Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

Overview

General Information

Sample URL:	https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open
Analysis ID:	1426611
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Form action URLs do not match main URL

HTML body contains low number of good links

HTML title does not match URL

Phishing site detected (based on OCR NLP Model)

Suspicious form URL found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 1596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1932,i,12740020987256167153,12744585785083975267,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_44	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_44, type: DROPPED

Source: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

HTTP Parser: Form action: https://wearned.com/outstandingi.php clickup-attachments wearned

Source: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

HTTP Parser: Number of links: 0

Source: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

HTTP Parser: Title: Our Organisation Fax Portal.xls does not match URL

Source: Chrome DOM: 0.0

ML Model on OCR Text: Matched 84.7% probability on "VERIFY YOUR IDENTITY The attached FNS PROOF OF PAYMENT protected by Microsoft. Enter your office365 E-mail and Password to opem Email E mail Password OPEN FNB PAYMENT HERE "

Source: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

HTTP Parser: Form action: https://wearned.com/outstandingi.php

Source: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

HTTP Parser: <input type="password" .../> found

Source: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

HTTP Parser: No favicon

Source: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

HTTP Parser: No <meta name="author".. found

Source: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open HTTP/1.1Host: t9015570267.p.clickup-attachments.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/images/index_Form1_bkgrnd.png HTTP/1.1Host: t9015570267.p.clickup-attachments.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=openAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: t9015570267.p.clickup-attachments.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=openAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: t9015570267.p.clickup-attachments.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closex-amz-request-id: MM088SA3FAPQP51Px-amz-id-2: viPvPXaeKfIknAVfAkOYZrgbZngoWfD6Uz/Sd/SWcA0S2gsISg03NVzUcAF1Tu3yD3lpILdKwxBnq6oloYB/Bg==Date: Tue, 16 Apr 2024 09:40:34 GMTServer: AmazonS3X-Cache: Error from cloudfrontVia: 1.1 83e647ac155b0cf3a9869914f5de36a4.cloudfront.net (CloudFront)X-Amz-Cf-Pop: IAD55-P5Alt-Svc: h3=":443"; ma=86400X-Amz-Cf-Id: BM2wmJwnu_juocgF1BOOS3OhAyD89S918vkmdrhOZtLWVRfxNPiXBA==
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 11Connection: closeServer: CloudFrontDate: Tue, 16 Apr 2024 09:40:35 GMTContent-Encoding: UTF-8X-Cache: LambdaGeneratedResponse from cloudfrontVia: 1.1 ddf6879aa6c2007b075baebb295e9494.cloudfront.net (CloudFront)X-Amz-Cf-Pop: IAD55-P5Alt-Svc: h3=":443"; ma=86400X-Amz-Cf-Id: Xn3hq40EjxCweZ3xVM0vl-_WueqtdHnsrAvQTMR48fegWOaxTJ0OPA==

Source: chromecache_44.2.dr

String found in binary or memory: https://wearned.com/outstandingi.php

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/8@4/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1932,i,12740020987256167153,12744585785083975267,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1932,i,12740020987256167153,12744585785083975267,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://wearned.com/outstandingi.php	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
t9015570267.p.clickup-attachments.com	18.154.227.128	true	false		unknown
www.google.com	172.217.215.99	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/images/index_Form1_bkgrnd.png	false		unknown
https://t9015570267.p.clickup-attachments.com/favicon.ico	false		unknown
https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wearned.com/outstandingi.php	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.215.99	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
18.154.227.128	t9015570267.p.clickup-attachments.com	United States		16509	AMAZON-02US	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1426611
Start date and time:	2024-04-16 11:39:42 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@16/8@4/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.185.94, 142.250.9.84, 64.233.176.139, 64.233.176.113, 64.233.176.101, 64.233.176.100, 64.233.176.138, 64.233.176.102, 34.104.35.123, 172.253.124.95, 142.250.9.95, 64.233.185.95, 74.125.136.95, 172.217.215.95, 142.251.15.95, 108.177.122.95, 64.233.177.95, 74.125.138.95, 142.250.105.95, 173.194.219.95, 64.233.176.95, 20.114.59.183, 23.0.175.18, 23.0.175.74, 192.229.211.108, 20.242.39.171, 20.3.187.198
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 43

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	11
Entropy (8bit):	3.277613436819116
Encrypted:	false
SSDEEP:	3:qIJMbn:q0u
MD5:	BB14EF202AD6261D349CB77373E4F624
SHA1:	631AEA0DFF1E8CC345F8C4B0F5BD7D87E27CEF1A
SHA-256:	955B9161C1A285BECF9CA2ACF5ED7915615540AAE7980C36CF0AB8DF51B90CB6
SHA-512:	D94A7E1F438DA0FD45EDCFDEF463460C05C1F20F89795EDDCFD4DC280C5A1AE7E9FC7888DD679DDDF33628D0939B1B2FE5FFCDF134B5F37AB28D1C600AB192C5
Malicious:	false
Reputation:	low
URL:	https://t9015570267.p.clickup-attachments.com/favicon.ico
Preview:	Invalid uri

Chrome Cache Entry: 44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	230254
Entropy (8bit):	5.6687137726258445
Encrypted:	false
SSDEEP:	6144:F7MT2b/jDg1K0nF51pqcBOyRrEAGLVGpkUl6JE:7brc1K0F/pq8RrEAV7IE
MD5:	0F2927D6FE347F0FD9E9C18D7E81D5C9
SHA1:	B17804AE32D123DC8B2885C4FD100C13DC7C0ADE
SHA-256:	7207BFF6D06BB521174795585BC052E0D2E3B316CB4AA1DF438209CAE76A22DD
SHA-512:	DF486369CA4A87608C41D1844BC269F1D6A0ECA877CBE1147F5C9EECB0305888C65475800D87D852A15884CCAA35522B303FA8C48B7008178FD93F650D28A5A9
Malicious:	false
Reputation:	low
URL:	https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open
Preview:	<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Our Organisation Fax Portal.xls</title><meta name="generator" content="WYSIWYG Web Builder 10 - http://www.wysiwygwebbuilder.com"><style>body a{color:#00F;text-decoration:underline}a:visited{color:#800080}a:active{color:#F00}a:hover{color:#00F;text-decoration:underline}h1{font-family:Arial;font-size:32px;font-weight:bold;font-style:normal;text-decoration:none;color:#000;background-color:transparent;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px;display:inline}h2{font-family:Arial;font-size:27px;font-weight:bold;font-style:normal;text-decoration:none;color:#000;background-color:transparent;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px;display:inline}h3{font-family:Arial;font-size:24px;font-weight:normal;font-style:normal;text-decoration:none;color:#000;background-color:transparent;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px;display:inline}h4{font-family:Arial;font-size:21px;font-weight:normal;font-

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	60
Entropy (8bit):	4.898068512058837
Encrypted:	false
SSDEEP:	3:suX0sAa8AwJoC8CX3KaBnaZhR:suX0sA5tf8CXdRazR
MD5:	6A35230A31CB04DE6AECC3A971B78EE8
SHA1:	4BA184CA44AED61E67779CB842B84756DA8E456B
SHA-256:	F3D28BCE39A2BCBF0B1A3C6E33FD0FD7CCEC233FE5E7985EA527671534A46C23
SHA-512:	37C47D6EA61BB1764F8004BBC96645E6333A8946AFDEB1CB358E16AAF7D2E627A866B4EA84EB7E15E317DC0459730BD5B3346061CD14B4ACC23E5894CF0DFFF0
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgkw9F4qGTv14xIFDUpJ3GwSBQ169iXbEgUNbm6HrRIQCT-GfiYSMfiPEgUN76qabQ==?alt=proto
Preview:	Ch8KCw1KSdxsGgQICRgBCgcNevYl2xoACgcNbm6HrRoACgkKBw3vqpptGgA=

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	255
Entropy (8bit):	5.549572561398649
Encrypted:	false
SSDEEP:	6:TMVBd/ZbZjZvKtWRVzjogTs+5qvjJemKvwXrcQEO+Xan:TMHd9BZKtWR2gs/bJvKYXrcQUa
MD5:	91E42A55C49EAB5E49E79DFE816B7A30
SHA1:	98B0951572B6116B2C8941EBE206793AF642B1D7
SHA-256:	91ECB486BC16B38AE65197BA7DD121A8633624BF58E1D8281BDDFBB0DFE71763
SHA-512:	5432E81AF7EA2F7C2B493BB6FE82458FC945F86D4C071173EF5E96755349A5FF6E107AFE396D6266B8AF340AFADED75F3A090D6E4CAF0B30926D92E32A63FD0E
Malicious:	false
Reputation:	low
URL:	https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/images/index_Form1_bkgrnd.png
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>MM088SA3FAPQP51P</RequestId><HostId>viPvPXaeKfIknAVfAkOYZrgbZngoWfD6Uz/Sd/SWcA0S2gsISg03NVzUcAF1Tu3yD3lpILdKwxBnq6oloYB/Bg==</HostId></Error>

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 11:40:24.933959007 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 16, 2024 11:40:25.058953047 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 16, 2024 11:40:33.816112995 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:33.816153049 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:33.816236019 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:33.823827028 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:33.823901892 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:33.823987007 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:33.824027061 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:33.824064016 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:33.836411953 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:33.836479902 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.071233988 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.071732044 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.071760893 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.073410034 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.073502064 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.075475931 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.075562000 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.075705051 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.075714111 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.078598022 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.079926968 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.079956055 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.081424952 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.081512928 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.081904888 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.081981897 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.119937897 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.136008024 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.136035919 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.182262897 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.326951027 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.343054056 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.343084097 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.343131065 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.343225956 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.343225956 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.343225956 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.343259096 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.343275070 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.343306065 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.362509012 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.362571955 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.362596035 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.362616062 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.362633944 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.362633944 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.416842937 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.451251030 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.451261997 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.451420069 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.451440096 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.451504946 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.451519012 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.451534986 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.451566935 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.473712921 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.473731995 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.473769903 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.473787069 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.473805904 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.473822117 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.494645119 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.494657993 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.494707108 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.494724035 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.494765043 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.513972044 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.513992071 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.514023066 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.514030933 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.514050961 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.514071941 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.544475079 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 16, 2024 11:40:34.566699028 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.566713095 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.566761017 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.566768885 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.566812038 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.581532001 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.581547976 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.581597090 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.581603050 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.581646919 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.597599983 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.597619057 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.597656012 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.597661018 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.597697020 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.597706079 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.614850044 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.614870071 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.614906073 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.614911079 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.614949942 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.614969015 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.630131006 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.630146027 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.630188942 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.630197048 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.630218029 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.630228043 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.642860889 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.642882109 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.642929077 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.642935038 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.642963886 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.642971992 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.656405926 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.656419992 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.656470060 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.656476021 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.656512976 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.668889046 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.668903112 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.668951035 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.668957949 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.668992996 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.670878887 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.670953035 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.671000957 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.676604986 CEST	49736	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.676619053 CEST	443	49736	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:34.693062067 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:34.740113974 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.135323048 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.135436058 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.135736942 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.136904955 CEST	49737	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.136962891 CEST	443	49737	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.159548998 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.159601927 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.159821987 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.160224915 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.160269976 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.402744055 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.403269053 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.403301001 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.403779030 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.404171944 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.404349089 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.404355049 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.404376984 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.449404955 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.512727976 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:35.512806892 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:35.512902975 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:35.513195038 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:35.513226032 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:35.653600931 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.653758049 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.653948069 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.672311068 CEST	49740	443	192.168.2.4	18.154.227.128
Apr 16, 2024 11:40:35.672373056 CEST	443	49740	18.154.227.128	192.168.2.4
Apr 16, 2024 11:40:35.733325958 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:35.733697891 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:35.733753920 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:35.735407114 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:35.735619068 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:36.067871094 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:36.068047047 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:36.120054007 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:36.120110035 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:36.136965990 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.137048006 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.137150049 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.146832943 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.146871090 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.166944027 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:36.370620012 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.370846987 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.418999910 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.419044971 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.419523954 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.464700937 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.514041901 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.560117006 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.619579077 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.619646072 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.619748116 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.620570898 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.620609999 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.620644093 CEST	49742	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.620660067 CEST	443	49742	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.721679926 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.721760035 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.723375082 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.723830938 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.723906994 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.940179110 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.940407038 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.941374063 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.941425085 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.941776037 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:36.942807913 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:36.984188080 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:37.147588015 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:37.147671938 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:37.147720098 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:37.148379087 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:37.148403883 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:37.148421049 CEST	49743	443	192.168.2.4	23.55.253.34
Apr 16, 2024 11:40:37.148428917 CEST	443	49743	23.55.253.34	192.168.2.4
Apr 16, 2024 11:40:45.783874035 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:45.783948898 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:40:45.784900904 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:47.310029030 CEST	49741	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:40:47.310091019 CEST	443	49741	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:35.464952946 CEST	49752	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:41:35.465003967 CEST	443	49752	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:35.465109110 CEST	49752	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:41:35.465408087 CEST	49752	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:41:35.465420008 CEST	443	49752	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:35.679297924 CEST	443	49752	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:35.679557085 CEST	49752	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:41:35.679586887 CEST	443	49752	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:35.680036068 CEST	443	49752	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:35.680432081 CEST	49752	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:41:35.680558920 CEST	443	49752	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:35.729712009 CEST	49752	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:41:44.011574984 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 16, 2024 11:41:44.011636972 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 16, 2024 11:41:44.115278959 CEST	80	49723	72.21.81.240	192.168.2.4
Apr 16, 2024 11:41:44.115341902 CEST	80	49724	72.21.81.240	192.168.2.4
Apr 16, 2024 11:41:44.115385056 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 16, 2024 11:41:44.115420103 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 16, 2024 11:41:45.678069115 CEST	443	49752	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:45.678123951 CEST	443	49752	172.217.215.99	192.168.2.4
Apr 16, 2024 11:41:45.678229094 CEST	49752	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:41:47.264380932 CEST	49752	443	192.168.2.4	172.217.215.99
Apr 16, 2024 11:41:47.264413118 CEST	443	49752	172.217.215.99	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 11:40:30.911111116 CEST	53	55534	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:31.045171022 CEST	53	53917	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:31.645807981 CEST	53	53857	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:33.688635111 CEST	61572	53	192.168.2.4	1.1.1.1
Apr 16, 2024 11:40:33.688862085 CEST	63800	53	192.168.2.4	1.1.1.1
Apr 16, 2024 11:40:33.795437098 CEST	53	63800	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:33.796430111 CEST	53	61572	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:34.890561104 CEST	53	56587	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:35.406466961 CEST	52497	53	192.168.2.4	1.1.1.1
Apr 16, 2024 11:40:35.406981945 CEST	59536	53	192.168.2.4	1.1.1.1
Apr 16, 2024 11:40:35.510806084 CEST	53	52497	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:35.511377096 CEST	53	59536	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:48.679440975 CEST	53	64408	1.1.1.1	192.168.2.4
Apr 16, 2024 11:40:55.580501080 CEST	138	138	192.168.2.4	192.168.2.255
Apr 16, 2024 11:41:07.553864002 CEST	53	64574	1.1.1.1	192.168.2.4
Apr 16, 2024 11:41:30.307275057 CEST	53	64761	1.1.1.1	192.168.2.4
Apr 16, 2024 11:41:30.854943037 CEST	53	54714	1.1.1.1	192.168.2.4
Apr 16, 2024 11:41:58.617264986 CEST	53	58389	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 16, 2024 11:40:33.688635111 CEST	192.168.2.4	1.1.1.1	0x288a	Standard query (0)	t9015570267.p.clickup-attachments.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:33.688862085 CEST	192.168.2.4	1.1.1.1	0x5f6	Standard query (0)	t9015570267.p.clickup-attachments.com	65	IN (0x0001)	false
Apr 16, 2024 11:40:35.406466961 CEST	192.168.2.4	1.1.1.1	0x80ea	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:35.406981945 CEST	192.168.2.4	1.1.1.1	0x2acb	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 16, 2024 11:40:33.796430111 CEST	1.1.1.1	192.168.2.4	0x288a	No error (0)	t9015570267.p.clickup-attachments.com		18.154.227.128	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:33.796430111 CEST	1.1.1.1	192.168.2.4	0x288a	No error (0)	t9015570267.p.clickup-attachments.com		18.154.227.100	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:33.796430111 CEST	1.1.1.1	192.168.2.4	0x288a	No error (0)	t9015570267.p.clickup-attachments.com		18.154.227.117	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:33.796430111 CEST	1.1.1.1	192.168.2.4	0x288a	No error (0)	t9015570267.p.clickup-attachments.com		18.154.227.84	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:35.510806084 CEST	1.1.1.1	192.168.2.4	0x80ea	No error (0)	www.google.com		172.217.215.99	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:35.510806084 CEST	1.1.1.1	192.168.2.4	0x80ea	No error (0)	www.google.com		172.217.215.147	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:35.510806084 CEST	1.1.1.1	192.168.2.4	0x80ea	No error (0)	www.google.com		172.217.215.106	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:35.510806084 CEST	1.1.1.1	192.168.2.4	0x80ea	No error (0)	www.google.com		172.217.215.103	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:35.510806084 CEST	1.1.1.1	192.168.2.4	0x80ea	No error (0)	www.google.com		172.217.215.104	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:35.510806084 CEST	1.1.1.1	192.168.2.4	0x80ea	No error (0)	www.google.com		172.217.215.105	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:40:35.511377096 CEST	1.1.1.1	192.168.2.4	0x2acb	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 16, 2024 11:40:48.606833935 CEST	1.1.1.1	192.168.2.4	0x5e49	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:40:48.606833935 CEST	1.1.1.1	192.168.2.4	0x5e49	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:41:01.595751047 CEST	1.1.1.1	192.168.2.4	0x5e6c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:41:01.595751047 CEST	1.1.1.1	192.168.2.4	0x5e6c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:41:22.647269964 CEST	1.1.1.1	192.168.2.4	0xa80d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:41:22.647269964 CEST	1.1.1.1	192.168.2.4	0xa80d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:41:43.897872925 CEST	1.1.1.1	192.168.2.4	0x9ccf	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:41:43.897872925 CEST	1.1.1.1	192.168.2.4	0x9ccf	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t9015570267.p.clickup-attachments.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	18.154.227.128	443	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:40:34 UTC	760	OUT	GET /t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open HTTP/1.1 Host: t9015570267.p.clickup-attachments.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:40:34 UTC	1076	IN	HTTP/1.1 200 OK Content-Type: text/html;charset=UTF-8 Content-Length: 230254 Connection: close x-amz-id-2: Bxs+Xud8h9sQiLApQPyrc809fS72SJ4m+Z/PuMk4wnFzNLzbOhF5wsm4ndP7Y6wBlKUuxHW8tuk= x-amz-request-id: BDWESDV0BG2ZPKBX Date: Tue, 16 Apr 2024 04:48:17 GMT Last-Modified: Mon, 15 Apr 2024 20:09:24 GMT ETag: "0f2927d6fe347f0fd9e9c18d7e81d5c9" x-amz-server-side-encryption: AES256 x-amz-version-id: Sc6e6NefQ689pqbbpXMCmkQVv40i0Wdg Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding Content-Disposition: inline Access-Control-Allow-Headers: Range Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Type X-Content-Type-Options: nosniff cache-control: public, max-age=31536000 content-security-policy: connect-src 'none'; script-src 'none'; object-src 'self'; X-Cache: Hit from cloudfront Via: 1.1 7858d9a710c9f9ade149eac1339a9a6c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD55-P5 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: 69kTOQVmgfdjeDcV68M_0IHxX5cAGDYkWKXOXFWlqROqZHbNdPkGfQ== Age: 17538
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 4f 75 72 20 4f 72 67 61 6e 69 73 61 74 69 6f 6e 20 46 61 78 20 50 6f 72 74 61 6c 2e 78 6c 73 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 57 59 53 49 57 59 47 20 57 65 62 20 42 75 69 6c 64 65 72 20 31 30 20 2d 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 79 73 69 77 79 67 77 65 62 62 75 69 6c 64 65 72 2e 63 6f 6d 22 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 20 61 7b 63 6f 6c 6f 72 3a 23 30 30 46 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Our Organisation Fax Portal.xls</title><meta name="generator" content="WYSIWYG Web Builder 10 - http://www.wysiwygwebbuilder.com"><style>body a{color:#00F;text-decoratio
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 6e 39 4a 58 37 4f 66 68 31 4c 50 51 37 41 79 51 68 57 45 4b 2f 77 41 50 41 4f 42 2f 39 61 76 38 36 2f 45 4c 4d 70 56 73 5a 50 6b 6c 31 5a 2f 59 66 43 47 43 6a 53 77 73 56 4a 61 6e 32 66 5a 32 53 75 79 4b 73 59 4a 34 78 78 6b 31 2b 5a 59 4c 43 31 63 56 58 55 56 72 63 2b 34 78 56 61 6c 68 61 4c 6c 4c 73 64 37 62 57 36 32 46 6d 30 6a 34 55 37 63 38 38 43 76 37 4e 38 44 75 41 38 52 6a 63 66 53 6d 34 58 56 31 30 50 34 73 38 66 38 41 78 45 77 75 57 5a 58 57 68 7a 32 73 6e 31 50 6c 48 34 73 2b 49 76 74 45 38 6c 74 47 2f 77 44 45 56 41 48 65 76 39 77 76 42 58 68 50 2b 79 38 75 70 4f 55 62 61 49 2f 35 78 50 70 4b 38 65 4c 4f 63 33 72 55 36 63 37 33 62 50 53 2f 32 59 76 43 4d 2b 70 36 33 61 58 44 51 6c 67 30 79 74 6e 48 76 58 37 56 6e 2b 49 56 4b 67 34 33 50 79 54 Data Ascii: n9JX7Ofh1LPQ7AyQhWEK/wAPAOB/9av86/ELMpVsZPkl1Z/YfCGCjSwsVJan2fZ2SuyKsYJ4xxk1+ZYLC1cVXUVrc+4xValhaLlLsd7bW62Fm0j4U7c88Cv7N8DuA8RjcfSm4XV10P4s8f8AxEwuWZXWhz2sn1PlH4s+IvtE8ltG/wDEVAHev9wvBXhP+y8upOUbaI/5xPpK8eLOc3rU6c73bPS/2YvCM+p63aXDQlg0ytnHvX7Vn+IVKg43PyT
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 31 67 66 36 30 41 53 30 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 66 4f 50 78 71 31 57 62 54 39 4c 75 58 69 5a 6c 49 6a 4a 77 44 31 34 6f 41 2f 48 50 78 2f 77 44 45 6a 57 6f 39 61 6e 53 4f 57 59 67 54 45 63 4d 66 57 67 44 6f 50 43 6e 78 56 31 61 7a 69 6a 65 57 65 55 59 41 49 4c 73 61 41 50 64 64 4a 2f 61 42 75 6f 49 31 52 70 32 47 77 63 67 Data Ascii: 1gf60AS0AFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAfOPxq1WbT9LuXiZlIjJwD14oA/HPx/wDEjWo9anSOWYgTEcMfWgDoPCnxV1azijeWeUYAILsaAPddJ/aBuoI1Rp2Gwcg
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 35 4c 58 78 49 49 6d 32 35 7a 37 63 38 55 41 65 58 72 46 4c 4a 4b 79 6b 48 6e 72 6e 4f 4b 41 50 4b 66 48 66 68 56 74 51 56 76 33 65 63 6a 6b 45 55 41 65 4a 6e 34 5a 41 76 7a 62 6e 6b 35 34 57 67 42 5a 2f 68 55 4c 69 32 63 43 41 6a 67 6a 37 74 41 48 67 2f 69 4c 34 4d 33 69 36 69 72 52 51 50 74 38 7a 50 43 2b 39 41 48 71 4f 67 66 43 68 31 30 73 4c 4c 41 32 2f 79 38 5a 32 30 41 65 61 65 49 66 67 35 4e 4e 64 4f 46 67 4f Data Ascii: AoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoA5LXxIIm25z7c8UAeXrFLJKykHnrnOKAPKfHfhVtQVv3ecjkEUAeJn4ZAvzbnk54WgBZ/hULi2cCAjgj7tAHg/iL4M3i6irRQPt8zPC+9AHqOgfCh10sLLA2/y8Z20AeaeIfg5NNdOFgO
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 43 67 41 6f 41 4b 41 50 6d 48 34 39 36 31 4e 70 57 6a 33 63 73 4c 45 45 51 73 32 41 63 48 Data Ascii: ACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKACgAoAKAPmH4961NpWj3csLEEQs2AcH
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 46 41 42 51 41 55 41 65 52 2f 45 6a 77 34 64 61 73 70 34 74 6f 66 65 68 48 54 4f 4b 41 50 7a 4b 2b 49 76 37 4e 62 36 33 71 4d 30 34 74 4e 78 4c 6b 6a 35 44 7a 7a 51 42 7a 4f 68 2f 73 74 79 57 65 44 39 6b 49 78 32 43 5a 6f 41 76 36 37 2b 7a 6c 65 50 62 73 69 57 37 2f 64 49 42 32 45 5a 6f 41 38 6b 66 38 41 5a 58 31 43 61 37 4c 47 32 66 62 75 35 77 70 2b 58 6d 67 44 71 62 50 39 6c 36 2b 74 39 72 66 5a 32 34 48 64 54 69 67 Data Ascii: UAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAFABQAUAeR/Ejw4dasp4tofehHTOKAPzK+Iv7Nb63qM04tNxLkj5DzzQBzOh/styWeD9kIx2CZoAv67+zlePbsiW7/dIB2EZoA8kf8AZX1Ca7LG2fbu5wp+XmgDqbP9l6+t9rfZ24HdTig
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 46 35 41 56 33 42 31 50 47 65 44 51 42 6d 58 57 75 32 74 75 4d 4e 49 67 50 58 6b 38 55 41 55 55 38 56 57 4c 48 42 6c 51 66 69 4b 41 4e 4b 4c 57 37 53 58 37 72 6f 52 6e 71 47 6f 41 75 66 32 68 62 67 5a 33 72 6a 31 33 43 67 44 4e 75 50 45 46 6e 42 39 36 56 42 6a 72 38 77 6f 41 69 74 2f 45 6c 6a 63 4d 46 53 5a 44 6e 74 6b 48 4e 41 47 6a 4a 71 6c 76 47 6d 39 6e 54 47 4d 39 61 41 4d 6f 2b 4b 4c 42 58 32 47 5a 4d 35 77 65 52 51 42 71 32 2b 72 57 6c 77 41 55 6b 54 6b 2f 33 71 41 4c 66 32 71 44 2f 6e 6f 76 35 69 67 41 2b 31 51 66 38 39 46 2f 4d 55 41 48 32 71 44 2f 41 4a 36 4c 2b 59 6f 41 44 64 32 34 35 4d 69 2f 6d 4b 41 4b 6b 32 71 32 73 49 4a 61 52 65 50 39 6f 55 41 55 34 39 65 74 5a 48 32 69 52 53 43 63 44 6d 67 44 56 53 37 68 64 64 32 39 52 2b 50 46 41 43 6d Data Ascii: F5AV3B1PGeDQBmXWu2tuMNIgPXk8UAUU8VWLHBlQfiKANKLW7SX7roRnqGoAuf2hbgZ3rj13CgDNuPEFnB96VBjr8woAit/EljcMFSZDntkHNAGjJqlvGm9nTGM9aAMo+KLBX2GZM5weRQBq2+rWlwAUkTk/3qALf2qD/nov5igA+1Qf89F/MUAH2qD/AJ6L+YoADd245Mi/mKAKk2q2sIJaReP9oUAU49etZH2iRSCcDmgDVS7hdd29R+PFACm
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 62 65 4c 59 35 6b 42 6a 75 75 47 48 72 69 67 44 36 73 2b 48 58 67 48 58 34 34 34 7a 4d 6b 77 77 42 6e 63 43 4b 41 4f 31 38 59 2b 43 4e 57 6b 73 57 56 45 6c 4c 62 4d 45 59 4a 7a 51 42 38 6b 61 37 38 4a 66 45 46 31 64 53 4f 73 4d 2f 77 42 34 6b 63 48 46 41 46 66 52 50 68 62 34 6e 73 37 70 48 45 56 77 46 56 67 54 68 54 69 67 44 36 45 74 50 44 2f 69 43 78 30 7a 6c 5a 77 66 4c 7a 7a 6e 6e 69 67 44 35 72 38 65 61 56 34 6f 75 72 75 52 49 52 63 45 62 75 32 63 30 41 63 6c 70 6e 68 54 78 64 45 56 5a 6c 75 53 50 63 6e 4e 41 48 70 4f 6d 65 47 2f 46 45 79 68 57 46 7a 79 4f 52 67 6d 67 44 72 72 48 77 44 34 6c 6b 2b 5a 6b 75 43 43 63 35 4f 37 4e 41 48 6f 2b 69 65 41 64 62 52 52 35 6b 63 77 34 36 45 45 6d 67 43 54 78 44 38 4e 4e 5a 75 72 64 69 6b 55 32 37 62 32 55 6d 67 Data Ascii: beLY5kBjuuGHrigD6s+HXgHX444zMkwwBncCKAO18Y+CNWksWVElLbMEYJzQB8ka78JfEF1dSOsM/wB4kcHFAFfRPhb4ns7pHEVwFVgThTigD6EtPD/iCx0zlZwfLzznnigD5r8eaV4ouruRIRcEbu2c0AclpnhTxdEVZluSPcnNAHpOmeG/FEyhWFzyORgmgDrrHwD4lk+ZkuCCc5O7NAHo+ieAdbRR5kcw46EEmgCTxD8NNZurdikU27b2Umg
