Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy

Overview

General Information

Sample URL:https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy
Analysis ID:1587232
Infos:

Detection

Phisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected Phisher

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5336 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 2516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1924,i,17618142120864592884,626483772498086810,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 7140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_43JoeSecurity_Phisher_2Yara detected PhisherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://announce-sign.es/account.intuit.comAvira URL Cloud: Label: malware

    Phishing

    barindex
    Yara detected Phisher
    Source: Yara matchFile source: dropped/chromecache_43, type: DROPPED
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownUDP traffic detected without corresponding DNS query: 20.101.57.9
    Source: unknownUDP traffic detected without corresponding DNS query: 20.101.57.9
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCKLRzQEIitPNAQik1s0BCPTWzQEIp9jNAQj5wNQVGPXJzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /entity/360001472 HTTP/1.1Host: ameyokonet.jpConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://www.google.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /entity/360001472/ HTTP/1.1Host: ameyokonet.jpConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://www.google.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: ameyokonet.jp
    Source: global trafficDNS traffic detected: DNS query: announce-sign.es
    Source: global trafficDNS traffic detected: DNS query: google.com
    Source: chromecache_42.6.drString found in binary or memory: http://ameyokonet.jp/entity/360001472
    Source: chromecache_43.6.drString found in binary or memory: https://announce-sign.es/account.intuit.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: classification engineClassification label: mal56.phis.win@25/4@56/6
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1924,i,17618142120864592884,626483772498086810,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1924,i,17618142120864592884,626483772498086810,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
    Process Injection    		1
    Process Injection    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy0%Avira URL Cloudsafe

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://ameyokonet.jp/entity/3600014720%Avira URL Cloudsafe
    http://ameyokonet.jp/entity/360001472/0%Avira URL Cloudsafe
    https://announce-sign.es/account.intuit.com100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    google.com
    		172.217.18.14
    		truefalse
      		high
      www.google.com
      		142.250.181.228
      		truefalse
        		high
        ameyokonet.jp
        		133.130.72.11
        		truefalse
          		unknown
          announce-sign.es
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://ameyokonet.jp/entity/360001472false
            • Avira URL Cloud: safe
            		unknown
            http://ameyokonet.jp/entity/360001472/false
            • Avira URL Cloud: safe
            		unknown
            https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMyfalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://announce-sign.es/account.intuit.comchromecache_43.6.drfalse
              • Avira URL Cloud: malware
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              133.130.72.11
              		ameyokonet.jpJapan7506INTERQGMOInternetIncJPfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              142.250.181.228
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.8
              192.168.2.7
              192.168.2.4

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1587232
              Start date and time:2025-01-10 01:12:09 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 5s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:15
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal56.phis.win@25/4@56/6
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.184.227, 66.102.1.84, 142.250.186.78, 142.250.184.206, 216.58.206.78, 142.250.181.238, 199.232.210.172, 142.250.185.78, 142.250.185.142, 142.250.186.46, 142.250.185.195, 172.217.16.206, 13.107.246.45, 23.56.254.164, 52.149.20.212
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Chrome Cache Entry: 42

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with very long lines (508)
              Category:downloaded
              Size (bytes):707
              Entropy (8bit):5.415273461691672
              Encrypted:false
              SSDEEP:12:TwI6hYJtuDLp2kdQAw/GoVN/4ZsWLIVo1f4fUGMVRaVZO1zilGquABAtwQMQsb:TMDjdK7VNgJ4ffMVEVZO1zipBAtwQMQ6
              MD5:D4993727A32BE1CA7C776976AACEE36F
              SHA1:6216EB79B4467975994BE4A6586A6E1CC023856E
              SHA-256:A8E066DB2669E877BB6403B29B8D563650E0050B199AEA5A0EE6CB07FE0CC8E0
              SHA-512:67FADD6C6C582B3993BE28EC88A4EAEC45B67F28324CD664CDBB0D33BEC0850EB44463761AFC910F16F5BA5458DDC9C5CD4CFF2AE559ABDB335F62846335D77A
              Malicious:false
              Reputation:low
              URL:https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy
              Preview:<html lang="en"> <head> <meta content="origin" name="referrer"> <script nonce="oKb_cN4csXtW7eCx5l--2w">window.google = {};(function(){.var d=/^\s*(?!javascript:)(?:[\w+.-]+:|[^:/?#]*(?:[/?#]|$))/i;.(this||self).google.navigateTo=function(a,c,b){!/\/.*?[&?]gsc=1/.test(c.location.href)&&a!==c&&a.google?a.google.r&&(a.google.r=0,a=a.location,b=d.test(b)?b:void 0,b!==void 0&&(a.href=b),c.location.replace("about:blank")):c.location.replace(b)};}).call(this);(function(){var redirectUrl='http://ameyokonet.jp/entity/360001472';google.navigateTo(parent,window,redirectUrl);})();</script> <noscript> <meta content="0;url=http://ameyokonet.jp/entity/360001472" http-equiv="refresh"> </noscript> </head> </html>

              Chrome Cache Entry: 43

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text
              Category:downloaded
              Size (bytes):109
              Entropy (8bit):4.570046000062992
              Encrypted:false
              SSDEEP:3:gnkAqRAdu6/GY7voOkADFoHDKtTDRYLn:7AqJm7+mmHg/RYL
              MD5:628FFABDA26BF416093699D4DD44C7FC
              SHA1:1EBCF9CFDA6027DBD8F274341044EB7AD2E62D7B
              SHA-256:6FDD52BE3D5153AAA2B1699A9A4E6C090B20943D99D4CB0660C8768E4F96F36C
              SHA-512:BD3BA2577EC4E10ECEB3CC7010F75B13EC99197A3E9C455240D6F36CF6397E1291917593BF103DA3EA24219C8347AFC40B35860A4F610785661FFF57C8F44494
              Malicious:false
              Reputation:low
              URL:http://ameyokonet.jp/entity/360001472/
              Preview:<script type="text/javascript">window.location.href = "https://announce-sign.es/account.intuit.com"</script>.

              Static File Info

              No static file info

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 10, 2025 01:13:02.058275938 CET49671443192.168.2.7204.79.197.203
              Jan 10, 2025 01:13:05.245767117 CET49674443192.168.2.7104.98.116.138
              Jan 10, 2025 01:13:05.247287989 CET49675443192.168.2.7104.98.116.138
              Jan 10, 2025 01:13:05.417663097 CET49672443192.168.2.7104.98.116.138
              Jan 10, 2025 01:13:06.075589895 CET49677443192.168.2.720.50.201.200
              Jan 10, 2025 01:13:06.449007988 CET49677443192.168.2.720.50.201.200
              Jan 10, 2025 01:13:06.870945930 CET49671443192.168.2.7204.79.197.203
              Jan 10, 2025 01:13:07.198903084 CET49677443192.168.2.720.50.201.200
              Jan 10, 2025 01:13:08.698992014 CET49677443192.168.2.720.50.201.200
              Jan 10, 2025 01:13:11.731178045 CET49677443192.168.2.720.50.201.200
              Jan 10, 2025 01:13:15.042659998 CET49674443192.168.2.7104.98.116.138
              Jan 10, 2025 01:13:15.042678118 CET49675443192.168.2.7104.98.116.138
              Jan 10, 2025 01:13:15.136835098 CET49672443192.168.2.7104.98.116.138
              Jan 10, 2025 01:13:16.480071068 CET49671443192.168.2.7204.79.197.203
              Jan 10, 2025 01:13:17.069539070 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:17.069550037 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:17.069771051 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:17.069972992 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:17.069984913 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:17.438579082 CET44349699104.98.116.138192.168.2.7
              Jan 10, 2025 01:13:17.438704967 CET49699443192.168.2.7104.98.116.138
              Jan 10, 2025 01:13:17.685115099 CET49677443192.168.2.720.50.201.200
              Jan 10, 2025 01:13:17.721776962 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:17.722158909 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:17.722183943 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:17.723197937 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:17.723262072 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:17.727288008 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:17.727402925 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:17.778848886 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:17.778873920 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:17.825731039 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:18.722125053 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:18.767334938 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:18.935628891 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:18.935775995 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:18.935930967 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:18.938213110 CET49724443192.168.2.7142.250.181.228
              Jan 10, 2025 01:13:18.938236952 CET44349724142.250.181.228192.168.2.7
              Jan 10, 2025 01:13:19.747973919 CET4974680192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:19.748430014 CET4974780192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:19.752827883 CET8049746133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:19.752907038 CET4974680192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:19.753087997 CET4974680192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:19.753233910 CET8049747133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:19.753282070 CET4974780192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:19.757839918 CET8049746133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:21.018506050 CET8049746133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:21.018646955 CET8049746133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:21.018707037 CET4974680192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:21.019100904 CET4974680192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:21.021873951 CET4974780192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:21.024590015 CET8049746133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:21.026701927 CET8049747133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:21.682008028 CET8049747133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:21.682158947 CET8049747133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:21.682322979 CET4974780192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:21.683249950 CET4974780192.168.2.7133.130.72.11
              Jan 10, 2025 01:13:21.688057899 CET8049747133.130.72.11192.168.2.7
              Jan 10, 2025 01:13:29.599087954 CET49677443192.168.2.720.50.201.200
              Jan 10, 2025 01:14:17.124619007 CET49982443192.168.2.7142.250.181.228
              Jan 10, 2025 01:14:17.124695063 CET44349982142.250.181.228192.168.2.7
              Jan 10, 2025 01:14:17.124798059 CET49982443192.168.2.7142.250.181.228
              Jan 10, 2025 01:14:17.125097990 CET49982443192.168.2.7142.250.181.228
              Jan 10, 2025 01:14:17.125111103 CET44349982142.250.181.228192.168.2.7
              Jan 10, 2025 01:14:17.780874968 CET44349982142.250.181.228192.168.2.7
              Jan 10, 2025 01:14:17.786437035 CET49982443192.168.2.7142.250.181.228
              Jan 10, 2025 01:14:17.786475897 CET44349982142.250.181.228192.168.2.7
              Jan 10, 2025 01:14:17.786806107 CET44349982142.250.181.228192.168.2.7
              Jan 10, 2025 01:14:17.787187099 CET49982443192.168.2.7142.250.181.228
              Jan 10, 2025 01:14:17.787242889 CET44349982142.250.181.228192.168.2.7
              Jan 10, 2025 01:14:17.829907894 CET49982443192.168.2.7142.250.181.228
              Jan 10, 2025 01:14:27.683217049 CET44349982142.250.181.228192.168.2.7
              Jan 10, 2025 01:14:27.683294058 CET44349982142.250.181.228192.168.2.7
              Jan 10, 2025 01:14:27.683353901 CET49982443192.168.2.7142.250.181.228
              Jan 10, 2025 01:14:28.790430069 CET49982443192.168.2.7142.250.181.228
              Jan 10, 2025 01:14:28.790483952 CET44349982142.250.181.228192.168.2.7

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 10, 2025 01:13:11.898605108 CET123123192.168.2.720.101.57.9
              Jan 10, 2025 01:13:12.077821016 CET12312320.101.57.9192.168.2.7
              Jan 10, 2025 01:13:12.557600021 CET53568261.1.1.1192.168.2.7
              Jan 10, 2025 01:13:12.711265087 CET53599391.1.1.1192.168.2.7
              Jan 10, 2025 01:13:13.490820885 CET123123192.168.2.720.101.57.9
              Jan 10, 2025 01:13:13.702056885 CET12312320.101.57.9192.168.2.7
              Jan 10, 2025 01:13:13.964378119 CET53592511.1.1.1192.168.2.7
              Jan 10, 2025 01:13:17.061407089 CET6446153192.168.2.71.1.1.1
              Jan 10, 2025 01:13:17.061407089 CET6413453192.168.2.71.1.1.1
              Jan 10, 2025 01:13:17.068376064 CET53644611.1.1.1192.168.2.7
              Jan 10, 2025 01:13:17.068517923 CET53641341.1.1.1192.168.2.7
              Jan 10, 2025 01:13:19.021934986 CET6248053192.168.2.71.1.1.1
              Jan 10, 2025 01:13:19.022231102 CET5592753192.168.2.71.1.1.1
              Jan 10, 2025 01:13:19.521883965 CET53559271.1.1.1192.168.2.7
              Jan 10, 2025 01:13:19.747298002 CET53624801.1.1.1192.168.2.7
              Jan 10, 2025 01:13:21.788855076 CET6118853192.168.2.71.1.1.1
              Jan 10, 2025 01:13:21.789108992 CET5915453192.168.2.71.1.1.1
              Jan 10, 2025 01:13:22.807779074 CET5056153192.168.2.71.1.1.1
              Jan 10, 2025 01:13:22.814789057 CET6138253192.168.2.71.1.1.1
              Jan 10, 2025 01:13:24.841718912 CET6054753192.168.2.71.1.1.1
              Jan 10, 2025 01:13:25.858788013 CET6054753192.168.2.71.1.1.1
              Jan 10, 2025 01:13:26.876239061 CET6054753192.168.2.71.1.1.1
              Jan 10, 2025 01:13:28.883861065 CET6054753192.168.2.71.1.1.1
              Jan 10, 2025 01:13:30.884836912 CET53604991.1.1.1192.168.2.7
              Jan 10, 2025 01:13:32.886604071 CET6054753192.168.2.71.1.1.1
              Jan 10, 2025 01:13:36.912513018 CET5671853192.168.2.78.8.8.8
              Jan 10, 2025 01:13:36.913072109 CET5304053192.168.2.71.1.1.1
              Jan 10, 2025 01:13:36.919610977 CET53530401.1.1.1192.168.2.7
              Jan 10, 2025 01:13:36.920886993 CET53567188.8.8.8192.168.2.7
              Jan 10, 2025 01:13:37.930058002 CET6542053192.168.2.71.1.1.1
              Jan 10, 2025 01:13:37.930200100 CET5017853192.168.2.71.1.1.1
              Jan 10, 2025 01:13:38.950364113 CET5794653192.168.2.71.1.1.1
              Jan 10, 2025 01:13:38.950529099 CET5584253192.168.2.71.1.1.1
              Jan 10, 2025 01:13:41.007796049 CET5566853192.168.2.71.1.1.1
              Jan 10, 2025 01:13:42.012913942 CET5566853192.168.2.71.1.1.1
              Jan 10, 2025 01:13:43.013465881 CET5566853192.168.2.71.1.1.1
              Jan 10, 2025 01:13:45.028397083 CET5566853192.168.2.71.1.1.1
              Jan 10, 2025 01:13:49.043140888 CET5566853192.168.2.71.1.1.1
              Jan 10, 2025 01:13:49.779587984 CET53500961.1.1.1192.168.2.7
              Jan 10, 2025 01:13:53.057374954 CET5254753192.168.2.71.1.1.1
              Jan 10, 2025 01:13:53.057921886 CET5130553192.168.2.78.8.8.8
              Jan 10, 2025 01:13:53.065790892 CET53525471.1.1.1192.168.2.7
              Jan 10, 2025 01:13:53.066258907 CET53513058.8.8.8192.168.2.7
              Jan 10, 2025 01:13:56.649139881 CET6067453192.168.2.71.1.1.1
              Jan 10, 2025 01:13:56.649276972 CET5685053192.168.2.71.1.1.1
              Jan 10, 2025 01:13:57.668569088 CET5719453192.168.2.71.1.1.1
              Jan 10, 2025 01:13:57.668761015 CET5697753192.168.2.71.1.1.1
              Jan 10, 2025 01:13:59.701510906 CET5958553192.168.2.71.1.1.1
              Jan 10, 2025 01:14:00.715387106 CET5958553192.168.2.71.1.1.1
              Jan 10, 2025 01:14:01.716077089 CET5958553192.168.2.71.1.1.1
              Jan 10, 2025 01:14:03.717484951 CET5958553192.168.2.71.1.1.1
              Jan 10, 2025 01:14:06.587351084 CET138138192.168.2.7192.168.2.255
              Jan 10, 2025 01:14:07.732006073 CET5958553192.168.2.71.1.1.1
              Jan 10, 2025 01:14:11.746978998 CET6389653192.168.2.71.1.1.1
              Jan 10, 2025 01:14:11.747550964 CET5605153192.168.2.78.8.8.8
              Jan 10, 2025 01:14:11.753658056 CET53638961.1.1.1192.168.2.7
              Jan 10, 2025 01:14:11.754333019 CET53560518.8.8.8192.168.2.7
              Jan 10, 2025 01:14:12.368345022 CET53621791.1.1.1192.168.2.7
              Jan 10, 2025 01:14:12.802311897 CET53541891.1.1.1192.168.2.7
              Jan 10, 2025 01:14:13.280020952 CET6025553192.168.2.71.1.1.1
              Jan 10, 2025 01:14:13.280184984 CET5365253192.168.2.71.1.1.1
              Jan 10, 2025 01:14:14.324928045 CET5067553192.168.2.71.1.1.1
              Jan 10, 2025 01:14:14.325158119 CET5117753192.168.2.71.1.1.1
              Jan 10, 2025 01:14:16.405081034 CET6004153192.168.2.71.1.1.1
              Jan 10, 2025 01:14:17.418426037 CET6004153192.168.2.71.1.1.1
              Jan 10, 2025 01:14:18.463437080 CET6004153192.168.2.71.1.1.1
              Jan 10, 2025 01:14:20.465924025 CET6004153192.168.2.71.1.1.1
              Jan 10, 2025 01:14:24.478830099 CET6004153192.168.2.71.1.1.1
              Jan 10, 2025 01:14:28.508647919 CET5344953192.168.2.71.1.1.1
              Jan 10, 2025 01:14:28.509082079 CET5810453192.168.2.78.8.8.8
              Jan 10, 2025 01:14:28.515446901 CET53534491.1.1.1192.168.2.7
              Jan 10, 2025 01:14:28.515997887 CET53581048.8.8.8192.168.2.7
              Jan 10, 2025 01:14:28.869180918 CET6541353192.168.2.71.1.1.1
              Jan 10, 2025 01:14:28.869345903 CET6092753192.168.2.71.1.1.1
              Jan 10, 2025 01:14:29.895248890 CET5692153192.168.2.71.1.1.1
              Jan 10, 2025 01:14:29.895329952 CET6087453192.168.2.71.1.1.1
              Jan 10, 2025 01:14:31.918082952 CET5957353192.168.2.71.1.1.1
              Jan 10, 2025 01:14:32.932840109 CET5957353192.168.2.71.1.1.1
              Jan 10, 2025 01:14:33.934828997 CET5957353192.168.2.71.1.1.1
              Jan 10, 2025 01:14:35.949870110 CET5957353192.168.2.71.1.1.1

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Jan 10, 2025 01:13:17.061407089 CET192.168.2.71.1.1.10x3221Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:17.061407089 CET192.168.2.71.1.1.10x8619Standard query (0)www.google.com65IN (0x0001)false
              Jan 10, 2025 01:13:19.021934986 CET192.168.2.71.1.1.10xa47cStandard query (0)ameyokonet.jpA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:19.022231102 CET192.168.2.71.1.1.10x1cStandard query (0)ameyokonet.jp65IN (0x0001)false
              Jan 10, 2025 01:13:21.788855076 CET192.168.2.71.1.1.10xfb23Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:21.789108992 CET192.168.2.71.1.1.10x10d1Standard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:13:22.807779074 CET192.168.2.71.1.1.10x82faStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:22.814789057 CET192.168.2.71.1.1.10x3359Standard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:13:24.841718912 CET192.168.2.71.1.1.10x3c66Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:25.858788013 CET192.168.2.71.1.1.10x3c66Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:26.876239061 CET192.168.2.71.1.1.10x3c66Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:28.883861065 CET192.168.2.71.1.1.10x3c66Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:32.886604071 CET192.168.2.71.1.1.10x3c66Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:36.912513018 CET192.168.2.78.8.8.80xd33aStandard query (0)google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:36.913072109 CET192.168.2.71.1.1.10x87daStandard query (0)google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:37.930058002 CET192.168.2.71.1.1.10xfe60Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:37.930200100 CET192.168.2.71.1.1.10xe4c5Standard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:13:38.950364113 CET192.168.2.71.1.1.10x1aeeStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:38.950529099 CET192.168.2.71.1.1.10x9909Standard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:13:41.007796049 CET192.168.2.71.1.1.10xc8a9Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:42.012913942 CET192.168.2.71.1.1.10xc8a9Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:43.013465881 CET192.168.2.71.1.1.10xc8a9Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:45.028397083 CET192.168.2.71.1.1.10xc8a9Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:49.043140888 CET192.168.2.71.1.1.10xc8a9Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:53.057374954 CET192.168.2.71.1.1.10x9986Standard query (0)google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:53.057921886 CET192.168.2.78.8.8.80x3cefStandard query (0)google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:56.649139881 CET192.168.2.71.1.1.10x6fc6Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:56.649276972 CET192.168.2.71.1.1.10x21beStandard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:13:57.668569088 CET192.168.2.71.1.1.10xc94cStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:57.668761015 CET192.168.2.71.1.1.10xcf96Standard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:13:59.701510906 CET192.168.2.71.1.1.10x6f43Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:00.715387106 CET192.168.2.71.1.1.10x6f43Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:01.716077089 CET192.168.2.71.1.1.10x6f43Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:03.717484951 CET192.168.2.71.1.1.10x6f43Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:07.732006073 CET192.168.2.71.1.1.10x6f43Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:11.746978998 CET192.168.2.71.1.1.10x5587Standard query (0)google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:11.747550964 CET192.168.2.78.8.8.80x24fdStandard query (0)google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:13.280020952 CET192.168.2.71.1.1.10x9f78Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:13.280184984 CET192.168.2.71.1.1.10xee3cStandard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:14:14.324928045 CET192.168.2.71.1.1.10xf0a3Standard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:14.325158119 CET192.168.2.71.1.1.10xc804Standard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:14:16.405081034 CET192.168.2.71.1.1.10xc12eStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:17.418426037 CET192.168.2.71.1.1.10xc12eStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:18.463437080 CET192.168.2.71.1.1.10xc12eStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:20.465924025 CET192.168.2.71.1.1.10xc12eStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:24.478830099 CET192.168.2.71.1.1.10xc12eStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:28.508647919 CET192.168.2.71.1.1.10x6cddStandard query (0)google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:28.509082079 CET192.168.2.78.8.8.80x277cStandard query (0)google.comA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:28.869180918 CET192.168.2.71.1.1.10x68dbStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:28.869345903 CET192.168.2.71.1.1.10xc06bStandard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:14:29.895248890 CET192.168.2.71.1.1.10xfb0bStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:29.895329952 CET192.168.2.71.1.1.10x44a4Standard query (0)announce-sign.es65IN (0x0001)false
              Jan 10, 2025 01:14:31.918082952 CET192.168.2.71.1.1.10x158dStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:32.932840109 CET192.168.2.71.1.1.10x158dStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:33.934828997 CET192.168.2.71.1.1.10x158dStandard query (0)announce-sign.esA (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:35.949870110 CET192.168.2.71.1.1.10x158dStandard query (0)announce-sign.esA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 10, 2025 01:13:17.068376064 CET1.1.1.1192.168.2.70x3221No error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:17.068517923 CET1.1.1.1192.168.2.70x8619No error (0)www.google.com65IN (0x0001)false
              Jan 10, 2025 01:13:19.747298002 CET1.1.1.1192.168.2.70xa47cNo error (0)ameyokonet.jp133.130.72.11A (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:36.919610977 CET1.1.1.1192.168.2.70x87daNo error (0)google.com172.217.18.14A (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:36.920886993 CET8.8.8.8192.168.2.70xd33aNo error (0)google.com172.217.168.78A (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:53.065790892 CET1.1.1.1192.168.2.70x9986No error (0)google.com216.58.206.78A (IP address)IN (0x0001)false
              Jan 10, 2025 01:13:53.066258907 CET8.8.8.8192.168.2.70x3cefNo error (0)google.com172.217.168.78A (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:11.753658056 CET1.1.1.1192.168.2.70x5587No error (0)google.com172.217.16.142A (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:11.754333019 CET8.8.8.8192.168.2.70x24fdNo error (0)google.com172.217.168.78A (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:28.515446901 CET1.1.1.1192.168.2.70x6cddNo error (0)google.com172.217.23.110A (IP address)IN (0x0001)false
              Jan 10, 2025 01:14:28.515997887 CET8.8.8.8192.168.2.70x277cNo error (0)google.com172.217.168.78A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • www.google.com
              • https:
                • ameyokonet.jp

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.749746133.130.72.11802516C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Jan 10, 2025 01:13:19.753087997 CET478OUTGET /entity/360001472 HTTP/1.1
              Host: ameyokonet.jp
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Referer: https://www.google.com/
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Jan 10, 2025 01:13:21.018506050 CET475INHTTP/1.1 301 Moved Permanently
              Date: Fri, 10 Jan 2025 00:13:20 GMT
              Server: Apache/2.2.31
              Location: http://ameyokonet.jp/entity/360001472/
              Content-Length: 246
              Connection: close
              Content-Type: text/html; charset=iso-8859-1
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6d 65 79 6f 6b 6f 6e 65 74 2e 6a 70 2f 65 6e 74 69 74 79 2f 33 36 30 30 30 31 34 37 32 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://ameyokonet.jp/entity/360001472/">here</a>.</p></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.749747133.130.72.11802516C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Jan 10, 2025 01:13:21.021873951 CET479OUTGET /entity/360001472/ HTTP/1.1
              Host: ameyokonet.jp
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Referer: https://www.google.com/
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Jan 10, 2025 01:13:21.682008028 CET297INHTTP/1.1 200 OK
              Date: Fri, 10 Jan 2025 00:13:21 GMT
              Server: Apache/2.2.31
              X-Powered-By: PHP/5.5.28
              Connection: close
              Transfer-Encoding: chunked
              Content-Type: text/html
              Data Raw: 36 64 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 22 68 74 74 70 73 3a 2f 2f 61 6e 6e 6f 75 6e 63 65 2d 73 69 67 6e 2e 65 73 2f 61 63 63 6f 75 6e 74 2e 69 6e 74 75 69 74 2e 63 6f 6d 22 3c 2f 73 63 72 69 70 74 3e 0a 0d 0a 30 0d 0a 0d 0a
              Data Ascii: 6d<script type="text/javascript">window.location.href = "https://announce-sign.es/account.intuit.com"</script>0


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.749724142.250.181.2284432516C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-01-10 00:13:18 UTC951OUTGET /url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCKLRzQEIitPNAQik1s0BCPTWzQEIp9jNAQj5wNQVGPXJzQEY642lFw==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-01-10 00:13:18 UTC1404INHTTP/1.1 200 OK
              Date: Fri, 10 Jan 2025 00:13:18 GMT
              Pragma: no-cache
              Expires: Fri, 01 Jan 1990 00:00:00 GMT
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/html; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-oKb_cN4csXtW7eCx5l--2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
              Server: gws
              X-XSS-Protection: 0
              Set-Cookie: NID=520=LZQKc7MTDPqFyTKZ4hUKa_cPsBy8OXJ0UkO-NkqPGpHyMVBUL5PFR-9ZfLmRDspJZHMW9dD9_Jd0ZIR3x_hn6IFYCHmOCpQbbIgl9EueqSkUUs7VaBbYE4KZdADkE7x0GBW5JHSpqvrurs3MJzo_9nx1Sp82_sAGiPvzBIcHkmxG2GayL8jP7EBiqacbAFTXHtIc; expires=Sat, 12-Jul-2025 00:13:18 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-01-10 00:13:18 UTC714INData Raw: 32 63 33 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 20 20 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6f 4b 62 5f 63 4e 34 63 73 58 74 57 37 65 43 78 35 6c 2d 2d 32 77 22 3e 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 64 3d 2f 5e 5c 73 2a 28 3f 21 6a 61 76 61 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 77 2b 2e 2d 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 0a 28 74 68 69 73 7c 7c 73 65 6c 66 29 2e 67 6f 6f 67 6c 65 2e 6e 61 76 69 67 61 74 65 54 6f 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 63 2c 62 29 7b 21 2f 5c 2f
              Data Ascii: 2c3<html lang="en"> <head> <meta content="origin" name="referrer"> <script nonce="oKb_cN4csXtW7eCx5l--2w">window.google = {};(function(){var d=/^\s*(?!javascript:)(?:[\w+.-]+:|[^:/?#]*(?:[/?#]|$))/i;(this||self).google.navigateTo=function(a,c,b){!/\/
              2025-01-10 00:13:18 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:3
              Start time:19:13:05
              Start date:09/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff6c4390000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:6
              Start time:19:13:10
              Start date:09/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1924,i,17618142120864592884,626483772498086810,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff6c4390000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:10
              Start time:19:13:17
              Start date:09/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://ameyokonet.jp/entity/360001472&ved=2ahUKEwjci_7__ueKAxWERqQEHaArJ4UQFnoECBkQAQ&usg=AOvVaw2Q-HRaXM61Y25vKtqSRkMy"
              Imagebase:0x7ff6c4390000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly