Edit tour

Windows Analysis Report
https://famorhope.com/joi/del/kil/jik/lik/invite/

Overview

General Information

Sample URL:	https://famorhope.com/joi/del/kil/jik/lik/invite/
Analysis ID:	1637285
Infos:

Errors URL not reachable

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,6245918793283990329,6254520289639960133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2072 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,6245918793283990329,6254520289639960133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3948 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://famorhope.com/joi/del/kil/jik/lik/invite/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiJo8sBCIWgzQEI6KnOAQj2z84BCIDWzgEIwdjOAQjS4M4BCK/kzgEI4uTOAQiL5c4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: famorhope.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443

Source: classification engine

Classification label: mal48.win@23/2@12/2

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,6245918793283990329,6254520289639960133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2072 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,6245918793283990329,6254520289639960133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3948 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://famorhope.com/joi/del/kil/jik/lik/invite/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,6245918793283990329,6254520289639960133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2072 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,6245918793283990329,6254520289639960133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3948 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://famorhope.com/joi/del/kil/jik/lik/invite/	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Reputation
google.com	142.250.74.206	true	false	high
www.google.com	142.250.184.228	true	false	high
ax-0001.ax-msedge.net	150.171.28.10	true	false	high
famorhope.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.184.228	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637285
Start date and time:	2025-03-13 13:43:53 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://famorhope.com/joi/del/kil/jik/lik/invite/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@23/2@12/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.181.238, 216.58.212.142, 64.233.184.84, 142.250.185.78, 172.217.16.206, 142.250.185.174, 142.250.184.238, 52.165.164.15, 2.17.22.26, 2.17.22.10, 2.17.22.17, 2.17.22.24, 2.17.22.33, 2.17.22.42, 2.17.22.32, 95.101.79.131, 2.17.22.40, 142.250.186.110, 23.60.203.209, 4.245.163.56, 150.171.28.10
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, g.bing.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, redirector.gvt1.com, www.bing.com.edgekey.net, glb.cws.prod.dcat.dsp.trafficmanager.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://famorhope.com/joi/del/kil/jik/lik/invite/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (9299)
Category:	downloaded
Size (bytes):	9305
Entropy (8bit):	5.79202516532408
Encrypted:	false
SSDEEP:	192:Z4qJCN6666ehGHYyJ99F/oEPhk46vjE33a7es7mVUs8YY7TS:zE6666ZrPherCVlc+
MD5:	12A5ACDDC82EAE882967293B13A02E61
SHA1:	F58082FC5BFDC5186117F94973DC3FCF0654F221
SHA-256:	301220FC20CE7F0F473B129F651A0CF9B49BF58AD926520A6231459907F708CF
SHA-512:	CF43D2232673DC0024BE0D928C425DBE3DC5B44A6084AE9F6DFD83C9CFD708FBD78C224A15BD14523F7531A09D4127525AE8299ED26D06FA1CA44501CADA7BED
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
Preview:	)]}'.["",["unclaimed tax refunds irs","grant stuard nfl","white tiger marvel daredevil born again","niantic pok.mon go","spacex nasa astronauts launch delay","chicago bears","severe storms","spacex rocket launch scrubbed"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wMnFiMTE2EjJXaGl0ZSBUaWdlciAoSGVjdG9yIEF5YWxhKSDigJQgRmljdGlvbmFsIGNoYXJhY3RlcjLfDmRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBTGdNQklnQUNFUUVERVFIL3hBQWJBQUFEQVFFQUF3QUFBQUFBQUFBQUFBQUZCZ2NFQXdFQ0NQL0VBRGNRQUFJQkF3SURCQWNGQ1FBQUFBQUFBQUVDQXdRRkVRQVNCaUV4RXlKQmdRY1VNbEZoY1p

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 13:44:37.120031118 CET	49672	443	192.168.2.5	204.79.197.203
Mar 13, 2025 13:44:39.526336908 CET	49672	443	192.168.2.5	204.79.197.203
Mar 13, 2025 13:44:44.463937998 CET	49672	443	192.168.2.5	204.79.197.203
Mar 13, 2025 13:44:46.246700048 CET	49676	443	192.168.2.5	20.189.173.14
Mar 13, 2025 13:44:46.666901112 CET	49676	443	192.168.2.5	20.189.173.14
Mar 13, 2025 13:44:47.354540110 CET	49676	443	192.168.2.5	20.189.173.14
Mar 13, 2025 13:44:48.557420015 CET	49676	443	192.168.2.5	20.189.173.14
Mar 13, 2025 13:44:50.963968039 CET	49676	443	192.168.2.5	20.189.173.14
Mar 13, 2025 13:44:52.222733021 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:52.222783089 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:52.222925901 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:52.223254919 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:52.223268032 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:53.928098917 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:53.928422928 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:53.928433895 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:53.929317951 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:53.929375887 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:53.930422068 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:53.930488110 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:53.980273962 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:53.980287075 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:54.027141094 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:54.074007034 CET	49672	443	192.168.2.5	204.79.197.203
Mar 13, 2025 13:44:55.776807070 CET	49676	443	192.168.2.5	20.189.173.14
Mar 13, 2025 13:44:56.205495119 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:56.252330065 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.778450966 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.778511047 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.778532982 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.778554916 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.778579950 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:56.778589964 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.778620958 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:56.778676033 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.778717995 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:56.778723955 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.807971001 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.808171988 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:56.808183908 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.809557915 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:44:56.809611082 CET	443	49721	142.250.184.228	192.168.2.5
Mar 13, 2025 13:44:56.809679985 CET	49721	443	192.168.2.5	142.250.184.228
Mar 13, 2025 13:45:05.398323059 CET	49676	443	192.168.2.5	20.189.173.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 13:44:47.665554047 CET	53	53090	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:47.738535881 CET	53	51878	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:50.900358915 CET	53	54871	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:51.186135054 CET	53	64351	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:52.214984894 CET	63564	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:52.215126038 CET	53374	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:52.221689939 CET	53	63564	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:52.221926928 CET	53	53374	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:53.404702902 CET	55330	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:53.405266047 CET	58556	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:53.417691946 CET	53	58556	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:53.422743082 CET	53	55330	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:53.423433065 CET	57205	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:53.433834076 CET	53	57205	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:53.494604111 CET	53064	53	192.168.2.5	8.8.8.8
Mar 13, 2025 13:44:53.494841099 CET	51271	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:53.501576900 CET	53	51271	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:53.502029896 CET	53	53064	8.8.8.8	192.168.2.5
Mar 13, 2025 13:44:54.508388996 CET	60037	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:54.508687973 CET	57492	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:54.518294096 CET	53	60037	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:54.518659115 CET	53	57492	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:59.537422895 CET	55469	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:59.537715912 CET	60715	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:59.548753977 CET	53	55469	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:59.555747986 CET	53	60715	1.1.1.1	192.168.2.5
Mar 13, 2025 13:44:59.556339025 CET	64185	53	192.168.2.5	1.1.1.1
Mar 13, 2025 13:44:59.563575029 CET	53	64185	1.1.1.1	192.168.2.5
Mar 13, 2025 13:45:08.260998964 CET	53	61117	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2025 13:44:52.214984894 CET	192.168.2.5	1.1.1.1	0x32b8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:52.215126038 CET	192.168.2.5	1.1.1.1	0x2c01	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 13, 2025 13:44:53.404702902 CET	192.168.2.5	1.1.1.1	0x452c	Standard query (0)	famorhope.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:53.405266047 CET	192.168.2.5	1.1.1.1	0xf19d	Standard query (0)	famorhope.com	65	IN (0x0001)	false
Mar 13, 2025 13:44:53.423433065 CET	192.168.2.5	1.1.1.1	0x2874	Standard query (0)	famorhope.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:53.494604111 CET	192.168.2.5	8.8.8.8	0x3756	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:53.494841099 CET	192.168.2.5	1.1.1.1	0xc61f	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:54.508388996 CET	192.168.2.5	1.1.1.1	0xa236	Standard query (0)	famorhope.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:54.508687973 CET	192.168.2.5	1.1.1.1	0x57d3	Standard query (0)	famorhope.com	65	IN (0x0001)	false
Mar 13, 2025 13:44:59.537422895 CET	192.168.2.5	1.1.1.1	0xace6	Standard query (0)	famorhope.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:59.537715912 CET	192.168.2.5	1.1.1.1	0x4c9a	Standard query (0)	famorhope.com	65	IN (0x0001)	false
Mar 13, 2025 13:44:59.556339025 CET	192.168.2.5	1.1.1.1	0x5ba9	Standard query (0)	famorhope.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 13, 2025 13:44:52.221689939 CET	1.1.1.1	192.168.2.5	0x32b8	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:52.221926928 CET	1.1.1.1	192.168.2.5	0x2c01	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 13, 2025 13:44:53.417691946 CET	1.1.1.1	192.168.2.5	0xf19d	Name error (3)	famorhope.com	none	none	65	IN (0x0001)	false
Mar 13, 2025 13:44:53.422743082 CET	1.1.1.1	192.168.2.5	0x452c	Name error (3)	famorhope.com	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:53.433834076 CET	1.1.1.1	192.168.2.5	0x2874	Name error (3)	famorhope.com	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:53.501576900 CET	1.1.1.1	192.168.2.5	0xc61f	No error (0)	google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:53.502029896 CET	8.8.8.8	192.168.2.5	0x3756	No error (0)	google.com		142.251.37.14	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:54.518294096 CET	1.1.1.1	192.168.2.5	0xa236	Name error (3)	famorhope.com	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:54.518659115 CET	1.1.1.1	192.168.2.5	0x57d3	Name error (3)	famorhope.com	none	none	65	IN (0x0001)	false
Mar 13, 2025 13:44:59.548753977 CET	1.1.1.1	192.168.2.5	0xace6	Name error (3)	famorhope.com	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:44:59.555747986 CET	1.1.1.1	192.168.2.5	0x4c9a	Name error (3)	famorhope.com	none	none	65	IN (0x0001)	false
Mar 13, 2025 13:44:59.563575029 CET	1.1.1.1	192.168.2.5	0x5ba9	Name error (3)	famorhope.com	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:45:00.869173050 CET	1.1.1.1	192.168.2.5	0x175c	No error (0)	g-bing-com.ax-0001.ax-msedge.net	ax-0001.ax-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 13:45:00.869173050 CET	1.1.1.1	192.168.2.5	0x175c	No error (0)	ax-0001.ax-msedge.net		150.171.28.10	A (IP address)	IN (0x0001)	false
Mar 13, 2025 13:45:00.869173050 CET	1.1.1.1	192.168.2.5	0x175c	No error (0)	ax-0001.ax-msedge.net		150.171.27.10	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49721	142.250.184.228	443	6940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 12:44:56 UTC	579	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiJo8sBCIWgzQEI6KnOAQj2z84BCIDWzgEIwdjOAQjS4M4BCK/kzgEI4uTOAQiL5c4B Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 12:44:56 UTC	1303	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 12:44:56 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-l9RTVXg-hWHzSI3AA-5h9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-13 12:44:56 UTC	39	IN	Data Raw: 66 38 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 75 6e 63 6c 61 69 6d 65 64 20 74 61 78 20 72 65 66 75 6e 64 73 20 69 Data Ascii: f89)]}'["",["unclaimed tax refunds i
2025-03-13 12:44:56 UTC	1342	IN	Data Raw: 72 73 22 2c 22 67 72 61 6e 74 20 73 74 75 61 72 64 20 6e 66 6c 22 2c 22 77 68 69 74 65 20 74 69 67 65 72 20 6d 61 72 76 65 6c 20 64 61 72 65 64 65 76 69 6c 20 62 6f 72 6e 20 61 67 61 69 6e 22 2c 22 6e 69 61 6e 74 69 63 20 70 6f 6b c3 a9 6d 6f 6e 20 67 6f 22 2c 22 73 70 61 63 65 78 20 6e 61 73 61 20 61 73 74 72 6f 6e 61 75 74 73 20 6c 61 75 6e 63 68 20 64 65 6c 61 79 22 2c 22 63 68 69 63 61 67 6f 20 62 65 61 72 73 22 2c 22 73 65 76 65 72 65 20 73 74 6f 72 6d 73 22 2c 22 73 70 61 63 65 78 20 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 20 73 63 72 75 62 62 65 64 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 Data Ascii: rs","grant stuard nfl","white tiger marvel daredevil born again","niantic pokmon go","spacex nasa astronauts launch delay","chicago bears","severe storms","spacex rocket launch scrubbed"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"t
2025-03-13 12:44:56 UTC	1342	IN	Data Raw: 49 4f 56 4a 4b 4b 31 68 75 62 33 64 69 65 6e 68 6a 4d 47 46 48 54 7a 68 56 62 54 64 6a 62 31 6c 48 5a 33 70 75 53 6a 55 30 4e 7a 4a 30 62 48 59 30 54 58 52 30 51 6c 4a 30 4d 6d 4e 72 61 48 6f 7a 61 56 70 6e 63 7a 4a 55 4e 7a 6c 36 53 6d 39 59 5a 58 42 4c 4d 6a 41 77 54 58 4d 31 59 55 35 73 63 46 5a 4e 61 6b 70 44 54 55 46 34 5a 30 52 6b 5a 32 4d 72 57 55 4a 43 4e 57 52 6d 55 47 78 4c 63 6a 56 33 61 46 68 79 64 31 68 31 54 58 5a 54 51 6d 4e 68 61 54 6c 51 59 55 78 4f 56 6b 39 56 63 47 34 79 56 6b 35 59 64 54 56 7a 4c 31 42 31 62 30 4a 35 51 55 49 31 52 54 52 36 4b 32 52 78 63 7a 64 4e 4f 58 42 76 62 6d 52 70 65 6b 35 55 65 47 78 74 53 6a 56 72 4e 31 4a 78 51 56 5a 6d 51 7a 6c 43 51 6c 63 77 52 6c 52 68 61 54 68 6d 63 6b 56 6a 5a 46 4a 4b 64 47 78 4d 61 57 Data Ascii: IOVJKK1hub3dienhjMGFHTzhVbTdjb1lHZ3puSjU0NzJ0bHY0TXR0QlJ0MmNraHozaVpnczJUNzl6Sm9YZXBLMjAwTXM1YU5scFZNakpDTUF4Z0RkZ2MrWUJCNWRmUGxLcjV3aFhyd1h1TXZTQmNhaTlQYUxOVk9VcG4yVk5YdTVzL1B1b0J5QUI1RTR6K2RxczdNOXBvbmRpek5UeGxtSjVrN1JxQVZmQzlCQlcwRlRhaThmckVjZFJKdGxMaW
2025-03-13 12:44:56 UTC	1261	IN	Data Raw: 6b 68 52 54 30 31 75 4e 6d 46 59 54 48 52 53 57 46 4e 6c 4d 6c 5a 79 56 32 56 75 62 57 35 72 59 32 56 79 65 45 78 46 4e 45 63 78 51 6e 6c 4b 65 57 4e 6a 61 6d 70 49 57 48 67 72 5a 57 35 78 4e 48 52 4a 64 46 41 35 61 32 70 50 59 32 70 4a 53 48 55 78 4e 48 52 70 65 55 4e 73 65 6b 78 47 4d 6c 52 4e 65 6b 35 7a 4f 54 4a 55 63 46 5a 49 56 45 6c 32 65 56 59 78 63 6c 42 74 4e 6d 49 77 5a 54 68 6a 55 31 5a 6d 59 6b 4e 33 65 6a 52 36 4c 31 68 70 4c 7a 4d 78 56 58 56 49 54 47 52 6c 63 56 42 6f 4e 6b 64 50 4e 6a 42 56 64 45 78 4d 55 6b 35 31 55 58 4d 32 64 48 5a 52 62 6b 70 49 53 57 35 77 4b 30 64 78 56 6e 4a 4f 59 30 45 31 63 45 70 50 65 6c 52 6c 4e 45 64 52 64 6e 59 77 4d 30 4e 5a 4e 7a 68 73 55 30 5a 59 5a 32 46 35 4d 56 5a 30 64 6d 77 76 63 54 56 76 52 45 68 55 Data Ascii: khRT01uNmFYTHRSWFNlMlZyV2VubW5rY2VyeExFNEcxQnlKeWNjampIWHgrZW5xNHRJdFA5a2pPY2pJSHUxNHRpeUNsekxGMlRNek5zOTJUcFZIVEl2eVYxclBtNmIwZThjU1ZmYkN3ejR6L1hpLzMxVXVITGRlcVBoNkdPNjBVdExMUk51UXM2dHZRbkpISW5wK0dxVnJOY0E1cEpPelRlNEdRdnYwM0NZNzhsU0ZYZ2F5MVZ0dmwvcTVvREhU
2025-03-13 12:44:56 UTC	93	IN	Data Raw: 35 37 0d 0a 74 55 6c 70 5a 53 45 56 42 53 47 31 6c 56 32 78 77 5a 32 46 4d 62 45 74 46 56 54 4a 69 57 55 46 43 56 44 5a 42 51 55 52 4b 51 55 4a 74 63 45 46 43 4d 32 70 42 51 55 4e 46 59 6d 39 48 57 55 6c 45 63 48 52 69 57 55 39 4d 52 33 4e 46 4d 6b 46 42 51 55 5a 68 4d 47 0d 0a Data Ascii: 57tUlpZSEVBSG1lV2xwZ2FMbEtFVTJiWUFCVDZBQURKQUJtcEFCM2pBQUNFYm9HWUlEcHRiWU9MR3NFMkFBQUZhMG
2025-03-13 12:44:56 UTC	1342	IN	Data Raw: 31 34 37 39 0d 0a 78 46 55 56 5a 53 53 57 6c 68 56 6c 55 72 4d 57 5a 68 55 30 4a 55 54 31 52 43 53 58 64 52 51 6b 46 4a 4e 46 70 49 64 30 31 76 5a 33 64 68 63 56 4a 58 64 30 4a 4a 56 57 56 52 62 45 5a 73 52 47 46 4c 52 57 56 79 53 30 56 73 54 46 51 33 56 7a 55 7a 4b 32 59 35 4c 7a 4a 34 64 44 67 78 53 6a 64 55 65 46 51 79 4e 7a 6b 72 55 6d 74 72 63 6d 34 7a 4b 79 74 5a 4b 32 67 32 53 6d 56 73 59 54 4d 34 4e 6e 70 5a 63 6a 68 52 56 33 6b 76 57 43 39 33 57 57 4a 4c 65 6e 45 32 4e 79 39 6b 4d 33 68 42 4d 32 4e 51 52 6b 34 76 64 69 39 33 62 6b 6b 35 4f 46 42 4c 57 58 64 4f 64 55 52 56 61 6d 74 42 64 58 64 6a 56 6a 52 69 51 32 4e 59 4e 6d 39 44 5a 56 70 45 51 58 6f 35 52 6b 67 72 65 57 39 6f 55 6b 67 77 57 47 5a 32 51 54 5a 59 65 56 5a 32 56 6b 73 79 61 57 4a Data Ascii: 1479xFUVZSSWlhVlUrMWZhU0JUT1RCSXdRQkFJNFpId01vZ3dhcVJXd0JJVWVRbEZsRGFLRWVyS0VsTFQ3VzUzK2Y5LzJ4dDgxSjdUeFQyNzkrUmtrcm4zKytZK2g2SmVsYTM4NnpZcjhRV3kvWC93WWJLenE2Ny9kM3hBM2NQRk4vdi93bkk5OFBLWXdOdURVamtBdXdjVjRiQ2NYNm9DZVpEQXo5RkgreW9oUkgwWGZ2QTZYeVZ2VksyaWJ
2025-03-13 12:44:56 UTC	1342	IN	Data Raw: 46 4e 4f 43 39 61 56 47 70 31 59 56 46 43 65 6d 34 7a 56 48 68 69 63 58 6c 57 64 47 34 30 63 45 68 33 4e 30 5a 4c 53 47 39 53 51 56 56 70 61 54 42 48 5a 56 70 72 4d 32 52 69 61 7a 67 79 63 45 56 54 4e 57 77 35 54 48 5a 54 51 58 63 30 62 32 35 70 5a 6a 52 51 53 47 56 36 54 6e 41 7a 62 58 63 33 4f 57 31 77 63 48 64 5a 61 47 46 61 4e 30 39 61 52 7a 56 58 65 6b 56 54 4e 6c 56 4e 61 6e 49 34 55 48 4e 33 4f 56 56 52 61 6a 68 56 5a 6b 35 5a 4f 58 4a 51 51 6c 70 69 57 47 64 77 59 6e 6b 35 5a 55 56 48 64 32 31 6b 53 43 73 33 53 31 46 4c 53 6e 64 34 4c 32 78 79 52 48 6f 72 65 6d 68 52 61 33 6c 32 4e 44 67 35 59 57 56 4f 53 6e 6b 35 62 58 68 72 63 7a 6c 73 4b 79 74 36 62 69 39 50 53 47 74 6b 64 33 56 4c 52 32 34 72 4b 7a 49 7a 61 55 6c 4c 56 48 56 6d 55 7a 64 33 63 Data Ascii: FNOC9aVGp1YVFCem4zVHhicXlWdG40cEh3N0ZLSG9SQVVpaTBHZVprM2RiazgycEVTNWw5THZTQXc0b25pZjRQSGV6TnAzbXc3OW1wcHdZaGFaN09aRzVXekVTNlVNanI4UHN3OVVRajhVZk5ZOXJQQlpiWGdwYnk5ZUVHd21kSCs3S1FLSnd4L2xyRHoremhRa3l2NDg5YWVOSnk5bXhrczlsKyt6bi9PSGtkd3VLR24rKzIzaUlLVHVmUzd3c
2025-03-13 12:44:56 UTC	1342	IN	Data Raw: 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 67 76 62 53 38 77 4d 58 6b 7a 64 68 49 4e 52 6d 39 76 64 47 4a 68 62 47 77 67 64 47 56 68 62 54 4c 61 43 32 52 68 64 47 45 36 61 57 31 68 5a 32 55 76 63 47 35 6e 4f 32 4a 68 63 32 55 32 4e 43 78 70 56 6b 4a 50 55 6e 63 77 53 30 64 6e 62 30 46 42 51 55 46 4f 55 31 56 6f 52 56 56 6e 51 55 46 42 52 55 46 42 51 55 46 42 63 6b 4e 42 54 55 46 42 51 55 51 76 61 45 67 31 4d 55 46 42 51 55 46 77 56 6b 4a 4e 56 6b 56 59 4c 79 38 76 4c 30 6c 50 51 55 31 42 51 55 46 45 53 45 35 42 52 45 64 4c 55 55 52 34 4f 48 5a 4a 55 6b 64 54 63 6b 52 47 55 55 49 31 5a 54 52 45 52 30 78 6e 52 45 46 34 54 57 5a 47 53 58 64 45 54 31 5a 55 63 30 46 42 51 54 4e 46 53 47 64 44 4b 33 59 34 53 48 52 33 54 48 46 32 63 30 78 51 5a Data Ascii: ogle:entityinfo":"CggvbS8wMXkzdhINRm9vdGJhbGwgdGVhbTLaC2RhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBckNBTUFBQUQvaEg1MUFBQUFwVkJNVkVYLy8vL0lPQU1BQUFESE5BREdLUUR4OHZJUkdTckRGUUI1ZTRER0xnREF4TWZGSXdET1ZUc0FBQTNFSGdDK3Y4SHR3THF2c0xQZ
2025-03-13 12:44:56 UTC	1223	IN	Data Raw: 61 44 46 35 63 55 70 73 54 44 64 31 51 54 6c 58 51 6c 64 48 64 46 4a 33 65 58 4a 76 5a 7a 42 4c 63 6c 4a 6b 64 55 70 47 62 32 70 49 52 6e 64 75 5a 31 68 56 62 48 46 6f 52 6b 77 32 51 57 30 72 55 57 56 45 56 55 68 69 57 6d 64 47 54 54 4d 76 63 57 64 4a 55 33 63 33 4d 31 64 75 4c 32 74 68 4e 58 4a 33 4e 31 52 74 53 55 6f 31 62 6b 30 72 51 30 70 54 64 45 6c 73 52 6a 64 70 64 31 46 35 4b 30 68 56 51 33 5a 43 4b 32 68 43 53 6c 42 78 54 57 5a 54 55 45 64 52 4f 55 31 76 4d 6d 67 78 5a 6e 42 71 5a 57 4e 6a 52 48 52 6e 4d 32 4d 7a 61 79 39 70 63 46 46 4f 64 32 51 33 64 57 39 6d 63 56 52 75 61 6a 68 44 52 45 74 77 4d 44 5a 53 52 45 4e 58 52 79 74 48 56 56 56 53 52 56 6c 33 4e 45 63 31 63 6c 64 42 62 6c 56 36 57 58 56 6c 65 6a 67 34 51 54 42 35 4f 47 5a 6e 56 57 4e Data Ascii: aDF5cUpsTDd1QTlXQldHdFJ3eXJvZzBLclJkdUpGb2pIRnduZ1hVbHFoRkw2QW0rUWVEVUhiWmdGTTMvcWdJU3c3M1duL2thNXJ3N1RtSUo1bk0rQ0pTdElsRjdpd1F5K0hVQ3ZCK2hCSlBxTWZTUEdROU1vMmgxZnBqZWNjRHRnM2Mzay9pcFFOd2Q3dW9mcVRuajhDREtwMDZSRENXRytHVVVSRVl3NEc1cldBblV6WXVlejg4QTB5OGZnVWN
2025-03-13 12:44:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	08:44:41
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6b4750000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	08:44:46
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,6245918793283990329,6254520289639960133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2072 /prefetch:3
Imagebase:	0x7ff6b4750000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	08:44:48
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,6245918793283990329,6254520289639960133,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3948 /prefetch:8
Imagebase:	0x7ff6b4750000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	08:44:52
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://famorhope.com/joi/del/kil/jik/lik/invite/"
Imagebase:	0x7ff6b4750000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://famorhope.com/joi/del/kil/jik/lik/invite/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 50

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7112, Parent PID: 1044

General

Chronological Activities

Analysis Process: chrome.exePID: 6940, Parent PID: 7112

General

Chronological Activities

Analysis Process: chrome.exePID: 7496, Parent PID: 7112

General

Chronological Activities

Analysis Process: chrome.exePID: 7736, Parent PID: 1044

General

Chronological Activities

Disassembly

Windows Analysis Report
https://famorhope.com/joi/del/kil/jik/lik/invite/