Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

Overview

General Information

Sample URL:	https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com
Analysis ID:	1432004
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

URL contains potential PII (phishing indication)

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 3164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2460,i,2081689869509495570,9543819679404135293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

HTTP Parser: Number of links: 0

Source: https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

HTTP Parser: Title: Webmail :: Welcome to Webmail does not match URL

Source: https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

Sample URL: PII: vxyz@conde.jp.com

Source: https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

HTTP Parser: <input type="password" .../> found

Source: https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

HTTP Parser: No <meta name="author".. found

Source: https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /secure/securehtm/securehtm/?uid=vxyz@conde.jp.com HTTP/1.1Host: farolcontabilidade.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: farolcontabilidade.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/6@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2460,i,2081689869509495570,9543819679404135293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2460,i,2081689869509495570,9543819679404135293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com	0%	Avira URL Cloud	safe
https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.64.196	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false		unknown
farolcontabilidade.com	128.201.75.108	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.64.196	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
128.201.75.108	farolcontabilidade.com	Brazil		266618	MEGAPROVEDOR-SERVICOSDEINTERNETLTDA-MEBR	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432004
Start date and time:	2024-04-26 08:49:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/6@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.217.195, 142.250.217.206, 173.194.216.84, 34.104.35.123, 142.250.217.234, 142.250.64.138, 142.250.217.202, 142.250.217.170, 172.217.2.202, 172.217.3.74, 192.178.50.74, 142.250.64.170, 142.251.35.234, 172.217.165.202, 192.178.50.42, 142.250.189.138, 40.127.169.103, 72.21.81.240, 192.229.211.108, 20.3.187.198, 192.178.50.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ajax.googleapis.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 43

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.208966082694623
Encrypted:	false
SSDEEP:	3:/qoPVinY:yotiY
MD5:	5C541F3EAEB4AFBDFCA528EFDFCBEC1A
SHA1:	36E1348141AD3EB51C19E852F973B838DC71E9E0
SHA-256:	78767F0A7A2976BFA4A0EE77045691CDEE1B0A1285D5B3C5FBE4D3AEB07A6788
SHA-512:	1AF04BCE519212F0DF9B68A0327AD350DB235FDC87797281A4FF8D3A5766A3CF8229CA3B0C59BDD8DE475445560A87F71F21906D1BF7C4D315245676571A55C3
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmFrIhBMmJKIBIFDZK5ObkSBQ2L6Jwp?alt=proto
Preview:	ChIKBw2SuTm5GgAKBw2L6JwpGgA=

Chrome Cache Entry: 44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (20840)
Category:	downloaded
Size (bytes):	36611
Entropy (8bit):	5.988365942761497
Encrypted:	false
SSDEEP:	768:jXP3d2UpE6gycdehT2BpbDTnVVDJDeE4mO8gMlOBl/XoOnqCgdKbqslJoaTrb5ez:LP3oUq6gycdFlvvDJPtsJecHdi
MD5:	81E28D1700786FF3D1B6790DAB08813A
SHA1:	47EE2CF72EB5ABFE901C1FB0FF9E5BF112897C48
SHA-256:	273985F3772D994512F7EC6D597DA6E7E970345D85A6FAB0189E0E8FDA740A05
SHA-512:	5DB494EE01C877C04F97B94EB3D1670A27320CE4C946DA83F716A308ABC07526232E28268971DE818E697BCB6A50A672FD125CD550348B6012E0609DD0FDF755
Malicious:	false
Reputation:	low
URL:	https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" class="js chrome webkit"><meta charset="utf-8"><title>Webmail :: Welcome to Webmail</title><meta name="Robots" content="noindex,nofollow"><meta http-equiv="X-UA-Compatible" content="IE=EDGE"><link rel="index" href="https://webmail.earth-core.jp/?_task=login"><style>body{font-family:"Lucida Grande",Verdana,Arial,Helvetica,sans-serif;margin:8px;background-color:#f6f6f6;color:#000;font-size:12px}input{font-size:12px;font-family:inherit}input[type=password],input[type=text]{border:1px solid #666;color:#333;background-color:#fff}input{color:#000;padding:1px 3px}input.button{height:20px;color:#333;font-size:12px;padding-left:8px;padding-right:8px;background:url(data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAUCAMAAACK2/weAAAAOVBMVEXq6uvp6en4+fn+/f7n5+ft7e78+/v7+/vm5uf9/f75+fno6Onu7e7r6uv09PTx8fH29vbk5OX///9Fl2QFAAAARklEQVR4Xr

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	88145
Entropy (8bit):	5.291106244832159
Encrypted:	false
SSDEEP:	1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe
MD5:	220AFD743D9E9643852E31A135A9F3AE
SHA1:	88523924351BAC0B5D560FE0C5781E2556E7693D
SHA-256:	0925E8AD7BD971391A8B1E98BE8E87A6971919EB5B60C196485941C3C1DF089A
SHA-512:	6E722FCE1E8553BE592B1A741972C7F5B7B0CDAFCE230E9D2D587D20283482881C96660682E4095A5F14DF45A96EC193A9B222030C53B1B7BBE8312B2EAE440D
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Preview:	/! jQuery v3.4.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 08:50:07.730062008 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 26, 2024 08:50:07.917388916 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 08:50:16.226366043 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.226411104 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.226782084 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.226844072 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.226881027 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.226937056 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.227056980 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.227063894 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.227190971 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.227204084 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.713205099 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.713891029 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.715167999 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.715179920 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.715615988 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.715643883 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.716846943 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.716911077 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.717339993 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.717396975 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.719542980 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.719701052 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.719942093 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.720035076 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.720041037 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.720112085 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.774724960 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.774724960 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:16.774734974 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:16.823741913 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.208785057 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.259152889 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.259164095 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.306591034 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.440596104 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.440629959 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.440649033 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.440663099 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.440696001 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.440715075 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.440715075 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.440736055 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.440742016 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.440759897 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.440766096 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.440804958 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.440939903 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.440962076 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.441001892 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.441021919 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.441021919 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.441045046 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.441050053 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.441061974 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.441086054 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.441230059 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.441395044 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.441401958 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.441454887 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.441459894 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.441564083 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:17.441606045 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.472816944 CEST	49738	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:17.472836971 CEST	443	49738	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:18.044086933 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:18.044121981 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:18.044209003 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:18.044698000 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:18.044712067 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:18.386229992 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:18.389699936 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:18.389720917 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:18.391364098 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:18.391545057 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:18.392699957 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:18.392853022 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:18.435007095 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:18.435015917 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:18.482225895 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:18.528976917 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:18.529009104 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:18.529149055 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:18.531718969 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:18.531729937 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:18.791281939 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:18.791352987 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:18.851958036 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:18.851982117 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:18.852353096 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:18.902362108 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.151205063 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.192121029 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.278048038 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.278100967 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.278146982 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.278347969 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.278362989 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.278399944 CEST	49741	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.278404951 CEST	443	49741	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.314429998 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.314507961 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.314587116 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.314959049 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.315018892 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.571368933 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.571576118 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.574974060 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.575026035 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.575288057 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.577297926 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.620191097 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.831722021 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.831805944 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.832082987 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.846560001 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.846560001 CEST	49743	443	192.168.2.4	23.193.120.112
Apr 26, 2024 08:50:19.846621990 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:19.846662045 CEST	443	49743	23.193.120.112	192.168.2.4
Apr 26, 2024 08:50:27.690103054 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:27.690277100 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:27.690337896 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:28.084928989 CEST	49737	443	192.168.2.4	128.201.75.108
Apr 26, 2024 08:50:28.084952116 CEST	443	49737	128.201.75.108	192.168.2.4
Apr 26, 2024 08:50:28.365626097 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:28.365825891 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:50:28.368843079 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:29.960053921 CEST	49740	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:50:29.960081100 CEST	443	49740	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:17.942858934 CEST	49753	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:51:17.942887068 CEST	443	49753	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:17.942950964 CEST	49753	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:51:17.943214893 CEST	49753	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:51:17.943229914 CEST	443	49753	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:18.271689892 CEST	443	49753	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:18.272020102 CEST	49753	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:51:18.272037029 CEST	443	49753	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:18.272505045 CEST	443	49753	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:18.273276091 CEST	49753	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:51:18.273360014 CEST	443	49753	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:18.322335958 CEST	49753	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:51:28.269598961 CEST	443	49753	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:28.269754887 CEST	443	49753	142.250.64.196	192.168.2.4
Apr 26, 2024 08:51:28.269814968 CEST	49753	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:51:29.871921062 CEST	49753	443	192.168.2.4	142.250.64.196
Apr 26, 2024 08:51:29.871951103 CEST	443	49753	142.250.64.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 08:50:13.707820892 CEST	53	63281	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:13.754806995 CEST	53	49749	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:14.584955931 CEST	53	51953	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:15.418004036 CEST	49978	53	192.168.2.4	1.1.1.1
Apr 26, 2024 08:50:15.418129921 CEST	64081	53	192.168.2.4	1.1.1.1
Apr 26, 2024 08:50:16.123630047 CEST	53	64081	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:16.225485086 CEST	53	49978	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:17.609064102 CEST	61128	53	192.168.2.4	1.1.1.1
Apr 26, 2024 08:50:17.609281063 CEST	62608	53	192.168.2.4	1.1.1.1
Apr 26, 2024 08:50:17.611915112 CEST	53	58671	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:17.734419107 CEST	53	61128	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:17.735054016 CEST	53	62608	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:19.238532066 CEST	53	55283	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:32.947175980 CEST	53	55736	1.1.1.1	192.168.2.4
Apr 26, 2024 08:50:38.263834953 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 08:50:51.753212929 CEST	53	54947	1.1.1.1	192.168.2.4
Apr 26, 2024 08:51:13.169987917 CEST	53	64343	1.1.1.1	192.168.2.4
Apr 26, 2024 08:51:14.617449045 CEST	53	53566	1.1.1.1	192.168.2.4
Apr 26, 2024 08:51:41.715852022 CEST	53	53280	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 08:50:15.418004036 CEST	192.168.2.4	1.1.1.1	0x6c98	Standard query (0)	farolcontabilidade.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 08:50:15.418129921 CEST	192.168.2.4	1.1.1.1	0xd46e	Standard query (0)	farolcontabilidade.com	65	IN (0x0001)	false
Apr 26, 2024 08:50:17.609064102 CEST	192.168.2.4	1.1.1.1	0xa449	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 08:50:17.609281063 CEST	192.168.2.4	1.1.1.1	0xc412	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 08:50:16.225485086 CEST	1.1.1.1	192.168.2.4	0x6c98	No error (0)	farolcontabilidade.com		128.201.75.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 08:50:17.734419107 CEST	1.1.1.1	192.168.2.4	0xa449	No error (0)	www.google.com		142.250.64.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 08:50:17.735054016 CEST	1.1.1.1	192.168.2.4	0xc412	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 08:50:32.291431904 CEST	1.1.1.1	192.168.2.4	0xb37e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 08:50:32.291431904 CEST	1.1.1.1	192.168.2.4	0xb37e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 08:50:45.386707067 CEST	1.1.1.1	192.168.2.4	0x69de	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 08:50:45.386707067 CEST	1.1.1.1	192.168.2.4	0x69de	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 08:51:06.841561079 CEST	1.1.1.1	192.168.2.4	0xf8d1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 08:51:06.841561079 CEST	1.1.1.1	192.168.2.4	0xf8d1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 08:51:26.358563900 CEST	1.1.1.1	192.168.2.4	0xe794	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 08:51:26.358563900 CEST	1.1.1.1	192.168.2.4	0xe794	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

farolcontabilidade.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	128.201.75.108	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 06:50:16 UTC	714	OUT	GET /secure/securehtm/securehtm/?uid=vxyz@conde.jp.com HTTP/1.1 Host: farolcontabilidade.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 06:50:17 UTC	321	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 transfer-encoding: chunked date: Fri, 26 Apr 2024 06:50:17 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-26 06:50:17 UTC	6	IN	Data Raw: 38 66 30 33 0d 0a Data Ascii: 8f03
2024-04-26 06:50:17 UTC	16384	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6a 73 20 63 68 72 6f 6d 65 20 77 65 62 6b 69 74 22 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 57 65 62 6d 61 69 6c 20 3a 3a 20 57 65 6c 63 6f 6d 65 20 74 6f 20 57 65 62 6d 61 69 6c 3c 2f 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" class="js chrome webkit"><meta charset="utf-8"><title>Webmail :: Welcome to Webmail</title>
2024-04-26 06:50:17 UTC	16384	IN	Data Raw: 2c 30 78 65 2c 30 78 31 34 29 29 2f 28 30 78 32 35 2a 30 78 64 36 2b 2d 30 78 37 65 32 2b 2d 30 78 31 37 30 37 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 63 36 66 64 35 28 2d 30 78 32 64 2c 30 78 63 2c 30 78 31 2c 2d 30 78 31 36 29 29 2f 28 2d 30 78 31 38 61 65 2b 2d 30 78 31 66 63 30 2b 30 78 33 38 37 34 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 63 66 61 30 37 33 28 30 78 32 65 63 2c 30 78 33 32 65 2c 30 78 33 30 36 2c 30 78 32 66 61 29 29 2f 28 2d 30 78 62 34 31 2b 2d 30 78 32 2a 30 78 31 32 64 39 2b 30 78 33 30 66 61 29 2a 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 63 66 61 30 37 33 28 30 78 33 32 38 2c 30 78 33 31 35 2c 30 78 33 30 65 2c 30 78 32 65 62 29 29 2f 28 30 78 33 66 32 2b 30 78 32 2a 30 78 34 61 39 2b 30 78 34 64 2a 2d 30 78 32 63 29 Data Ascii: ,0xe,0x14))/(0x250xd6+-0x7e2+-0x1707)+-parseInt(_0x3c6fd5(-0x2d,0xc,0x1,-0x16))/(-0x18ae+-0x1fc0+0x3874)+-parseInt(_0xcfa073(0x2ec,0x32e,0x306,0x2fa))/(-0xb41+-0x20x12d9+0x30fa)(-parseInt(_0xcfa073(0x328,0x315,0x30e,0x2eb))/(0x3f2+0x20x4a9+0x4d*-0x2c)
2024-04-26 06:50:17 UTC	3843	IN	Data Raw: 5f 30 78 32 30 61 66 64 66 28 2d 30 78 31 61 66 2c 2d 30 78 31 65 31 2c 2d 30 78 31 65 30 2c 2d 30 78 31 64 30 29 2b 5f 30 78 32 30 61 66 64 66 28 2d 30 78 31 64 31 2c 2d 30 78 32 32 37 2c 2d 30 78 31 66 63 2c 2d 30 78 32 31 37 29 5d 28 5f 30 78 34 34 31 37 66 31 5b 5f 30 78 32 30 61 66 64 66 28 2d 30 78 31 61 65 2c 2d 30 78 31 65 37 2c 2d 30 78 31 63 63 2c 2d 30 78 31 62 65 29 5d 29 5b 27 63 6c 61 73 73 4c 69 73 74 27 5d 5b 5f 30 78 31 33 37 32 33 37 28 30 78 37 63 2c 30 78 36 31 2c 30 78 35 63 2c 30 78 38 38 29 5d 28 5f 30 78 31 33 37 32 33 37 28 30 78 39 35 2c 30 78 63 30 2c 30 78 62 61 2c 30 78 62 30 29 29 2c 64 6f 63 75 6d 65 6e 74 5b 5f 30 78 31 33 37 32 33 37 28 30 78 35 37 2c 30 78 35 37 2c 30 78 38 65 2c 30 78 37 61 29 2b 5f 30 78 31 33 37 32 33 Data Ascii: _0x20afdf(-0x1af,-0x1e1,-0x1e0,-0x1d0)+_0x20afdf(-0x1d1,-0x227,-0x1fc,-0x217)](_0x4417f1[_0x20afdf(-0x1ae,-0x1e7,-0x1cc,-0x1be)])['classList'][_0x137237(0x7c,0x61,0x5c,0x88)](_0x137237(0x95,0xc0,0xba,0xb0)),document[_0x137237(0x57,0x57,0x8e,0x7a)+_0x13723
2024-04-26 06:50:17 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-04-26 06:50:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 06:50:19 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 06:50:19 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=87253 Date: Fri, 26 Apr 2024 06:50:19 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 06:50:19 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 06:50:19 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=87266 Date: Fri, 26 Apr 2024 06:50:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 06:50:19 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3164, Parent PID: 5780

General

Target ID:	0
Start time:	08:50:10
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5476, Parent PID: 3164

General

Target ID:	2
Start time:	08:50:11
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2460,i,2081689869509495570,9543819679404135293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6612, Parent PID: 5780

General

Target ID:	3
Start time:	08:50:14
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://farolcontabilidade.com/secure/securehtm/securehtm/?uid=vxyz@conde.jp.com"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly