Edit tour

Windows Analysis Report
http://details-info.co

Overview

General Information

Sample URL:	http://details-info.co
Analysis ID:	1592161
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1928,i,15281617247249934630,14256075965283467518,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://details-info.co" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://details-info.co/

HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: details-info.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/404-stu.png HTTP/1.1Host: details-info.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://details-info.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/404-stu.png HTTP/1.1Host: details-info.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: details-info.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://details-info.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: details-info.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: details-info.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://details-info.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: details-info.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: details-info.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 19:58:17 GMTContent-Type: text/html; charset=utf-8Content-Length: 1913Connection: closeX-Request-Id: 8f47dbc3-9de3-44aa-86bd-a3b42c7656d9X-Runtime: 0.001306Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 19:58:29 GMTContent-Type: text/html; charset=utf-8Content-Length: 1913Connection: closeX-Request-Id: 358d24c0-c0fd-4a31-962e-f2612d6688d4X-Runtime: 0.001766Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Source: chromecache_61.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4iaVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4jaVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4vaVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5OaVI
Source: chromecache_62.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5caVI

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: classification engine

Classification label: clean0.win@18/15@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1928,i,15281617247249934630,14256075965283467518,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://details-info.co"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1928,i,15281617247249934630,14256075965283467518,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://details-info.co	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://details-info.co/	0%	Avira URL Cloud	safe
https://details-info.co/img/404-stu.png	0%	Avira URL Cloud	safe
https://details-info.co/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
details-info.co	35.183.149.148	true	false		high
www.google.com	142.250.184.228	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://details-info.co/	false		unknown
http://details-info.co/	false	Avira URL Cloud: safe	unknown
https://details-info.co/favicon.ico	false	Avira URL Cloud: safe	unknown
https://details-info.co/img/404-stu.png	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.98.135.159	unknown	United States	16509	AMAZON-02US	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
35.183.149.148	details-info.co	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592161
Start date and time:	2025-01-15 20:57:46 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://details-info.co
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/15@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.184.238, 64.233.167.84, 142.250.185.238, 199.232.214.172, 172.217.16.206, 142.250.185.202, 142.250.185.110, 142.250.186.46, 142.250.184.206, 172.217.18.110, 216.58.206.46, 172.217.18.14, 142.250.185.131, 142.250.186.78, 142.250.185.206, 2.23.242.162, 20.12.23.50
Excluded domains from analysis (whitelisted): clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://details-info.co

