Edit tour

Windows Analysis Report
https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a

Overview

General Information

Sample URL:	https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a
Analysis ID:	1523571
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2248,i,14434729802013882964,1299651225016094446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: link.mail.beehiiv.com to https://vangoik.sa.com?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172

Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.viGU38YukUtIGED3xC-2FGZTjlySnqL0zq5B017u51TS-2FyNkXdGplDy7i1xn4nR5LPUcoBCa0qHsrmsmT1yOTU0jeRwc9GhbY7OUHqWbYhXdygr6EXnt2iFLPYqkfgW0WJocOHuK44FGxYaLPT6lGAx4qghzjKoqXI334f1j0K3H4-3D5lsW_35B58HqgUe69dJ9w-2Bob4XF7SwYrVcF-2Fs9RsE9PvYXRGpy29DfW2ury4D36nuSuKXl6ZhG0-2F-2BBwX2kjkYJraAAMqxFGinE6ArF47ZQHtOZDz78h8BbsJGjkCV1i6FzinlXxy7wbHuKN0qQNB6uHBYEBdIcSXpi8e1XlhNlwOJH-2FSO0tskKx7JPpu-2FvACyjT0SaudPxgUJ712DUBFwTe7cymPTJUDRfO72CAtVZoAYFVAw8yStDin8ARuyHs2XXrdwUDQk-2FhyH4zivZHD1C1Fjkvzfr5ceyjNa-2FSdWGnD59hN6jugRbrl2eP3S7wRlhRE9-2BQX6rkekG14PUX6xDarAs-2B9E09ifhyopqhA5UWLw5jQYgvCzwWBAAVu-2FrRM1bMVAciKfQcyZcYLpz8uQTuTLDyFMSGt-2FyCktpTvxXYb4ljR-2FrMXDQigyc4Q3Tt9QlAKU HTTP/1.1Host: link.mail.beehiiv.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1Host: vangoik.sa.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9UaDNaRlU9JnVpZD1VU0VSMjQwOTIwMjRVNDkwOTI0MzA=N0123N%5bEMAIL%5d HTTP/1.1Host: acbp.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: acbp.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://acbp.com.br/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9UaDNaRlU9JnVpZD1VU0VSMjQwOTIwMjRVNDkwOTI0MzA=N0123N%5bEMAIL%5dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WZLccTyp13ys3Ag&MD=LT5BZXKk HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WZLccTyp13ys3Ag&MD=LT5BZXKk HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: hwvtu.us17.list-manage.com
Source: global traffic	DNS traffic detected: DNS query: link.mail.beehiiv.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: vangoik.sa.com
Source: global traffic	DNS traffic detected: DNS query: acbp.com.br

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Oct 2024 17:41:20 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@17/4@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2248,i,14434729802013882964,1299651225016094446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2248,i,14434729802013882964,1299651225016094446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
link.mail.beehiiv.com	104.18.69.40	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
acbp.com.br	184.171.250.122	true	false	unknown
vangoik.sa.com	159.148.38.101	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
hwvtu.us17.list-manage.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://acbp.com.br/favicon.ico	false	unknown
https://vangoik.sa.com/?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post	false	unknown
https://acbp.com.br/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9UaDNaRlU9JnVpZD1VU0VSMjQwOTIwMjRVNDkwOTI0MzA=N0123N%5bEMAIL%5d	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
184.171.250.122	acbp.com.br	United States	33182	DIMENOCUS	false
159.148.38.101	vangoik.sa.com	Latvia	2588	LATNET-ASLV	false
104.18.69.40	link.mail.beehiiv.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523571
Start date and time:	2024-10-01 19:40:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/4@10/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.174, 142.250.185.195, 66.102.1.84, 104.102.57.226, 34.104.35.123, 93.184.221.240, 192.229.221.95, 52.165.164.15, 20.3.187.198, 142.250.186.163
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, e13829.x.akamaiedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, swc.list-manage.com.edgekey.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Reputation:	low
URL:	https://acbp.com.br/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9UaDNaRlU9JnVpZD1VU0VSMjQwOTIwMjRVNDkwOTI0MzA=N0123N%5bEMAIL%5d
Preview:	.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://acbp.com.br/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 19:41:11.952476978 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 1, 2024 19:41:16.944336891 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:16.944379091 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:16.944437981 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:16.945148945 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:16.945162058 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:16.983831882 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:16.983863115 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:16.983911991 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:16.984394073 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:16.984406948 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:17.428229094 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:17.428792953 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:17.428817987 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:17.429845095 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:17.429900885 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:17.432487011 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:17.432545900 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:17.432902098 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:17.432909012 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:17.486079931 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:17.647936106 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:17.648439884 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:17.648453951 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:17.650090933 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:17.650166035 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:17.652265072 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:17.652354002 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:17.660336018 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:17.660429955 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:17.660481930 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:17.677365065 CEST	49739	443	192.168.2.4	104.18.69.40
Oct 1, 2024 19:41:17.677388906 CEST	443	49739	104.18.69.40	192.168.2.4
Oct 1, 2024 19:41:17.707289934 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:17.707309961 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:17.750385046 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:17.757320881 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:17.757360935 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:17.757417917 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:17.758677959 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:17.758691072 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:17.960481882 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:17.960527897 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:17.960894108 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:17.963255882 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:17.963274002 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.465308905 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.467756033 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:18.467780113 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.468874931 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.468976021 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:18.479410887 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:18.479410887 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:18.479434967 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.479571104 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.533432007 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:18.533457994 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.581502914 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:18.602267027 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.602684975 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.609428883 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.609450102 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.609677076 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.656949043 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.710635900 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.755402088 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.777477026 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.777556896 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.777754068 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:18.778382063 CEST	49741	443	192.168.2.4	159.148.38.101
Oct 1, 2024 19:41:18.778412104 CEST	443	49741	159.148.38.101	192.168.2.4
Oct 1, 2024 19:41:18.895642042 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.895706892 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.895762920 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.901221037 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.901240110 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.901268959 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.901274920 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.954757929 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.954819918 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:18.954998016 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.958455086 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:18.958477020 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:19.045408964 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:19.045468092 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:19.045536041 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:19.045775890 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:19.045792103 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:19.776959896 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:19.777038097 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:19.779952049 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:19.790380955 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:19.790411949 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:19.791570902 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:19.791651011 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:19.792865992 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:19.792887926 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:19.793133020 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:19.796375990 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:19.798016071 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:19.798094988 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:19.798271894 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:19.798281908 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:19.839396954 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:19.844398975 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:19.980411053 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.033162117 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.033202887 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.053436995 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:20.053508043 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:20.053565025 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:20.077045918 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:20.077069998 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:20.077089071 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 1, 2024 19:41:20.077096939 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 1, 2024 19:41:20.083149910 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.159291029 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.159603119 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.159667969 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.165272951 CEST	49744	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.165296078 CEST	443	49744	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.283359051 CEST	49745	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.283425093 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.283499002 CEST	49745	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.284905910 CEST	49745	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.284917116 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.894970894 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.895839930 CEST	49745	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.895863056 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.896225929 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.896882057 CEST	49745	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.896941900 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:20.897300959 CEST	49745	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:20.943399906 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:21.063918114 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:21.064088106 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:21.064277887 CEST	49745	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:21.596647978 CEST	49745	443	192.168.2.4	184.171.250.122
Oct 1, 2024 19:41:21.596720934 CEST	443	49745	184.171.250.122	192.168.2.4
Oct 1, 2024 19:41:24.781147957 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:24.781217098 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:24.781296968 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:24.782597065 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:24.782612085 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:25.589483023 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:25.589569092 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:25.594065905 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:25.594078064 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:25.594383955 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:25.642111063 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:26.360060930 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:26.407402039 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.536174059 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:28.536247969 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:28.536322117 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:28.540684938 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.540713072 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.540739059 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.540749073 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.540779114 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.540817976 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:28.540843964 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.540855885 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:28.540888071 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:28.542711973 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.542778969 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:28.542783022 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:28.542825937 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:29.201785088 CEST	49746	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:41:29.201803923 CEST	443	49746	4.245.163.56	192.168.2.4
Oct 1, 2024 19:41:29.728487015 CEST	49740	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:41:29.728513002 CEST	443	49740	142.250.184.196	192.168.2.4
Oct 1, 2024 19:41:31.552115917 CEST	49723	80	192.168.2.4	199.232.214.172
Oct 1, 2024 19:41:31.571433067 CEST	80	49723	199.232.214.172	192.168.2.4
Oct 1, 2024 19:41:31.571501017 CEST	49723	80	192.168.2.4	199.232.214.172
Oct 1, 2024 19:42:05.668064117 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:05.668102026 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:05.668178082 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:05.668633938 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:05.668644905 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.429382086 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.429641008 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.433456898 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.433491945 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.434050083 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.443123102 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.483449936 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.756722927 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.756778955 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.756820917 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.756856918 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.756876945 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.756896973 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.757100105 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.757688999 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.757736921 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.757770061 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.757776022 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.757795095 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.757934093 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.758106947 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.805990934 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.805990934 CEST	49752	443	192.168.2.4	4.245.163.56
Oct 1, 2024 19:42:06.806014061 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:06.806021929 CEST	443	49752	4.245.163.56	192.168.2.4
Oct 1, 2024 19:42:17.023228884 CEST	49754	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:42:17.023279905 CEST	443	49754	142.250.184.196	192.168.2.4
Oct 1, 2024 19:42:17.023504972 CEST	49754	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:42:17.023951054 CEST	49754	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:42:17.023957014 CEST	443	49754	142.250.184.196	192.168.2.4
Oct 1, 2024 19:42:17.707205057 CEST	443	49754	142.250.184.196	192.168.2.4
Oct 1, 2024 19:42:17.707500935 CEST	49754	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:42:17.707515955 CEST	443	49754	142.250.184.196	192.168.2.4
Oct 1, 2024 19:42:17.707854986 CEST	443	49754	142.250.184.196	192.168.2.4
Oct 1, 2024 19:42:17.708195925 CEST	49754	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:42:17.708265066 CEST	443	49754	142.250.184.196	192.168.2.4
Oct 1, 2024 19:42:17.751555920 CEST	49754	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:42:19.704996109 CEST	49724	80	192.168.2.4	199.232.214.172
Oct 1, 2024 19:42:19.714858055 CEST	80	49724	199.232.214.172	192.168.2.4
Oct 1, 2024 19:42:19.714906931 CEST	49724	80	192.168.2.4	199.232.214.172
Oct 1, 2024 19:42:27.612052917 CEST	443	49754	142.250.184.196	192.168.2.4
Oct 1, 2024 19:42:27.612122059 CEST	443	49754	142.250.184.196	192.168.2.4
Oct 1, 2024 19:42:27.612387896 CEST	49754	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:42:27.632002115 CEST	49754	443	192.168.2.4	142.250.184.196
Oct 1, 2024 19:42:27.632039070 CEST	443	49754	142.250.184.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 19:41:13.445126057 CEST	53	56156	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:13.445719957 CEST	53	61098	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:14.810914993 CEST	63824	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:14.811306000 CEST	50549	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:15.556524992 CEST	53	62248	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:16.934226990 CEST	51288	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:16.934783936 CEST	62556	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:16.943092108 CEST	53	51288	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:16.943418026 CEST	53	62556	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:16.972939014 CEST	54485	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:16.973808050 CEST	60526	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:16.979923964 CEST	53	54485	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:16.982182980 CEST	53	60526	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:17.682952881 CEST	52489	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:17.683167934 CEST	51279	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:17.754544973 CEST	53	51279	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:17.754998922 CEST	53	52489	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:18.781323910 CEST	53002	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:18.781759977 CEST	59248	53	192.168.2.4	1.1.1.1
Oct 1, 2024 19:41:19.014333010 CEST	53	53002	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:19.044471025 CEST	53	59248	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:31.280390024 CEST	138	138	192.168.2.4	192.168.2.255
Oct 1, 2024 19:41:33.535769939 CEST	53	50934	1.1.1.1	192.168.2.4
Oct 1, 2024 19:41:52.220787048 CEST	53	64243	1.1.1.1	192.168.2.4
Oct 1, 2024 19:42:12.636236906 CEST	53	58683	1.1.1.1	192.168.2.4
Oct 1, 2024 19:42:15.121099949 CEST	53	60468	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 19:41:14.810914993 CEST	192.168.2.4	1.1.1.1	0xca8e	Standard query (0)	hwvtu.us17.list-manage.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:14.811306000 CEST	192.168.2.4	1.1.1.1	0x224c	Standard query (0)	hwvtu.us17.list-manage.com	65	IN (0x0001)	false
Oct 1, 2024 19:41:16.934226990 CEST	192.168.2.4	1.1.1.1	0xc2c0	Standard query (0)	link.mail.beehiiv.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:16.934783936 CEST	192.168.2.4	1.1.1.1	0xc31f	Standard query (0)	link.mail.beehiiv.com	65	IN (0x0001)	false
Oct 1, 2024 19:41:16.972939014 CEST	192.168.2.4	1.1.1.1	0x4ae0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:16.973808050 CEST	192.168.2.4	1.1.1.1	0xef63	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 1, 2024 19:41:17.682952881 CEST	192.168.2.4	1.1.1.1	0x22ff	Standard query (0)	vangoik.sa.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:17.683167934 CEST	192.168.2.4	1.1.1.1	0xfc46	Standard query (0)	vangoik.sa.com	65	IN (0x0001)	false
Oct 1, 2024 19:41:18.781323910 CEST	192.168.2.4	1.1.1.1	0xa295	Standard query (0)	acbp.com.br	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:18.781759977 CEST	192.168.2.4	1.1.1.1	0x3e19	Standard query (0)	acbp.com.br	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 19:41:15.349318981 CEST	1.1.1.1	192.168.2.4	0x224c	No error (0)	hwvtu.us17.list-manage.com	swc.list-manage.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 19:41:15.350714922 CEST	1.1.1.1	192.168.2.4	0xca8e	No error (0)	hwvtu.us17.list-manage.com	swc.list-manage.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 19:41:16.943092108 CEST	1.1.1.1	192.168.2.4	0xc2c0	No error (0)	link.mail.beehiiv.com		104.18.69.40	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:16.943092108 CEST	1.1.1.1	192.168.2.4	0xc2c0	No error (0)	link.mail.beehiiv.com		104.18.68.40	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:16.943418026 CEST	1.1.1.1	192.168.2.4	0xc31f	No error (0)	link.mail.beehiiv.com			65	IN (0x0001)	false
Oct 1, 2024 19:41:16.979923964 CEST	1.1.1.1	192.168.2.4	0x4ae0	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:16.982182980 CEST	1.1.1.1	192.168.2.4	0xef63	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 19:41:17.754998922 CEST	1.1.1.1	192.168.2.4	0x22ff	No error (0)	vangoik.sa.com		159.148.38.101	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:19.014333010 CEST	1.1.1.1	192.168.2.4	0xa295	No error (0)	acbp.com.br		184.171.250.122	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:26.409156084 CEST	1.1.1.1	192.168.2.4	0x71f7	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 19:41:26.409156084 CEST	1.1.1.1	192.168.2.4	0x71f7	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:41:41.526539087 CEST	1.1.1.1	192.168.2.4	0xc25	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 19:41:41.526539087 CEST	1.1.1.1	192.168.2.4	0xc25	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:42:07.339822054 CEST	1.1.1.1	192.168.2.4	0xbfbf	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 19:42:07.339822054 CEST	1.1.1.1	192.168.2.4	0xbfbf	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 1, 2024 19:42:25.760854006 CEST	1.1.1.1	192.168.2.4	0x5266	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 19:42:25.760854006 CEST	1.1.1.1	192.168.2.4	0x5266	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

link.mail.beehiiv.com

vangoik.sa.com

fs.microsoft.com

acbp.com.br

https:

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	104.18.69.40	443	3428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 17:41:17 UTC	1339	OUT	GET /ls/click?upn=u001.viGU38YukUtIGED3xC-2FGZTjlySnqL0zq5B017u51TS-2FyNkXdGplDy7i1xn4nR5LPUcoBCa0qHsrmsmT1yOTU0jeRwc9GhbY7OUHqWbYhXdygr6EXnt2iFLPYqkfgW0WJocOHuK44FGxYaLPT6lGAx4qghzjKoqXI334f1j0K3H4-3D5lsW_35B58HqgUe69dJ9w-2Bob4XF7SwYrVcF-2Fs9RsE9PvYXRGpy29DfW2ury4D36nuSuKXl6ZhG0-2F-2BBwX2kjkYJraAAMqxFGinE6ArF47ZQHtOZDz78h8BbsJGjkCV1i6FzinlXxy7wbHuKN0qQNB6uHBYEBdIcSXpi8e1XlhNlwOJH-2FSO0tskKx7JPpu-2FvACyjT0SaudPxgUJ712DUBFwTe7cymPTJUDRfO72CAtVZoAYFVAw8yStDin8ARuyHs2XXrdwUDQk-2FhyH4zivZHD1C1Fjkvzfr5ceyjNa-2FSdWGnD59hN6jugRbrl2eP3S7wRlhRE9-2BQX6rkekG14PUX6xDarAs-2B9E09ifhyopqhA5UWLw5jQYgvCzwWBAAVu-2FrRM1bMVAciKfQcyZcYLpz8uQTuTLDyFMSGt-2FyCktpTvxXYb4ljR-2FrMXDQigyc4Q3Tt9QlAKU HTTP/1.1 Host: link.mail.beehiiv.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 17:41:17 UTC	650	IN	HTTP/1.1 302 Found Date: Tue, 01 Oct 2024 17:41:17 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Location: https://vangoik.sa.com?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post X-Robots-Tag: noindex, nofollow CF-Cache-Status: DYNAMIC Set-Cookie: __cf_bm=QGTbwni_w6otK3DlWNrpw.SMaYeUkK8T_gkh8oCij6M-1727804477-1.0.1.1-kF1j08iDdipfncENt0lFSypxsScf.1pxlqUw1XamxFCAFXDa6VNL1BK4aoztAusMnRdMxgOyQNzZe4zw7RucHA; path=/; expires=Tue, 01-Oct-24 18:11:17 GMT; domain=.beehiiv.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8cbe3e206e100f74-EWR
2024-10-01 17:41:17 UTC	150	IN	Data Raw: 39 30 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 61 6e 67 6f 69 6b 2e 73 61 2e 63 6f 6d 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 6d 61 72 79 73 2d 6e 65 77 73 6c 65 74 74 65 72 2d 65 38 35 37 62 63 2e 62 65 65 68 69 69 76 2e 63 6f 6d 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6e 65 77 73 6c 65 74 74 65 72 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 6e 65 77 2d 70 6f 73 74 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a 0d 0a Data Ascii: 90<a href="https://vangoik.sa.com?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post">Found</a>.
2024-10-01 17:41:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	159.148.38.101	443	3428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 17:41:18 UTC	748	OUT	GET /?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1 Host: vangoik.sa.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 17:41:18 UTC	296	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 01 Oct 2024 17:41:18 GMT Server: Apache Location: https://acbp.com.br/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9UaDNaRlU9JnVpZD1VU0VSMjQwOTIwMjRVNDkwOTI0MzA=N0123N%5bEMAIL%5d Content-Length: 320 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-10-01 17:41:18 UTC	320	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 62 70 2e 63 6f 6d 2e 62 72 2f 6d 2f 3f 63 33 59 39 62 7a 4d 32 4e 56 38 78 58 32 35 76 62 53 5a 79 59 57 35 6b 50 55 39 55 61 44 4e 61 52 6c 55 39 4a 6e 56 70 5a 44 31 56 55 30 56 53 4d 6a 51 77 4f 54 49 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://acbp.com.br/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9UaDNaRlU9JnVpZD1VU0VSMjQwOTI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 17:41:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 17:41:18 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=169472 Date: Tue, 01 Oct 2024 17:41:18 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 17:41:19 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 17:41:20 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=169415 Date: Tue, 01 Oct 2024 17:41:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 17:41:20 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	184.171.250.122	443	3428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 17:41:19 UTC	746	OUT	GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9UaDNaRlU9JnVpZD1VU0VSMjQwOTIwMjRVNDkwOTI0MzA=N0123N%5bEMAIL%5d HTTP/1.1 Host: acbp.com.br Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 17:41:19 UTC	159	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:41:19 GMT Server: Apache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-10-01 17:41:19 UTC	6	IN	Data Raw: 31 0d 0a 0a 0d 0a Data Ascii: 1
2024-10-01 17:41:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	184.171.250.122	443	3428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 17:41:20 UTC	670	OUT	GET /favicon.ico HTTP/1.1 Host: acbp.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://acbp.com.br/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9UaDNaRlU9JnVpZD1VU0VSMjQwOTIwMjRVNDkwOTI0MzA=N0123N%5bEMAIL%5d Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 17:41:21 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 01 Oct 2024 17:41:20 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-10-01 17:41:21 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 17:41:26 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WZLccTyp13ys3Ag&MD=LT5BZXKk HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 17:41:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9b7229d2-08da-4522-a234-a479bd860c20 MS-RequestId: 1601c58a-4ffb-4cca-80bb-9dd5418ca8ae MS-CV: H1sEkXSNxk+sEacj.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 17:41:25 GMT Connection: close Content-Length: 24490
2024-10-01 17:41:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-01 17:41:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49752	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 17:42:06 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WZLccTyp13ys3Ag&MD=LT5BZXKk HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 17:42:06 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: cec398d8-24b8-440b-8302-25e4537b9a84 MS-RequestId: b9d395bd-4ee1-4dc2-8415-dba2f5104aa6 MS-CV: PZslRCoVJE+mQ2DB.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 17:42:06 GMT Connection: close Content-Length: 30005
2024-10-01 17:42:06 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-01 17:42:06 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1012, Parent PID: 2352

General

Target ID:	0
Start time:	13:41:08
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3428, Parent PID: 1012

General

Target ID:	2
Start time:	13:41:11
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2248,i,14434729802013882964,1299651225016094446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6296, Parent PID: 2352

General

Target ID:	3
Start time:	13:41:14
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1012, Parent PID: 2352

General

Chronological Activities

Analysis Process: chrome.exePID: 3428, Parent PID: 1012

General

Chronological Activities

Analysis Process: chrome.exePID: 6296, Parent PID: 2352

General

Chronological Activities

Disassembly

Windows Analysis Report
https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a