Edit tour

Windows Analysis Report
https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/

Overview

General Information

Sample URL:	https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/
Analysis ID:	1525245
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML page contains hidden javascript code

Classification

Process Tree

System is w7x64

chrome.exe (PID: 2780 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 1468 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 --field-trial-handle=1248,i,15437747302177852586,17505744800908207444,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 2756 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/

HTTP Parser: Base64 decoded: sv=o365_1_nom&rand=VE5JZ3U=&uid=USER16092024U23091619

Source: https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/

HTTP Parser: No favicon

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2780_1697125312	Jump to behavior

Source: global traffic	HTTP traffic detected: GET /vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/ HTTP/1.1Host: musicforyou.com.auConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /securereader/Image?c=lock&b=1&rnd=0.00823190732671009 HTTP/1.1Host: secmail.bankofamerica.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://musicforyou.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: musicforyou.com.auConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /securereader/Image?c=lock&b=1&rnd=0.00823190732671009 HTTP/1.1Host: secmail.bankofamerica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/02/cropped-favicon-32x32.png HTTP/1.1Host: musicforyou.com.auConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/02/cropped-favicon-32x32.png HTTP/1.1Host: musicforyou.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: musicforyou.com.au
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: secmail.bankofamerica.com

Source: chromecache_71.1.dr	String found in binary or memory: https://hegekaka.za.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVZFNUpaM1U9JnVpZD1VU0VSMTYwOTIwMjRVMjMwOTE2MTk=N
Source: chromecache_71.1.dr	String found in binary or memory: https://secmail.bankofamerica.com/securereader/Image?c=lock&b=1&rnd=0.00823190732671009

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443

Source: classification engine

Classification label: clean0.win@18/8@12/4

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 --field-trial-handle=1248,i,15437747302177852586,17505744800908207444,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 --field-trial-handle=1248,i,15437747302177852586,17505744800908207444,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2780_1697125312	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
musicforyou.com.au	27.124.114.163	true	false	unknown
pe-0000ec08.gslb.pphosted.com	148.163.158.107	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
secmail.bankofamerica.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	false	unknown
https://musicforyou.com.au/favicon.ico	false	unknown
https://musicforyou.com.au/wp-content/uploads/2022/02/cropped-favicon-32x32.png	false	unknown
https://secmail.bankofamerica.com/securereader/Image?c=lock&b=1&rnd=0.00823190732671009	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://hegekaka.za.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVZFNUpaM1U9JnVpZD1VU0VSMTYwOTIwMjRVMjMwOTE2MTk=N	chromecache_71.1.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
27.124.114.163	musicforyou.com.au	Australia	38719	DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU	false
148.163.158.107	pe-0000ec08.gslb.pphosted.com	United States	22843	PROOFPOINT-ASN-US-EASTUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525245
Start date and time:	2024-10-03 23:29:30 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	2
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/8@12/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): vga.dll
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.185.142, 172.217.218.84, 34.104.35.123, 142.250.74.195, 142.250.186.170
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com, safebrowsing.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1869), with CRLF line terminators
Category:	downloaded
Size (bytes):	23850
Entropy (8bit):	5.133370646001484
Encrypted:	false
SSDEEP:	192:CF68S5qMzmxW4BAfW4aXHMzmsW4XA/IS0KBxo/8Wt2SmS5qMzmxW4BAfW4aXHMzo:CFgXmv7UmWXSZi0gPXmv7UmWXSZhhdR
MD5:	1A0AE1BE1CDF064AEE2B6CC02187CD5C
SHA1:	C52163821CD560FA34BF34137874F679F2A65092
SHA-256:	B74F847D25C12C4F87FAF4B4B0006F006EEE0F313914B3FA453471D5A7FD4B03
SHA-512:	D7894CBAB32EDC7D1ECC76F99E5DDE02885491E7FC2272A686E0C966F38089B52302290CA3486F14A952C1CCD92574BAF97EEDBAAD072EC07E66055596FAFF2C
Malicious:	false
Reputation:	low
URL:	https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">.. Branding: You'll probably want to set the title. -->.. <title>PHONE CALL</title><div role="document"><div tabindex="0" aria-label="Message body" class="ulb23 GNqVo allowTextSelection OuGoX" id="UniqueMessageBody_5"><div><div class="rps_c38d"><div style="height:100%; margin:0; padding:0; width:100%; background-color:#FAFAFA">..</head><style type="text/css">.. ...rps_c9ae a.x_nodecoration...{text-decoration:none!important}..@media screen and (min-width: 600px){...rps_c9ae .x_desktop-left...{text-align:left!important}...rps_c9ae .x_desktop-hidden...{display:none!important}...rps_c9ae .x_desktop-showT...{display:table!important}.....}..@media only screen and (max-width: 400px) {...rps_c9ae .x_container...{width:100%!important}...rps_c9ae .x_footer...{width:auto!important;...margin-left:0}...rps_c9ae .

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1132
Entropy (8bit):	7.752665608354536
Encrypted:	false
SSDEEP:	24:2krhrJ1Yn1bAX9BpXUBQAWCXZ0UP/3WPHUM2F1O/wQJCtK6a:2qrJ12MX93ZCXBoHUM2F1OLGK6a
MD5:	3956ED2513EA1445148F27CC549ED1D2
SHA1:	C89669933163307B2B1009CDF16E2FB2DE065A1A
SHA-256:	7FFA6DE062B305D949FB8FE0DF87F23FD09D3EDBE74497EE2625B7D0B5070B8A
SHA-512:	0AF33445A3FF40404DC71E4D57DA2F64DD3BF75BEB96A0FF3869D807EAEC1C12F2B1802C6F9ECE66DBB009191F74044F545DBCDF834443F8C5AFDE44D10F99D7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX..[lTe...s..v.....RZ.6! ....H..> ..Z../&..Q.D........BD...cD$.B}..D..J#bA.D.4....nw..o\|@[..v+.2.s....\|......a...m...P...\|..g(.X..w...<V....Xp..4...?A..%@....`\.2.42..z[..s......=...).......6j.c..,..~4y..)....h.1.....x.u%.....A.5h.1.....h.^..5..&8...r4...,D..C..@..DU71D.\o.F....y..j.tv`..`U ..3...l>2z.g.jlq&..:dr.V5h_.s....8..$........{.be.Y..HfbWI.\|G...L .f=viE6K...M..h...^D....d..\|...-\|........E....V9b...4..za3.{..>....u.P-.4........].]>..G.(....u...4..c.tlQ.y....j....-.4}\|.5M*..c.jlG...VUUM..M.p8ShU.G......K.$N..w.....j....=........X..w..........gR<..Ta.5....Uh4.&z.=.L.......C/.X.wn....v.\|L.=.........~q.JLw+&rf.)..\.t]..V.....`O[....g..`M....)..j:c.{f......m=.=}>b.....d.....@.w .)..o.k...G.N...._.]...u../%...w.{\|...t...X..0... .B4....f.c.pOn.~..T.vH.F...S,..N..m{...A.6"....P:.3...`5..F.E........Bd...".QJ..P3.d....+."u.S.M!N.m..}@,..".Z.. ....n.?..5..\.5......J. ..8.KI..vT

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 90 x 68
Category:	downloaded
Size (bytes):	1933
Entropy (8bit):	6.714574381049021
Encrypted:	false
SSDEEP:	48:0H3X3BNXrhfmR2xq+KhwuWl85pJMDCf6WcVqU08w3:0H3nBN7huR2g+KhCl0kqv8w3
MD5:	11D203DF4573DDEF7A39312650D60916
SHA1:	B34B20779C3D853DE36D9A42521CFF9075DE315B
SHA-256:	5992D4BCF7F1B705FA08AA8A3B0E4C5C1974C6E76B6BA5A69A7D21D0FD939247
SHA-512:	E3DC11AF9737A1B0A2DECE412C95D3C7AC56BC9951BC4A3F273E729ABD9411615B9FD7DF42E86DC2D4D91D0FC08AADB88C2448797D5AC56432B282B8C408E84B
Malicious:	false
Reputation:	low
URL:	https://secmail.bankofamerica.com/securereader/Image?c=lock&b=1&rnd=0.00823190732671009
Preview:	GIF89aZ.D.......SSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbccceeefffggghhhiiijjjkkkmmmnnnoooqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{\|\|\|~~~.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,....Z.D........H......\....#J.H....3j.... C..I...(S.\.......I...8s.l ..I.....J...H...p..P...12.....j.Z.....-..@...J+...........;4.A.C...:..].A.6 ..(.).Jm@p...D#.."@....U..L.@..N-..+..f.n...zh.&.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1132
Entropy (8bit):	7.752665608354536
Encrypted:	false
SSDEEP:	24:2krhrJ1Yn1bAX9BpXUBQAWCXZ0UP/3WPHUM2F1O/wQJCtK6a:2qrJ12MX93ZCXBoHUM2F1OLGK6a
MD5:	3956ED2513EA1445148F27CC549ED1D2
SHA1:	C89669933163307B2B1009CDF16E2FB2DE065A1A
SHA-256:	7FFA6DE062B305D949FB8FE0DF87F23FD09D3EDBE74497EE2625B7D0B5070B8A
SHA-512:	0AF33445A3FF40404DC71E4D57DA2F64DD3BF75BEB96A0FF3869D807EAEC1C12F2B1802C6F9ECE66DBB009191F74044F545DBCDF834443F8C5AFDE44D10F99D7
Malicious:	false
Reputation:	low
URL:	https://musicforyou.com.au/wp-content/uploads/2022/02/cropped-favicon-32x32.png
Preview:	.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX..[lTe...s..v.....RZ.6! ....H..> ..Z../&..Q.D........BD...cD$.B}..D..J#bA.D.4....nw..o\|@[..v+.2.s....\|......a...m...P...\|..g(.X..w...<V....Xp..4...?A..%@....`\.2.42..z[..s......=...).......6j.c..,..~4y..)....h.1.....x.u%.....A.5h.1.....h.^..5..&8...r4...,D..C..@..DU71D.\o.F....y..j.tv`..`U ..3...l>2z.g.jlq&..:dr.V5h_.s....8..$........{.be.Y..HfbWI.\|G...L .f=viE6K...M..h...^D....d..\|...-\|........E....V9b...4..za3.{..>....u.P-.4........].]>..G.(....u...4..c.tlQ.y....j....-.4}\|.5M*..c.jlG...VUUM..M.p8ShU.G......K.$N..w.....j....=........X..w..........gR<..Ta.5....Uh4.&z.=.L.......C/.X.wn....v.\|L.=.........~q.JLw+&rf.)..\.t]..V.....`O[....g..`M....)..j:c.{f......m=.=}>b.....d.....@.w .)..o.k...G.N...._.]...u../%...w.{\|...t...X..0... .B4....f.c.pOn.~..T.vH.F...S,..N..m{...A.6"....P:.3...`5..F.E........Bd...".QJ..P3.d....+."u.S.M!N.m..}@,..".Z.. ....n.?..5..\.5......J. ..8.KI..vT

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 90 x 68
Category:	dropped
Size (bytes):	1933
Entropy (8bit):	6.714574381049021
Encrypted:	false
SSDEEP:	48:0H3X3BNXrhfmR2xq+KhwuWl85pJMDCf6WcVqU08w3:0H3nBN7huR2g+KhCl0kqv8w3
MD5:	11D203DF4573DDEF7A39312650D60916
SHA1:	B34B20779C3D853DE36D9A42521CFF9075DE315B
SHA-256:	5992D4BCF7F1B705FA08AA8A3B0E4C5C1974C6E76B6BA5A69A7D21D0FD939247
SHA-512:	E3DC11AF9737A1B0A2DECE412C95D3C7AC56BC9951BC4A3F273E729ABD9411615B9FD7DF42E86DC2D4D91D0FC08AADB88C2448797D5AC56432B282B8C408E84B
Malicious:	false
Reputation:	low
Preview:	GIF89aZ.D.......SSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbccceeefffggghhhiiijjjkkkmmmnnnoooqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{\|\|\|~~~.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,....Z.D........H......\....#J.H....3j.... C..I...(S.\.......I...8s.l ..I.....J...H...p..P...12.....j.Z.....-..@...J+...........;4.A.C...:..].A.6 ..(.).Jm@p...D#.."@....U..L.@..N-..+..f.n...zh.&.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 23:30:25.251610994 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:25.251720905 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:25.251800060 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:25.254760027 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:25.254808903 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:25.256728888 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:25.256758928 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:25.256815910 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:25.261558056 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:25.261588097 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:26.829390049 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:26.829432964 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:26.829713106 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:26.830188990 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:26.830199957 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:27.524830103 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:27.735423088 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:27.735537052 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:27.901752949 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:27.901774883 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:27.903465033 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:27.903527975 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:27.964057922 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:27.964284897 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:28.171406031 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:28.171474934 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:29.384016991 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.384433985 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.384497881 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.385977030 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.386034966 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.387197018 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.387284040 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.387501001 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.387520075 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.389817953 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.390036106 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.390048981 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.391727924 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.391792059 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.393431902 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.393524885 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.595431089 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.595505953 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.599425077 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.599490881 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.885117054 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.885183096 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:29.885308027 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:29.885358095 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:30.091411114 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:30.091475010 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:30.091552019 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:30.091628075 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:30.091639042 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:30.091768026 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:30.091825008 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:30.091836929 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:30.091850996 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:30.091969967 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:30.092021942 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:30.092361927 CEST	49166	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:30.092381954 CEST	443	49166	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:31.733097076 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:31.733156919 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:31.733217955 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:31.733797073 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:31.733814955 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.590518951 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.590991974 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.591011047 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.592463017 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.592523098 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.594070911 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.594151974 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.594482899 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.594491959 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.729168892 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.729382038 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.729403973 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.729952097 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.730011940 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.735481977 CEST	49168	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.735501051 CEST	443	49168	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.748867035 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:32.795411110 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:32.938380957 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.938429117 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:32.938473940 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.938721895 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:32.938734055 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.456140041 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.456655025 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.456679106 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.458153009 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.458214998 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.458604097 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.458679914 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.458743095 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.458753109 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.634670019 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.634718895 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.634736061 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.635067940 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.635116100 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.636322021 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.636338949 CEST	443	49171	148.163.158.107	192.168.2.22
Oct 3, 2024 23:30:33.636373997 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.636389017 CEST	49171	443	192.168.2.22	148.163.158.107
Oct 3, 2024 23:30:33.831449032 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:33.831624031 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:33.831690073 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:33.832261086 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:33.832261086 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:33.832304955 CEST	443	49165	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:33.832385063 CEST	49165	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:33.833849907 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:33.833900928 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:33.833990097 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:33.834273100 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:33.834291935 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.430849075 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.431268930 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.431303978 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.431787968 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.432168007 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.432250977 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.432291031 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.479454994 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.633578062 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.945080996 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.945283890 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.945447922 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.946532965 CEST	49172	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.946576118 CEST	443	49172	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.978157997 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.978204966 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:35.978390932 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.978672028 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:35.978693962 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:36.931210041 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:36.931533098 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:36.931559086 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:36.933016062 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:36.933065891 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:36.933676958 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:36.933754921 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:36.934029102 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:36.934036016 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:37.143415928 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:37.143735886 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:37.426255941 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:37.426359892 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:30:37.426472902 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:37.437664986 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:37.438342094 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:37.443793058 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:37.474179983 CEST	49173	443	192.168.2.22	27.124.114.163
Oct 3, 2024 23:30:37.474210978 CEST	443	49173	27.124.114.163	192.168.2.22
Oct 3, 2024 23:30:37.518194914 CEST	49167	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:30:37.518213987 CEST	443	49167	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:26.869632959 CEST	49175	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:31:26.869690895 CEST	443	49175	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:26.869796991 CEST	49175	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:31:26.870057106 CEST	49175	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:31:26.870073080 CEST	443	49175	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:27.596677065 CEST	443	49175	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:27.606364012 CEST	49175	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:31:27.606425047 CEST	443	49175	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:27.607081890 CEST	443	49175	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:27.621715069 CEST	49175	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:31:27.621967077 CEST	443	49175	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:27.821608067 CEST	49175	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:31:37.432980061 CEST	443	49175	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:37.433105946 CEST	443	49175	142.250.186.164	192.168.2.22
Oct 3, 2024 23:31:37.433274984 CEST	49175	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:31:38.622461081 CEST	49175	443	192.168.2.22	142.250.186.164
Oct 3, 2024 23:31:38.622529984 CEST	443	49175	142.250.186.164	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 23:30:22.197716951 CEST	53	54821	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:22.356175900 CEST	53	52781	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:25.232434988 CEST	62672	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:25.235125065 CEST	56475	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:25.239891052 CEST	53	62672	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:25.247565031 CEST	53	54842	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:25.255326033 CEST	53	56475	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:26.816759109 CEST	57390	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:26.817754984 CEST	58095	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:26.824110031 CEST	53	57390	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:26.826286077 CEST	53	58095	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:30.138048887 CEST	55939	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:30.138636112 CEST	49608	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:31.336374044 CEST	53	55939	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:31.336664915 CEST	53	49608	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:31.696861029 CEST	61486	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:31.719364882 CEST	62453	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:31.898816109 CEST	53	61486	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:32.024507046 CEST	53	62453	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:32.775099993 CEST	61467	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:32.775599957 CEST	61618	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:32.892767906 CEST	53	61618	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:32.937731028 CEST	53	61467	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:35.958306074 CEST	61826	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:35.958528996 CEST	56329	53	192.168.2.22	8.8.8.8
Oct 3, 2024 23:30:35.965648890 CEST	53	61826	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:35.977844954 CEST	53	56329	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:42.509161949 CEST	53	51870	8.8.8.8	192.168.2.22
Oct 3, 2024 23:30:51.069710970 CEST	53	63373	8.8.8.8	192.168.2.22
Oct 3, 2024 23:31:04.468444109 CEST	53	63950	8.8.8.8	192.168.2.22
Oct 3, 2024 23:31:22.551769018 CEST	53	64215	8.8.8.8	192.168.2.22
Oct 3, 2024 23:31:24.288889885 CEST	53	53031	8.8.8.8	192.168.2.22
Oct 3, 2024 23:31:44.894525051 CEST	53	50380	8.8.8.8	192.168.2.22

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 3, 2024 23:30:25.255433083 CEST	192.168.2.22	8.8.8.8	d05a	(Port unreachable)	Destination Unreachable
Oct 3, 2024 23:30:31.898899078 CEST	192.168.2.22	8.8.8.8	d047	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2024 23:30:25.232434988 CEST	192.168.2.22	8.8.8.8	0x894f	Standard query (0)	musicforyou.com.au	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:25.235125065 CEST	192.168.2.22	8.8.8.8	0x8c41	Standard query (0)	musicforyou.com.au	65	IN (0x0001)	false
Oct 3, 2024 23:30:26.816759109 CEST	192.168.2.22	8.8.8.8	0x3d32	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:26.817754984 CEST	192.168.2.22	8.8.8.8	0xbba9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 3, 2024 23:30:30.138048887 CEST	192.168.2.22	8.8.8.8	0x5741	Standard query (0)	secmail.bankofamerica.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:30.138636112 CEST	192.168.2.22	8.8.8.8	0xd462	Standard query (0)	secmail.bankofamerica.com	65	IN (0x0001)	false
Oct 3, 2024 23:30:31.696861029 CEST	192.168.2.22	8.8.8.8	0xc30d	Standard query (0)	secmail.bankofamerica.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:31.719364882 CEST	192.168.2.22	8.8.8.8	0x6786	Standard query (0)	secmail.bankofamerica.com	65	IN (0x0001)	false
Oct 3, 2024 23:30:32.775099993 CEST	192.168.2.22	8.8.8.8	0xe180	Standard query (0)	secmail.bankofamerica.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:32.775599957 CEST	192.168.2.22	8.8.8.8	0xee5e	Standard query (0)	secmail.bankofamerica.com	65	IN (0x0001)	false
Oct 3, 2024 23:30:35.958306074 CEST	192.168.2.22	8.8.8.8	0x37da	Standard query (0)	musicforyou.com.au	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:35.958528996 CEST	192.168.2.22	8.8.8.8	0xec38	Standard query (0)	musicforyou.com.au	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 3, 2024 23:30:25.239891052 CEST	8.8.8.8	192.168.2.22	0x894f	No error (0)	musicforyou.com.au		27.124.114.163	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:26.824110031 CEST	8.8.8.8	192.168.2.22	0x3d32	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:26.826286077 CEST	8.8.8.8	192.168.2.22	0xbba9	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 3, 2024 23:30:31.336374044 CEST	8.8.8.8	192.168.2.22	0x5741	No error (0)	secmail.bankofamerica.com	pe-0000ec08.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 23:30:31.336374044 CEST	8.8.8.8	192.168.2.22	0x5741	No error (0)	pe-0000ec08.gslb.pphosted.com		148.163.158.107	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:31.336664915 CEST	8.8.8.8	192.168.2.22	0xd462	No error (0)	secmail.bankofamerica.com	pe-0000ec08.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 23:30:31.898816109 CEST	8.8.8.8	192.168.2.22	0xc30d	No error (0)	secmail.bankofamerica.com	pe-0000ec08.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 23:30:31.898816109 CEST	8.8.8.8	192.168.2.22	0xc30d	No error (0)	pe-0000ec08.gslb.pphosted.com		148.163.158.107	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:32.024507046 CEST	8.8.8.8	192.168.2.22	0x6786	No error (0)	secmail.bankofamerica.com	pe-0000ec08.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 23:30:32.892767906 CEST	8.8.8.8	192.168.2.22	0xee5e	No error (0)	secmail.bankofamerica.com	pe-0000ec08.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 23:30:32.937731028 CEST	8.8.8.8	192.168.2.22	0xe180	No error (0)	secmail.bankofamerica.com	pe-0000ec08.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 23:30:32.937731028 CEST	8.8.8.8	192.168.2.22	0xe180	No error (0)	pe-0000ec08.gslb.pphosted.com		148.163.158.107	A (IP address)	IN (0x0001)	false
Oct 3, 2024 23:30:35.965648890 CEST	8.8.8.8	192.168.2.22	0x37da	No error (0)	musicforyou.com.au		27.124.114.163	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

musicforyou.com.au

https:

secmail.bankofamerica.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49166	27.124.114.163	443	1468	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 21:30:29 UTC	779	OUT	GET /vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/ HTTP/1.1 Host: musicforyou.com.au Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 21:30:29 UTC	234	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 21:30:29 GMT Server: Apache X-Powered-By: PHP/8.1.24 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-10-03 21:30:29 UTC	7958	IN	Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 21 2d 2d 20 42 72 61 6e 64 69 6e 67 3a 20 59 6f 75 27 6c 6c 20 70 72 6f 62 61 62 6c 79 20 77 61 6e 74 20 74 6f 20 73 65 74 20 74 68 65 20 74 69 74 6c 65 2e 20 2d 2d 3e 0d 0a 20 20 3c 74 69 74 6c Data Ascii: 4000<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> ... Branding: You'll probably want to set the title. --> <titl
2024-10-03 21:30:30 UTC	8432	IN	Data Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 20 74 61 62 6c 65 2d 6c 61 79 6f 75 74 3a 66 69 78 65 64 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 6c 61 73 73 3d 22 78 5f 6f 75 74 65 72 22 3e 3c 74 62 6f 64 79 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 3a 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 22 20 63 6c 61 73 73 3d 22 78 5f 6f 6e 65 2d 63 6f 6c 75 6d 6e 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 20 62 Data Ascii: und-color:#ffffff; table-layout:fixed" width="100%" align="center" cellpadding="0" cellspacing="0" border="0" class="x_outer"><tbody><tr><td style="padding:0px!important" class="x_one-column"><table style="width:100%!important; background-color:#ffffff; b
2024-10-03 21:30:30 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-10-03 21:30:30 UTC	7479	IN	Data Raw: 31 64 32 61 0d 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 33 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 37 39 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 23 66 61 63 69 6c 65 6c 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 33 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 37 31 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 20 30 20 37 70 78 20 37 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 34 31 70 78 3b 0d 0a 20 20 20 20 Data Ascii: 1d2a width: 130px; margin-top: 179px; } #facilely { width: 130px; height: 71px; border-radius: 0 0 7px 7px; overflow: hidden; margin-top: -41px;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49168	148.163.158.107	443	1468	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 21:30:32 UTC	641	OUT	GET /securereader/Image?c=lock&b=1&rnd=0.00823190732671009 HTTP/1.1 Host: secmail.bankofamerica.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://musicforyou.com.au/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 21:30:32 UTC	525	IN	HTTP/1.1 200 200 Date: Thu, 03 Oct 2024 21:30:32 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=2592000 Expires: Sat, 02 Nov 2024 21:30:32 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' X-UA-Compatible: IE=edge Connection: close Transfer-Encoding: chunked Content-Type: image/gif
2024-10-03 21:30:32 UTC	1940	IN	Data Raw: 37 38 64 0d 0a 47 49 46 38 39 61 5a 00 44 00 f7 00 00 00 00 00 53 53 53 54 54 54 55 55 55 56 56 56 57 57 57 58 58 58 59 59 59 5a 5a 5a 5b 5b 5b 5c 5c 5c 5d 5d 5d 5e 5e 5e 5f 5f 5f 60 60 60 61 61 61 62 62 62 63 63 63 65 65 65 66 66 66 67 67 67 68 68 68 69 69 69 6a 6a 6a 6b 6b 6b 6d 6d 6d 6e 6e 6e 6f 6f 6f 71 71 71 72 72 72 73 73 73 74 74 74 75 75 75 76 76 76 77 77 77 78 78 78 79 79 79 7a 7a 7a 7b 7b 7b 7c 7c 7c 7e 7e 7e 80 80 80 82 82 82 84 84 84 85 85 85 86 86 86 87 87 87 88 88 88 89 89 89 8a 8a 8a 8b 8b 8b 8c 8c 8c 8d 8d 8d 8e 8e 8e 8f 8f 8f 90 90 90 91 91 91 92 92 92 93 93 93 94 94 94 95 95 95 96 96 96 97 97 97 99 99 99 9a 9a 9a 9b 9b 9b 9c 9c 9c 9d 9d 9d 9e 9e 9e 9f 9f 9f a0 a0 a0 a1 a1 a1 a3 a3 a3 a4 a4 a4 a5 a5 a5 a6 a6 a6 a7 a7 a7 a8 a8 a8 a9 a9 a9 Data Ascii: 78dGIF89aZDSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbccceeefffggghhhiiijjjkkkmmmnnnoooqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{\|\|\|~~~
2024-10-03 21:30:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.22	49165	27.124.114.163	443	1468	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 21:30:32 UTC	710	OUT	GET /favicon.ico HTTP/1.1 Host: musicforyou.com.au Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 21:30:33 UTC	393	IN	HTTP/1.1 302 Found Date: Thu, 03 Oct 2024 21:30:32 GMT Server: Apache X-Powered-By: PHP/8.1.24 Link: <https://musicforyou.com.au/wp-json/>; rel="https://api.w.org/" X-Redirect-By: WordPress Upgrade: h2,h2c Connection: Upgrade, close Location: https://musicforyou.com.au/wp-content/uploads/2022/02/cropped-favicon-32x32.png Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.22	49171	148.163.158.107	443	1468	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 21:30:33 UTC	402	OUT	GET /securereader/Image?c=lock&b=1&rnd=0.00823190732671009 HTTP/1.1 Host: secmail.bankofamerica.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 21:30:33 UTC	525	IN	HTTP/1.1 200 200 Date: Thu, 03 Oct 2024 21:30:33 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=2592000 Expires: Sat, 02 Nov 2024 21:30:33 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' X-UA-Compatible: IE=edge Connection: close Transfer-Encoding: chunked Content-Type: image/gif
2024-10-03 21:30:33 UTC	1940	IN	Data Raw: 37 38 64 0d 0a 47 49 46 38 39 61 5a 00 44 00 f7 00 00 00 00 00 53 53 53 54 54 54 55 55 55 56 56 56 57 57 57 58 58 58 59 59 59 5a 5a 5a 5b 5b 5b 5c 5c 5c 5d 5d 5d 5e 5e 5e 5f 5f 5f 60 60 60 61 61 61 62 62 62 63 63 63 65 65 65 66 66 66 67 67 67 68 68 68 69 69 69 6a 6a 6a 6b 6b 6b 6d 6d 6d 6e 6e 6e 6f 6f 6f 71 71 71 72 72 72 73 73 73 74 74 74 75 75 75 76 76 76 77 77 77 78 78 78 79 79 79 7a 7a 7a 7b 7b 7b 7c 7c 7c 7e 7e 7e 80 80 80 82 82 82 84 84 84 85 85 85 86 86 86 87 87 87 88 88 88 89 89 89 8a 8a 8a 8b 8b 8b 8c 8c 8c 8d 8d 8d 8e 8e 8e 8f 8f 8f 90 90 90 91 91 91 92 92 92 93 93 93 94 94 94 95 95 95 96 96 96 97 97 97 99 99 99 9a 9a 9a 9b 9b 9b 9c 9c 9c 9d 9d 9d 9e 9e 9e 9f 9f 9f a0 a0 a0 a1 a1 a1 a3 a3 a3 a4 a4 a4 a5 a5 a5 a6 a6 a6 a7 a7 a7 a8 a8 a8 a9 a9 a9 Data Ascii: 78dGIF89aZDSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbccceeefffggghhhiiijjjkkkmmmnnnoooqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{\|\|\|~~~
2024-10-03 21:30:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.22	49172	27.124.114.163	443	1468	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 21:30:35 UTC	751	OUT	GET /wp-content/uploads/2022/02/cropped-favicon-32x32.png HTTP/1.1 Host: musicforyou.com.au Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 21:30:35 UTC	232	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 21:30:35 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 01 Feb 2022 06:51:38 GMT Accept-Ranges: bytes Content-Length: 1132 Content-Type: image/png
2024-10-03 21:30:35 UTC	1132	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 04 1e 49 44 41 54 58 85 c5 97 5b 6c 54 65 10 c7 7f 73 ce e9 76 db a5 05 16 ac 85 52 5a 8a 36 21 20 97 04 81 04 48 bc c4 3e 20 a4 0f 5a 82 a8 2f 26 be a9 51 d4 44 09 97 18 95 c4 0b f1 12 42 44 ab f1 12 63 44 24 01 42 7d 10 13 44 ac 84 4a 23 62 41 a0 44 0a 34 c5 85 ed b6 dd dd 6e 77 f7 9c 6f 7c 40 5b aa ed 76 2b 9b 32 8f 73 fe df cc ef 7c df cc 99 ef 88 aa 2e 03 ee 61 08 d3 ce 6d e8 e5 1d 50 b0 1c a9 7c 17 11 67 28 d9 8d 58 83 f3 77 f2 97 fe 93 3c 56 0f 91 b7 c0 58 70 f5 0b 34 1d 85 db 3f 41 c4 ca 25 40 cf f0 d1 92 bb 60 5c 0d 32 fb 34 32 a7 09 7a 5b d0 8e f7 73 99 1c 80 0c af e3 81 3d 01 11 Data Ascii: PNGIHDR szzpHYs+IDATX[lTesvRZ6! H> Z/&QDBDcD$B}DJ#bAD4nwo\|@[v+2s\|.amP\|g(Xw<VXp4?A%@`\242z[s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.22	49173	27.124.114.163	443	1468	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 21:30:36 UTC	394	OUT	GET /wp-content/uploads/2022/02/cropped-favicon-32x32.png HTTP/1.1 Host: musicforyou.com.au Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 21:30:37 UTC	232	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 21:30:37 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 01 Feb 2022 06:51:38 GMT Accept-Ranges: bytes Content-Length: 1132 Content-Type: image/png
2024-10-03 21:30:37 UTC	1132	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 04 1e 49 44 41 54 58 85 c5 97 5b 6c 54 65 10 c7 7f 73 ce e9 76 db a5 05 16 ac 85 52 5a 8a 36 21 20 97 04 81 04 48 bc c4 3e 20 a4 0f 5a 82 a8 2f 26 be a9 51 d4 44 09 97 18 95 c4 0b f1 12 42 44 ab f1 12 63 44 24 01 42 7d 10 13 44 ac 84 4a 23 62 41 a0 44 0a 34 c5 85 ed b6 dd dd 6e 77 f7 9c 6f 7c 40 5b aa ed 76 2b 9b 32 8f 73 fe df cc ef 7c df cc 99 ef 88 aa 2e 03 ee 61 08 d3 ce 6d e8 e5 1d 50 b0 1c a9 7c 17 11 67 28 d9 8d 58 83 f3 77 f2 97 fe 93 3c 56 0f 91 b7 c0 58 70 f5 0b 34 1d 85 db 3f 41 c4 ca 25 40 cf f0 d1 92 bb 60 5c 0d 32 fb 34 32 a7 09 7a 5b d0 8e f7 73 99 1c 80 0c af e3 81 3d 01 11 Data Ascii: PNGIHDR szzpHYs+IDATX[lTesvRZ6! H> Z/&QDBDcD$B}DJ#bAD4nwo\|@[v+2s\|.amP\|g(Xw<VXp4?A%@`\242z[s=

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2780, Parent PID: 1996

General

Target ID:	0
Start time:	17:30:19
Start date:	03/10/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x13ff30000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1468, Parent PID: 2780

General

Target ID:	1
Start time:	17:30:20
Start date:	03/10/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 --field-trial-handle=1248,i,15437747302177852586,17505744800908207444,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13ff30000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2756, Parent PID: 1996

General

Target ID:	4
Start time:	17:30:23
Start date:	03/10/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/"
Imagebase:	0x13ff30000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2780, Parent PID: 1996

General

Chronological Activities

Analysis Process: chrome.exePID: 1468, Parent PID: 2780

General

Chronological Activities

Analysis Process: chrome.exePID: 2756, Parent PID: 1996

General

Chronological Activities

Disassembly

Windows Analysis Report
https://musicforyou.com.au/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/