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://details-info.co Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false, "reasoning": "The URL contains suspicious elements including: generic terms 'details' and 'info' combined, which are common in phishing attempts; uses .co TLD which is sometimes used maliciously when trying to appear legitimate while avoiding .com costs" }
URL: http://details-info.co
URL: https://details-info.co/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Home", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://details-info.co/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:15 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9874946361512142
Encrypted:	false
SSDEEP:	48:8BdVT9hlHXidAKZdA1FehwiZUklqehay+3:8RP/Zy
MD5:	C89900422F830610D0A6B350A0B22721
SHA1:	B79DF2FEA4D722A05F5E4E62706E7FF88C01172F
SHA-256:	FB6E16CB790B2DDD8409BDF3C01F3B78525D7134F4451168EFCCB3C71311C22B
SHA-512:	6F21676DF468DE22850E028F0A8192240756DFEAF88CADC756AD8C587F74F1FA16F8D569766A6368BD768FED18827C34B82EC0A9D0118106D6BED2D61EC8019A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/Z<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:15 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0052248942564255
Encrypted:	false
SSDEEP:	48:8UdVT9hlHXidAKZdA1seh/iZUkAQkqehJy+2:8aPJ9QYy
MD5:	E21167A9DADE4110970622336D601052
SHA1:	5F2B5B799BD214DEB69500821F7C132794439C18
SHA-256:	6E754AF8BC3545C064C9BC3C97000D9954C9C30EC7A408C2378C845FCFDF7972
SHA-512:	3875CB9C134B7FC06961B44897624065F543C3953CEB2640D7CBC66EFCDD1B87DF667AFC7AAAE4F4B7BDAAD818907B51686F53C2898D5E33BE9F259938D453F9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/Z<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.013457832038875
Encrypted:	false
SSDEEP:	48:8wdVT9hAHXidAKZdA14meh7sFiZUkmgqeh7sfy+BX:8uPmnFy
MD5:	1330B320A90A391B71520415FF01F751
SHA1:	FC8A519DE9332EAD32E8F5F4E26EADA140C47E2E
SHA-256:	C504A66AD91DA9A582FD16F4FA06266711C89E75A45B73C50DE1D90233710ED8
SHA-512:	24AAE5A4D7D248D23BFD4FB9B82A13EBFFB2D5CACD578BACF4500616FAB38A83F35139D684DB6B911845C49865883D26F6EAA4E7EC38655B96CB55D1A469935E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/Z<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:15 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.003384627937007
Encrypted:	false
SSDEEP:	48:8LdVT9hlHXidAKZdA1TehDiZUkwqehty+R:8LPaHy
MD5:	30D0F4CA9546C4A1C7D57581460358EE
SHA1:	6C04F23D5AD62EF548B33823F522F8C1F1358650
SHA-256:	1EEB6C6CFEE8CBDE7A127B728A59A3AD9D0E37C70F5D461A7FF659712A76E75C
SHA-512:	C765C47A2DD310346892A45B2E3D7456FEFC9484D6E7EAF20DBDD9E32938074D5B03E65E4FCAC20073DF9573973923FB659F1EF1422C2BAC49378573CBD05F9E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....`..g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/Z<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:15 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.989835703262097
Encrypted:	false
SSDEEP:	48:8t9dVT9hlHXidAKZdA1dehBiZUk1W1qeh7y+C:8tFP69by
MD5:	092B7249A11BBCF457E4DEBE8298D717
SHA1:	E8DDD9123C210AE9AD8F180D0E35289458319C9F
SHA-256:	E2A5A5013475D7FE58C511B34456B4D71832DAA4ECE12E81F148B1CA8BA77678
SHA-512:	2DD47342C5D150924A7F5D8C98D7E4BB8E0F3BB27C564B8E63FE86222B834B65FACE88B8E8C646F07CDF01FD4A3202F4551C5D5506F44F004240A35B6AC004BA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Z...g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/Z<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:58:15 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.999953094795907
Encrypted:	false
SSDEEP:	48:8ddVT9hlHXidAKZdA1duTeehOuTbbiZUk5OjqehOuTbFy+yT+:8lPQTfTbxWOvTbFy7T
MD5:	6541D4E784636625026D135D68563D66
SHA1:	135A5A4445FD790DC9DD7A4A28E395E405BEBB0C
SHA-256:	2C62A714406F20B76DC144E5DB7269C67195BBD1C7F586E5696D2788B89B6B94
SHA-512:	6566D2219615EEE69BCFB00AFB5A1DE1D406867B23E226E2E20206C75F5F5663B8F935DE5F9214DD9133C05AB4621DA1512720530591FEC156D80E78A7FD0DCF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/Z<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/ZF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/ZF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/ZH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1913
Entropy (8bit):	4.589059888041022
Encrypted:	false
SSDEEP:	48:80GA3MDbEGSenRSBLNAqoidcnBVsejgau:80D3sbEGxnRGNADocnBljhu
MD5:	07BF6884EC2755A980D77AEF95050118
SHA1:	5E6F7EE3E38DB35B9892CC987340638127A06417
SHA-256:	F9BC5DA3C4631E68B0D9D3E873E466B0781678B9D82BFD9A252737EB27F55EC9
SHA-512:	A14397564438C7048308A8B54D3CF322E4A9892DFC0437250C50D32BA572B89F83FCDC0D00769FA8F1D1160C4419DCDC270CC8B5F874D8F0228312286522AD2D
Malicious:	false
Reputation:	low
URL:	https://details-info.co/
Preview:	<html>..<head>. <meta name="viewport" content="width=device-width,initial-scale=1.0">. <link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet">. <title>404 page not found \| KnowBe4</title>. <style type="text/css">. body {. padding-top: 50px;. background-color: #fff;. font-family: 'Open Sans', sans-serif;. }.. .container {. text-align: center. }.. .container .image {. display: inline-block;. text-align: left;. }.. .container .description {. display: inline-block;. text-align: left;. }.. .stu {. padding-right: 50px;. width: 150px;. margin-bottom: -190px;. }.. h1 {. font-size: 22px;. margin: 10px 0;. font-weight: 300;. color: #444;. padding-bottom: 12px;. }.. p {. font-size: 12px;. color: #929292;. font-weight: bold;. padding-top: 12px;. }.. a {. border: none;. border-radius: 3px;. padding: 12px 24px;.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	5973
Entropy (8bit):	5.385847419693263
Encrypted:	false
SSDEEP:	96:ZOEMJJOEMiDFZ8OEMXkOEMhYOEMlOEM5y+aZjzBrWOEMfubqGIFuV4UOEMmOEMZ0:wJAiXBh1s5qb2bqGIwV4R3ZqF
MD5:	207F621B4209616283D091A5A0F8CD49
SHA1:	D34E96207B74C7446771ED458DDB74AE78121E93
SHA-256:	5780DCB011235F74EBD060A2E1D7E214E3BD12E13982BF4BD7FBE052D3D55F63
SHA-512:	91EA88B5F95863ABBB93E69AF3D7F68BD0D5C3716C5294869A64D5C08C573DA8FE1695279B397D7E7765431863013AC7AFB6DA00559C49AA49E6D4E87580C306
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css?family=Open+Sans
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVIGxA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-fa

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 908, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	24351
Entropy (8bit):	7.943324151637908
Encrypted:	false
SSDEEP:	384:0VJ2SWdM0zUbge+VBn+bZYBB0xMHOhHvpO2YbK4GKajJ/ts1Zql+8Qd6NFs:0VJ2SW3AbA0xxFw3ZaeUI8TFs
MD5:	8469755F9C4D7D06F3C40ABA2CE0C984
SHA1:	C9C4DF21A69761EF6B6822856C2926ED79836513
SHA-256:	97629739FA3A6144493EFD1CCD665E8215FF6FA1BC4A2AD0CB900B4A849EE7D7
SHA-512:	5A51E7B971BF8E5B40C8712FD7D7B03DDF56CFF825D4827911066DDED9DAC810DC03875C9E012E8FCFB614D98F6711DDAE03924F97ECFFF1EA3CE6DB92E73CE1
Malicious:	false
Reputation:	low
URL:	https://details-info.co/img/404-stu.png
Preview:	.PNG........IHDR...,.................pHYs...%...%.IR$... .IDATx...}p..}'./^.. H@.I.tL.\.4).'..9.^.P.R...ZRm...D.".%.....r.N.t...JTv.:+...U..(.(y....8r9.V.I..N.....I..A.......3.O.tO?O?....T.4...#L.w.~..<O......".d..p...w.......r.f.$-.,J...qP..^.oy....G...d<."..X..Y'.bO..?...C.u.Uw..$9..a.....g..R....".e......Y..........2.,.._Xuv....~.7n..y.#.wG.<.Cn...6.<.,.R.2.../..~....6.r.wc.&........W.g.=..Cn....D.,.N.n.+...z`.3..S....S..s..z....?.........u2.P.`...4.....7.W?<..>p...!7...F.2.,.B.Wu..>....V.....c...}i..N.=..]w...).U...M....X./....1....'..^.{r..~PR.=,2R.Gu....\..[....>..k"=...~.?<...v...3....a.."+..v...U..p..\|~.m..]..y..n.yw..<3v..8 .I(2..(.....P...uz@l...........0r...?.j.O..yV...=,j(.dv..N....j..v...=..zP[6o.......Y'3.x30.H.4.t..g@cS.nm7...6\|.S.:;V)}...'p...w.8..4c`Q.R...H.Im.......\...'...D.l. ...Y'3.,.8.E......x..[.....o....}......7.R...c...X.v..i...J.RP.k....'7m.........e..e..A`.M..{cp...Ba{T...K.....y..=..n........... .>.bh.R.**c`.L..x..:.q.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 908, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24351
Entropy (8bit):	7.943324151637908
Encrypted:	false
SSDEEP:	384:0VJ2SWdM0zUbge+VBn+bZYBB0xMHOhHvpO2YbK4GKajJ/ts1Zql+8Qd6NFs:0VJ2SW3AbA0xxFw3ZaeUI8TFs
MD5:	8469755F9C4D7D06F3C40ABA2CE0C984
SHA1:	C9C4DF21A69761EF6B6822856C2926ED79836513
SHA-256:	97629739FA3A6144493EFD1CCD665E8215FF6FA1BC4A2AD0CB900B4A849EE7D7
SHA-512:	5A51E7B971BF8E5B40C8712FD7D7B03DDF56CFF825D4827911066DDED9DAC810DC03875C9E012E8FCFB614D98F6711DDAE03924F97ECFFF1EA3CE6DB92E73CE1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...,.................pHYs...%...%.IR$... .IDATx...}p..}'./^.. H@.I.tL.\.4).'..9.^.P.R...ZRm...D.".%.....r.N.t...JTv.:+...U..(.(y....8r9.V.I..N.....I..A.......3.O.tO?O?....T.4...#L.w.~..<O......".d..p...w.......r.f.$-.,J...qP..^.oy....G...d<."..X..Y'.bO..?...C.u.Uw..$9..a.....g..R....".e......Y..........2.,.._Xuv....~.7n..y.#.wG.<.Cn...6.<.,.R.2.../..~....6.r.wc.&........W.g.=..Cn....D.,.N.n.+...z`.3..S....S..s..z....?.........u2.P.`...4.....7.W?<..>p...!7...F.2.,.B.Wu..>....V.....c...}i..N.=..]w...).U...M....X./....1....'..^.{r..~PR.=,2R.Gu....\..[....>..k"=...~.?<...v...3....a.."+..v...U..p..\|~.m..]..y..n.yw..<3v..8 .I(2..(.....P...uz@l...........0r...?.j.O..yV...=,j(.dv..N....j..v...=..zP[6o.......Y'3.x30.H.4.t..g@cS.nm7...6\|.S.:;V)}...'p...w.8..4c`Q.R...H.Im.......\...'...D.l. ...Y'3.,.8.E......x..[.....o....}......7.R...c...X.v..i...J.RP.k....'7m.........e..e..A`.M..{cp...Ba{T...K.....y..=..n........... .>.bh.R.**c`.L..x..:.q.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
Category:	downloaded
Size (bytes):	18668
Entropy (8bit):	7.988119248989337
Encrypted:	false
SSDEEP:	384:1stcBfAVaR8i6XzMsb4fcjakBudFyBqrgeU0hipgwfqj09nOt/a:1k0F6Xz1bFjaPbyBqr9hIgkM3Fa
MD5:	8655D20BBCC8CDBFAB17B6BE6CF55DF3
SHA1:	90EDBFA9A7DABB185487B4774076F82EB6412270
SHA-256:	E7AF9D60D875EB1C1B1037BBBFDEC41FCB096D0EBCF98A48717AD8B07906CED6
SHA-512:	47308DE25BD7E4CA27F59A2AE681BA64393FE4070E730C1F00C4053BAC956A9B4F7C0763C04145BC50A5F91C12A0BF80BDD4B03EECC2036CD56B2DB31494CBAF
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Preview:	wOF2......H...........H..........................\|.....h.`?STAT^..0..\|...........+..2..6.$..`. ..x........z'o..w;....6.E....6....E...'$H.#.....n1X..JU/.d.O..JC.'J".v.v.l.h.....u.S...SY.....B.hz.o.}......W......%m6...A..=....\..m. .]..~.[..........]...I..h.=.....6.xt..F....Lt...Qs-.7..{...~BI.".F.Q......F...P..dMw..#I2........Rq.Q&.0@.;..;...3VG..:c.nki..-Q..2##e.u...8n....\?....T..b....^..#...../.J\|OM..St....e.S.}!.....>..i.T/a.ES%.W.P3..`..a.R.A.....!~g..74.np8o.....d[6?.P.4)P.....AG.3.......;#0.y....M..O/2.@.4..N.vA$.:M&H,.AT".........@..a.~..L->...0@h...~.._..N"......t......C./g7..............2E.N.J...TW.F..."A.B...n.......i.?.{\.L.!.B..x...S..!........?.\,... .@.....y"xw.A8.w..!E..-^P O..+.T.r.R.zz..K..].E.....Ri.)g.P...j..w..c.M.F.v../........Q....'...(....X..;.K.!BZ3.........f.....N.A(....cA`.b'...`.~sa^.....?..../.L.S......t..`@h..C.....>N.W...;>..._h.+~=\|......uOGA{.7.....h....q.d.4$.x<.....^0\|...@....@Q[RC.0....b....'...RID

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 20:58:13.673006058 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:58:13.974662066 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:58:14.578597069 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:58:15.791589022 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:58:16.167346001 CET	49702	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:16.167680025 CET	49703	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:16.172164917 CET	80	49702	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:16.172552109 CET	80	49703	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:16.172756910 CET	49702	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:16.173784018 CET	49703	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:16.176763058 CET	49703	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:16.181564093 CET	80	49703	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:16.321772099 CET	49689	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:58:16.659544945 CET	80	49703	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:16.700210094 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:16.700249910 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:16.700316906 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:16.700602055 CET	49703	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:16.700730085 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:16.700743914 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.389466047 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.389898062 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.389970064 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.390489101 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.390583992 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.391231060 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.391372919 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.392376900 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.392461061 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.392553091 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.392571926 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.433392048 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.512439966 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.512495995 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.512660980 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.512741089 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.513945103 CET	49707	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.513993025 CET	443	49707	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.556832075 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.556878090 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:17.557249069 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.557475090 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:17.557495117 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.038074970 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.038518906 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.038551092 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.038979053 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.039298058 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.039427042 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.039463043 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.087655067 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.199634075 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:58:18.256513119 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.256584883 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.256607056 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.256648064 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.256675959 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.256685019 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.256747007 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.256784916 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.256784916 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.256815910 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.266057014 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.266164064 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.266181946 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.266237020 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.266304016 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.266478062 CET	49708	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.266510010 CET	443	49708	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.292653084 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:18.292715073 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:18.292819023 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:18.293024063 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:18.293070078 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:18.527756929 CET	49713	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.527796984 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.527909994 CET	49713	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.528101921 CET	49713	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:18.528115034 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:18.972429991 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:18.972810984 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:18.972846985 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:18.973242044 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:18.973323107 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:18.973964930 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:18.974044085 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:18.974147081 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:18.974198103 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:18.974292994 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:18.974304914 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.025613070 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.033442974 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:19.033754110 CET	49713	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:19.033780098 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:19.034159899 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:19.034801960 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:19.034842968 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:19.034910917 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:19.035244942 CET	49713	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:19.035296917 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:19.035600901 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:19.035613060 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:19.035767078 CET	49713	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:19.083333015 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:19.100752115 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.100795031 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.100811958 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.100825071 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.100847960 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.100861073 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.100924969 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.100995064 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.101032019 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.101063967 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.168045998 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:19.168123007 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:19.168207884 CET	49713	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:19.168940067 CET	49713	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:19.168962955 CET	443	49713	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:19.171813011 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.171845913 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.171917915 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.172183037 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.172192097 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.172213078 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.172283888 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.172302961 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.172341108 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.172688007 CET	49710	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.172713041 CET	443	49710	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.668008089 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.668448925 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.668466091 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.668804884 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.669111013 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.669164896 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.669239998 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.669326067 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:19.669482946 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:19.669501066 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:19.670537949 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:19.670598030 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:19.671746969 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:19.671875954 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:19.711333036 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.711612940 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:19.711628914 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:19.759609938 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:19.800483942 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.800570965 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.800868034 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.801014900 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.801031113 CET	443	49715	35.183.149.148	192.168.2.16
Jan 15, 2025 20:58:19.801042080 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:19.801078081 CET	49715	443	192.168.2.16	35.183.149.148
Jan 15, 2025 20:58:21.832340956 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:58:22.135657072 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:58:22.742139101 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:58:23.013803005 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:58:23.956609964 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:58:26.298777103 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:58:26.362912893 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:58:26.602790117 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:58:27.208636045 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:58:28.421621084 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:58:29.189357042 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.189407110 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.189639091 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.189877033 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.189893007 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.344485998 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.344547033 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.344640970 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.344872952 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.344888926 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.610059023 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:29.610127926 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:29.610244036 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:29.679873943 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.690170050 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.690198898 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.691560984 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.692142010 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.692281961 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.692292929 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.692337036 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.744951010 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.813569069 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.813627958 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.813796997 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.813851118 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.813898087 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.814842939 CET	49719	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.814867020 CET	443	49719	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.823369026 CET	49714	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:58:29.823402882 CET	443	49714	142.250.184.228	192.168.2.16
Jan 15, 2025 20:58:29.824764013 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.825011015 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.825022936 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.825418949 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.825728893 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:29.825794935 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:58:29.871741056 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:58:30.826700926 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:58:31.177706957 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:58:32.616668940 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:58:35.635664940 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:58:40.780802965 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:58:45.238682032 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:59:01.183763981 CET	49702	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:59:01.188591957 CET	80	49702	35.183.149.148	192.168.2.16
Jan 15, 2025 20:59:01.663748980 CET	49703	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:59:01.668628931 CET	80	49703	35.183.149.148	192.168.2.16
Jan 15, 2025 20:59:11.555331945 CET	80	49702	35.183.149.148	192.168.2.16
Jan 15, 2025 20:59:11.555453062 CET	49702	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:59:11.659132004 CET	80	49703	35.183.149.148	192.168.2.16
Jan 15, 2025 20:59:11.659249067 CET	49703	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:59:12.623764992 CET	49702	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:59:12.623766899 CET	49703	80	192.168.2.16	35.183.149.148
Jan 15, 2025 20:59:12.628710032 CET	80	49702	35.183.149.148	192.168.2.16
Jan 15, 2025 20:59:12.628727913 CET	80	49703	35.183.149.148	192.168.2.16
Jan 15, 2025 20:59:14.827784061 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:59:14.827815056 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:59:19.083091021 CET	49724	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:59:19.083139896 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 20:59:19.083266020 CET	49724	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:59:19.083583117 CET	49724	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:59:19.083599091 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 20:59:19.739248991 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 20:59:19.739624023 CET	49724	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:59:19.739662886 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 20:59:19.741121054 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 20:59:19.741435051 CET	49724	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:59:19.741624117 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 20:59:19.783883095 CET	49724	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:59:24.736586094 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:59:24.736689091 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:59:24.736953974 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:59:26.632162094 CET	49720	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:59:26.632209063 CET	443	49720	3.98.135.159	192.168.2.16
Jan 15, 2025 20:59:29.635334969 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 20:59:29.635404110 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 20:59:29.635472059 CET	49724	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:59:30.621907949 CET	49724	443	192.168.2.16	142.250.184.228
Jan 15, 2025 20:59:30.621953011 CET	443	49724	142.250.184.228	192.168.2.16
Jan 15, 2025 21:00:19.144462109 CET	49726	443	192.168.2.16	142.250.184.228
Jan 15, 2025 21:00:19.144519091 CET	443	49726	142.250.184.228	192.168.2.16
Jan 15, 2025 21:00:19.144665956 CET	49726	443	192.168.2.16	142.250.184.228
Jan 15, 2025 21:00:19.145039082 CET	49726	443	192.168.2.16	142.250.184.228
Jan 15, 2025 21:00:19.145050049 CET	443	49726	142.250.184.228	192.168.2.16
Jan 15, 2025 21:00:19.852561951 CET	443	49726	142.250.184.228	192.168.2.16
Jan 15, 2025 21:00:19.852998972 CET	49726	443	192.168.2.16	142.250.184.228
Jan 15, 2025 21:00:19.853034973 CET	443	49726	142.250.184.228	192.168.2.16
Jan 15, 2025 21:00:19.853498936 CET	443	49726	142.250.184.228	192.168.2.16
Jan 15, 2025 21:00:19.853832960 CET	49726	443	192.168.2.16	142.250.184.228
Jan 15, 2025 21:00:19.853915930 CET	443	49726	142.250.184.228	192.168.2.16
Jan 15, 2025 21:00:19.893969059 CET	49726	443	192.168.2.16	142.250.184.228

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 20:58:14.400232077 CET	53	54973	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:14.425446033 CET	53	58855	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:15.402925968 CET	53	61579	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:16.123104095 CET	50478	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:58:16.123241901 CET	52288	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:58:16.154504061 CET	53	52288	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:16.162179947 CET	53	50478	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:16.672914982 CET	64993	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:58:16.673372030 CET	65352	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:58:16.681942940 CET	53	65352	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:16.699558020 CET	53	64993	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:17.563335896 CET	53	62451	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:18.269711971 CET	52038	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:58:18.269841909 CET	57318	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:58:18.279109955 CET	53	52038	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:18.292136908 CET	53	57318	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:19.026282072 CET	61874	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:58:19.026468039 CET	54178	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:58:19.033529997 CET	53	54178	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:19.033911943 CET	53	61874	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:32.336699963 CET	53	55762	1.1.1.1	192.168.2.16
Jan 15, 2025 20:58:51.390737057 CET	53	61164	1.1.1.1	192.168.2.16
Jan 15, 2025 20:59:13.957087994 CET	53	52372	1.1.1.1	192.168.2.16
Jan 15, 2025 20:59:14.406052113 CET	53	65342	1.1.1.1	192.168.2.16
Jan 15, 2025 20:59:18.003664017 CET	138	138	192.168.2.16	192.168.2.255
Jan 15, 2025 20:59:43.663702011 CET	53	49885	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 20:58:16.123104095 CET	192.168.2.16	1.1.1.1	0x8ed4	Standard query (0)	details-info.co	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:16.123241901 CET	192.168.2.16	1.1.1.1	0x5090	Standard query (0)	details-info.co	65	IN (0x0001)	false
Jan 15, 2025 20:58:16.672914982 CET	192.168.2.16	1.1.1.1	0x86a8	Standard query (0)	details-info.co	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:16.673372030 CET	192.168.2.16	1.1.1.1	0x225e	Standard query (0)	details-info.co	65	IN (0x0001)	false
Jan 15, 2025 20:58:18.269711971 CET	192.168.2.16	1.1.1.1	0x5d92	Standard query (0)	details-info.co	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:18.269841909 CET	192.168.2.16	1.1.1.1	0xd1a1	Standard query (0)	details-info.co	65	IN (0x0001)	false
Jan 15, 2025 20:58:19.026282072 CET	192.168.2.16	1.1.1.1	0x69ab	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:19.026468039 CET	192.168.2.16	1.1.1.1	0xfc61	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 20:58:16.162179947 CET	1.1.1.1	192.168.2.16	0x8ed4	No error (0)	details-info.co	35.183.149.148	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:16.162179947 CET	1.1.1.1	192.168.2.16	0x8ed4	No error (0)	details-info.co	3.98.239.58	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:16.162179947 CET	1.1.1.1	192.168.2.16	0x8ed4	No error (0)	details-info.co	3.98.135.159	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:16.699558020 CET	1.1.1.1	192.168.2.16	0x86a8	No error (0)	details-info.co	3.98.135.159	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:16.699558020 CET	1.1.1.1	192.168.2.16	0x86a8	No error (0)	details-info.co	35.183.149.148	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:16.699558020 CET	1.1.1.1	192.168.2.16	0x86a8	No error (0)	details-info.co	3.98.239.58	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:18.279109955 CET	1.1.1.1	192.168.2.16	0x5d92	No error (0)	details-info.co	35.183.149.148	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:18.279109955 CET	1.1.1.1	192.168.2.16	0x5d92	No error (0)	details-info.co	3.98.239.58	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:18.279109955 CET	1.1.1.1	192.168.2.16	0x5d92	No error (0)	details-info.co	3.98.135.159	A (IP address)	IN (0x0001)	false
Jan 15, 2025 20:58:19.033529997 CET	1.1.1.1	192.168.2.16	0xfc61	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 15, 2025 20:58:19.033911943 CET	1.1.1.1	192.168.2.16	0x69ab	No error (0)	www.google.com	142.250.184.228	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

details-info.co

https:

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49703	35.183.149.148	80	6892	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 20:58:16.176763058 CET	430	OUT	GET / HTTP/1.1 Host: details-info.co Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 20:58:16.659544945 CET	190	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 15 Jan 2025 19:58:16 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Location: https://details-info.co/
Jan 15, 2025 20:59:01.663748980 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49702	35.183.149.148	80	6892	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 20:59:01.183763981 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49707	3.98.135.159	443	6892	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:58:17 UTC	658	OUT	GET / HTTP/1.1 Host: details-info.co Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:58:17 UTC	290	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 19:58:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1913 Connection: close X-Request-Id: 8f47dbc3-9de3-44aa-86bd-a3b42c7656d9 X-Runtime: 0.001306 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-15 19:58:17 UTC	1913	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 7c 20 4b 6e 6f 77 42 65 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 Data Ascii: <html><head> <meta name="viewport" content="width=device-width,initial-scale=1.0"> <link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet"> <title>404 page not found \| KnowBe4</title> <style type="text/css"> body {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49708	3.98.135.159	443	6892	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:58:18 UTC	590	OUT	GET /img/404-stu.png HTTP/1.1 Host: details-info.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://details-info.co/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:58:18 UTC	242	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:58:18 GMT Content-Type: image/png Content-Length: 24351 Connection: close Last-Modified: Wed, 15 Jan 2025 18:54:44 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-15 19:58:18 UTC	16142	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 03 8c 08 06 00 00 00 f7 fe 8e b2 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 20 00 49 44 41 54 78 9c ed dd 7d 70 1c e7 7d 27 f8 2f 5e 08 80 20 48 40 16 49 83 74 4c f4 5c 86 34 29 c9 27 be c8 39 cb 5e 8a 50 f6 52 d6 cb ee 5a 52 6d c2 f3 ad f7 44 95 22 ef 25 a9 8b a9 ba ba 72 ce 4e ce 74 c5 ca ae ef ae 4a 54 76 93 3a 2b ab 88 da 55 ca ab db 94 28 df 9e 28 79 f7 12 0d c5 38 72 39 e2 8b 56 92 49 8b f0 4e 83 b2 00 18 04 49 80 00 41 10 04 06 f7 c7 cc 00 33 d3 4f cf 74 4f 3f 4f 3f cf d3 fd fd 54 d1 34 1b c0 cc 23 4c cf 77 9e 7e fa f7 3c 4f cb d2 d2 12 88 92 22 eb 64 1e 02 70 b4 f4 cf 77 00 9c 01 90 03 90 1b 72 f3 ae a6 66 91 24 2d 0c 2c 4a 8a ac 93 71 50 0c a8 5e 9f 6f 79 Data Ascii: PNGIHDR,pHYs%%IR$ IDATx}p}'/^ H@ItL\4)'9^PRZRmD"%rNtJTv:+U((y8r9VINIA3OtO?O?T4#Lw~<O"dpwrf$-,JqP^oy
2025-01-15 19:58:18 UTC	8209	IN	Data Raw: ab 30 b0 4c c0 93 52 97 3e dd 0d 68 52 4e 77 03 74 61 60 e9 91 ca a5 41 88 a2 62 60 51 18 83 ba 1b a0 9c 69 eb 80 71 a5 86 2a 0c 2c 3d bc 27 1c 2f 0b 29 b8 d4 de b8 61 60 e9 61 c1 09 67 58 4f 23 ad f8 39 56 85 81 65 0a d3 4e 4c e6 95 c9 78 49 48 b1 72 bd 87 4c 4b 2c 32 d5 90 9b b7 a0 87 ae 06 03 4b 0f 57 77 03 c8 12 1c db ac c2 c0 32 05 cf 4b 1d 6c ac c3 1a d6 dd 00 9d 18 58 7a a4 b6 4b 6f 98 3b 75 37 a0 09 ae ee 06 e8 c4 c0 d2 80 d3 73 28 10 5e 0e 7a 30 b0 4c 61 c7 c9 e9 e8 6e 00 a5 bb 77 ce c0 d2 c7 c6 25 42 1c dd 0d 50 ca b4 2a 77 b1 54 f7 ce 19 58 fa a4 fa c4 a3 00 ec e8 75 c7 8a 81 65 12 93 4e 50 3b 7a 1b 69 94 d3 dd 00 9d 18 58 fa e4 74 37 80 c8 36 0c 2c 22 53 89 3b dc a9 1e 4a 60 60 e9 c3 15 1b 28 b4 34 4f cb 01 18 58 3a a5 fa c4 d3 2d eb 64 b8 3c Data Ascii: 0LR>hRNwta`Ab`Qiq,='/)a`agXO#9VeNLxIHrLK,2KWw2KlXzKo;u7s(^z0Lanw%BPwTXueNP;ziXt76,"S;J``(4OX:-d<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49710	35.183.149.148	443	6892	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:58:18 UTC	354	OUT	GET /img/404-stu.png HTTP/1.1 Host: details-info.co Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:58:19 UTC	242	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:58:19 GMT Content-Type: image/png Content-Length: 24351 Connection: close Last-Modified: Wed, 15 Jan 2025 18:54:44 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-15 19:58:19 UTC	16142	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 03 8c 08 06 00 00 00 f7 fe 8e b2 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 20 00 49 44 41 54 78 9c ed dd 7d 70 1c e7 7d 27 f8 2f 5e 08 80 20 48 40 16 49 83 74 4c f4 5c 86 34 29 c9 27 be c8 39 cb 5e 8a 50 f6 52 d6 cb ee 5a 52 6d c2 f3 ad f7 44 95 22 ef 25 a9 8b a9 ba ba 72 ce 4e ce 74 c5 ca ae ef ae 4a 54 76 93 3a 2b ab 88 da 55 ca ab db 94 28 df 9e 28 79 f7 12 0d c5 38 72 39 e2 8b 56 92 49 8b f0 4e 83 b2 00 18 04 49 80 00 41 10 04 06 f7 c7 cc 00 33 d3 4f cf 74 4f 3f 4f 3f cf d3 fd fd 54 d1 34 1b c0 cc 23 4c cf 77 9e 7e fa f7 3c 4f cb d2 d2 12 88 92 22 eb 64 1e 02 70 b4 f4 cf 77 00 9c 01 90 03 90 1b 72 f3 ae a6 66 91 24 2d 0c 2c 4a 8a ac 93 71 50 0c a8 5e 9f 6f 79 Data Ascii: PNGIHDR,pHYs%%IR$ IDATx}p}'/^ H@ItL\4)'9^PRZRmD"%rNtJTv:+U((y8r9VINIA3OtO?O?T4#Lw~<O"dpwrf$-,JqP^oy
2025-01-15 19:58:19 UTC	8209	IN	Data Raw: ab 30 b0 4c c0 93 52 97 3e dd 0d 68 52 4e 77 03 74 61 60 e9 91 ca a5 41 88 a2 62 60 51 18 83 ba 1b a0 9c 69 eb 80 71 a5 86 2a 0c 2c 3d bc 27 1c 2f 0b 29 b8 d4 de b8 61 60 e9 61 c1 09 67 58 4f 23 ad f8 39 56 85 81 65 0a d3 4e 4c e6 95 c9 78 49 48 b1 72 bd 87 4c 4b 2c 32 d5 90 9b b7 a0 87 ae 06 03 4b 0f 57 77 03 c8 12 1c db ac c2 c0 32 05 cf 4b 1d 6c ac c3 1a d6 dd 00 9d 18 58 7a a4 b6 4b 6f 98 3b 75 37 a0 09 ae ee 06 e8 c4 c0 d2 80 d3 73 28 10 5e 0e 7a 30 b0 4c 61 c7 c9 e9 e8 6e 00 a5 bb 77 ce c0 d2 c7 c6 25 42 1c dd 0d 50 ca b4 2a 77 b1 54 f7 ce 19 58 fa a4 fa c4 a3 00 ec e8 75 c7 8a 81 65 12 93 4e 50 3b 7a 1b 69 94 d3 dd 00 9d 18 58 fa e4 74 37 80 c8 36 0c 2c 22 53 89 3b dc a9 1e 4a 60 60 e9 c3 15 1b 28 b4 34 4f cb 01 18 58 3a a5 fa c4 d3 2d eb 64 b8 3c Data Ascii: 0LR>hRNwta`Ab`Qiq,='/)a`agXO#9VeNLxIHrLK,2KWw2KlXzKo;u7s(^z0Lanw%BPwTXueNP;ziXt76,"S;J``(4OX:-d<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49713	3.98.135.159	443	6892	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:58:19 UTC	586	OUT	GET /favicon.ico HTTP/1.1 Host: details-info.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://details-info.co/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:58:19 UTC	253	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:58:19 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Wed, 15 Jan 2025 19:11:36 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49715	35.183.149.148	443	6892	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:58:19 UTC	350	OUT	GET /favicon.ico HTTP/1.1 Host: details-info.co Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:58:19 UTC	253	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:58:19 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Wed, 15 Jan 2025 19:11:36 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49719	3.98.135.159	443	6892	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:58:29 UTC	700	OUT	GET / HTTP/1.1 Host: details-info.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://details-info.co/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:58:29 UTC	290	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 19:58:29 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1913 Connection: close X-Request-Id: 358d24c0-c0fd-4a31-962e-f2612d6688d4 X-Runtime: 0.001766 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-15 19:58:29 UTC	1913	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 7c 20 4b 6e 6f 77 42 65 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 Data Ascii: <html><head> <meta name="viewport" content="width=device-width,initial-scale=1.0"> <link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet"> <title>404 page not found \| KnowBe4</title> <style type="text/css"> body {

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2676, Parent PID: 5772

General

Target ID:	0
Start time:	14:58:10
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6892, Parent PID: 2676

General

Target ID:	1
Start time:	14:58:13
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1928,i,15281617247249934630,14256075965283467518,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6680, Parent PID: 5772

General

Target ID:	3
Start time:	14:58:15
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://details-info.co"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://details-info.co

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2676, Parent PID: 5772

General

Chronological Activities

Windows Analysis Report
http://details-info.co