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://thinklegal.net/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://thinklegal.net/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3944, Parent PID: 5472

General

Chronological Activities

Analysis Process: chrome.exePID: 1200, Parent PID: 3944

General

Chronological Activities

Windows Analysis Report
https://thinklegal.net/