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 6a 4a 7a 77 63 30 41 63 78 34 63 38 49 65 4c 63 6b 53 4c 63 6e 4a 36 45 45 6d 67 44 70 39 51 38 48 65 4b 47 6a 59 37 4c 6e 47 4f 77 4e 41 48 6a 75 76 65 47 50 46 6b 54 73 6f 57 34 35 4f 42 6a 50 46 41 47 76 34 49 38 46 2b 4b 4c 69 39 6a 5a 30 75 50 76 5a 35 42 39 61 41 50 71 52 50 41 33 69 41 61 63 46 43 54 6c 76 4c 34 2b 55 34 36 55 41 65 61 58 76 67 50 78 52 39 75 42 56 4a 38 62 38 6e 47 51 50 65 67 44 32 44 77 6c 34 4d 31 34 52 6f 73 79 54 64 4f 68 79 4d 65 31 41 43 2b 4c 2f 68 39 72 4d 6c 75 37 52 78 53 6c 75 53 51 56 4f 4b 41 50 6c 6e 78 4a 38 50 50 46 44 79 4f 71 4a 63 62 53 33 59 47 67 44 48 30 76 34 54 65 4a 35 4a 41 7a 78 58 42 39 79 70 4e 41 48 64 32 33 77 6a 38 51 37 51 57 69 6d 2b 6d 43 42 51 42 30 55 48 77 75 31 32 33 6a 4c 65 54 4e 6b 44 49 Data Ascii: jJzwc0Acx4c8IeLckSLcnJ6EEmgDp9Q8HeKGjY7LnGOwNAHjuveGPFkTsoW45OBjPFAGv4I8F+KLi9jZ0uPvZ5B9aAPqRPA3iAacFCTlvL4+U46UAeaXvgPxR9uBVJ8b8nGQPegD2Dwl4M14RosyTdOhyMe1AC+L/h9rMlu7RxSluSQVOKAPlnxJ8PPFDyOqJcbS3YGgDH0v4TeJ5JAzxXB9ypNAHd23wj8Q7QWim+mCBQB0UHwu123jLeTNkDI
2024-04-16 09:40:34 UTC	16384	IN	Data Raw: 77 44 2f 64 77 44 51 42 30 56 76 2b 7a 76 71 32 33 48 6b 75 44 36 34 50 2b 46 41 46 36 4c 39 6e 6e 56 6c 4f 50 4b 62 38 6a 2f 68 51 42 75 36 50 38 41 64 54 67 75 6c 5a 6f 58 4f 47 42 7a 67 38 55 41 65 35 36 66 38 41 43 4b 36 69 73 52 46 35 54 35 43 59 34 55 30 41 63 4c 65 2f 42 50 55 48 31 41 75 49 6e 41 4c 35 79 46 50 72 51 42 33 38 66 77 67 76 44 70 70 69 4d 54 67 37 4d 66 63 4f 44 78 51 42 38 31 2b 4f 50 32 62 62 37 55 62 74 35 56 67 59 6a 4f 51 51 75 63 30 41 63 35 70 50 37 4e 75 71 32 6a 71 77 67 63 41 48 49 79 43 4b 41 50 6f 62 77 6e 38 47 74 53 74 49 55 55 78 50 75 32 2f 33 53 52 51 42 30 64 37 38 48 74 52 6e 62 69 4b 54 6a 30 48 57 67 44 49 76 2f 67 68 71 45 6c 73 77 38 6c 78 6c 4f 34 36 30 41 65 4c 36 74 2b 7a 74 71 6b 31 78 49 36 77 79 64 63 6a Data Ascii: wD/dwDQB0Vv+zvq23HkuD64P+FAF6L9nnVlOPKb8j/hQBu6P8AdTgulZoXOGBzg8UAe56f8ACK6isRF5T5CY4U0AcLe/BPUH1AuInAL5yFPrQB38fwgvDppiMTg7MfcODxQB81+OP2bb7Ubt5VgYjOQQuc0Ac5pP7Nuq2jqwgcAHIyCKAPobwn8GtStIUUxPu2/3SRQB0d78HtRnbiKTj0HWgDIv/ghqElsw8lxlO460AeL6t+ztqk1xI6wydcj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	18.154.227.128	443	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:40:34 UTC	777	OUT	GET /t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/images/index_Form1_bkgrnd.png HTTP/1.1 Host: t9015570267.p.clickup-attachments.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:40:35 UTC	525	IN	HTTP/1.1 403 Forbidden Content-Type: application/xml Transfer-Encoding: chunked Connection: close x-amz-request-id: MM088SA3FAPQP51P x-amz-id-2: viPvPXaeKfIknAVfAkOYZrgbZngoWfD6Uz/Sd/SWcA0S2gsISg03NVzUcAF1Tu3yD3lpILdKwxBnq6oloYB/Bg== Date: Tue, 16 Apr 2024 09:40:34 GMT Server: AmazonS3 X-Cache: Error from cloudfront Via: 1.1 83e647ac155b0cf3a9869914f5de36a4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD55-P5 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: BM2wmJwnu_juocgF1BOOS3OhAyD89S918vkmdrhOZtLWVRfxNPiXBA==
2024-04-16 09:40:35 UTC	261	IN	Data Raw: 66 66 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4d 4d 30 38 38 53 41 33 46 41 50 51 50 35 31 50 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 76 69 50 76 50 58 61 65 4b 66 49 6b 6e 41 56 66 41 6b 4f 59 5a 72 67 62 5a 6e 67 6f 57 66 44 36 55 7a 2f 53 64 2f 53 57 63 41 30 53 32 67 73 49 53 67 30 33 4e 56 7a 55 63 41 46 31 54 75 33 79 44 33 6c 70 49 4c 64 4b 77 78 42 6e 71 36 6f 6c 6f 59 42 2f 42 67 3d 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 Data Ascii: ff<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>MM088SA3FAPQP51P</RequestId><HostId>viPvPXaeKfIknAVfAkOYZrgbZngoWfD6Uz/Sd/SWcA0S2gsISg03NVzUcAF1Tu3yD3lpILdKwxBnq6oloYB/Bg==</HostId></Er
2024-04-16 09:40:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	18.154.227.128	443	5964	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:40:35 UTC	710	OUT	GET /favicon.ico HTTP/1.1 Host: t9015570267.p.clickup-attachments.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:40:35 UTC	418	IN	HTTP/1.1 404 Not Found Content-Type: text/html Content-Length: 11 Connection: close Server: CloudFront Date: Tue, 16 Apr 2024 09:40:35 GMT Content-Encoding: UTF-8 X-Cache: LambdaGeneratedResponse from cloudfront Via: 1.1 ddf6879aa6c2007b075baebb295e9494.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD55-P5 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: Xn3hq40EjxCweZ3xVM0vl-_WueqtdHnsrAvQTMR48fegWOaxTJ0OPA==
2024-04-16 09:40:35 UTC	11	IN	Data Raw: 49 6e 76 61 6c 69 64 20 75 72 69 Data Ascii: Invalid uri

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	23.55.253.34	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:40:36 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 09:40:36 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=163392 Date: Tue, 16 Apr 2024 09:40:36 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	23.55.253.34	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:40:36 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 09:40:37 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=163390 Date: Tue, 16 Apr 2024 09:40:37 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-16 09:40:37 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1596, Parent PID: 4996

General

Target ID:	0
Start time:	11:40:27
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5964, Parent PID: 1596

General

Target ID:	2
Start time:	11:40:29
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1932,i,12740020987256167153,12744585785083975267,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6532, Parent PID: 4996

General

Target ID:	3
Start time:	11:40:32
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly