Edit tour

Windows Analysis Report
http://page-viollation-aplly.github.io/now

Overview

General Information

Sample URL:	http://page-viollation-aplly.github.io/now
Analysis ID:	1447571
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,8868200296273628324,7872673174342659994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://page-viollation-aplly.github.io/now" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://page-viollation-aplly.github.io/now	Avira URL Cloud: detection malicious, Label: phishing
Source: http://page-viollation-aplly.github.io/now	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://page-viollation-aplly.github.io/now

Avira URL Cloud: Label: phishing

Phishing

Phishing site detected (based on favicon image match)

Source: https://page-viollation-aplly.github.io/now/

Matcher: Template: facebook matched with high similarity

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /now HTTP/1.1Host: page-viollation-aplly.github.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /now/ HTTP/1.1Host: page-viollation-aplly.github.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /now HTTP/1.1Host: page-viollation-aplly.github.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: page-viollation-aplly.github.io
Source: global traffic	DNS traffic detected: DNS query: cdn.glitch.global
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_38.2.dr

String found in binary or memory: https://cdn.glitch.global/42ac90ca-66bc-4886-9161-9ce099d273bc/images-fb_icon_325x325.png?v=16968968

Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@17/5@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,8868200296273628324,7872673174342659994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://page-viollation-aplly.github.io/now"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,8868200296273628324,7872673174342659994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://page-viollation-aplly.github.io/now	100%	Avira URL Cloud	phishing
http://page-viollation-aplly.github.io/now	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://page-viollation-aplly.github.io/now	100%	Avira URL Cloud	phishing
https://cdn.glitch.global/42ac90ca-66bc-4886-9161-9ce099d273bc/images-fb_icon_325x325.png?v=16968968	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.185.132	true	false	unknown
page-viollation-aplly.github.io	185.199.110.153	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
cdn.glitch.global	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://page-viollation-aplly.github.io/now	true		unknown
https://page-viollation-aplly.github.io/now	false	Avira URL Cloud: phishing	unknown
https://page-viollation-aplly.github.io/now/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.glitch.global/42ac90ca-66bc-4886-9161-9ce099d273bc/images-fb_icon_325x325.png?v=16968968	chromecache_38.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.199.108.153	unknown	Netherlands	54113	FASTLYUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
185.199.110.153	page-viollation-aplly.github.io	Netherlands	54113	FASTLYUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447571
Start date and time:	2024-05-26 00:42:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://page-viollation-aplly.github.io/now
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@17/5@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.185.110, 74.125.133.84, 34.104.35.123, 151.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.132, 20.114.59.183, 173.222.108.226, 173.222.108.210, 192.229.221.95, 13.85.23.206, 20.242.39.171
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, j.sni.global.fastly.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://page-viollation-aplly.github.io/now

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://page-viollation-aplly.github.io/now/ Model: Perplexity: mixtral-8x7b-instruct	```json { "loginform": false, "reasons": [ "The text does not mention or suggest a login form.", "There is no mention of usernames, passwords, or any other credentials.", "The text only mentions submitting an appeal and clicking a 'Continue' button." ] }
Help Center Your page is breaking our terms and conditions. Here you can submit appeal. Click "Continue" Button. Continue
URL: https://page-viollation-aplly.github.io/now/ Model: gpt-4o	```json { "riskscore": 2, "reasons": "The code prevents the default form submission and redirects to a new URL. While this behavior is not inherently malicious, it could potentially be used in phishing attacks if the redirection URL is not trusted. However, without additional context or evidence of malicious intent, the risk is low." }
document .getElementById("redirectForm") .addEventListener("submit", function(e) { e.preventDefault(); // Prevent the default form submission // Perform the redirection to the desired URL window.location.href = "next.html"; // Replace with your desired URL });
URL: https://page-viollation-aplly.github.io/now/ Model: gpt-4o	```json { "riskscore": 6, "reasons": "The code prevents the default behavior of the context menu and certain key combinations (Shift+I, Shift+C, Ctrl+I, Ctrl+C). This is often used to hinder users from inspecting the page or copying content, which can be indicative of malicious intent or an attempt to obfuscate the site's functionality." }
document.addEventListener("contextmenu", function(e) { e.preventDefault(); }); document.addEventListener("keydown", function(e) { // Check if the "i" or "c" key is pressed with Shift or Ctrl if ( (e.key === "i" \|\| e.key === "c" \|\| e.keyCode === 73 \|\| e.keyCode === 67) && (e.shiftKey \|\| e.ctrlKey) ) { e.preventDefault(); } });

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 38

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5599
Entropy (8bit):	4.21826281952032
Encrypted:	false
SSDEEP:	96:gxz7o+elS55J69EyoZ183txytJxznV6lqdT7aLRu:Iz715r69toT83txytJxzEkWRu
MD5:	D1AD5327DDF3085AFD76B79128098088
SHA1:	207B08E7A96D67649CF0CDD949B51DFEA4027A97
SHA-256:	ABE8A1304DC1C1AD73F384285246D7E986B1EB915AE50EE3738C9AB597905F9D
SHA-512:	0933EE4815F3571968B7DC5A3FCF07E7605C75677AD3E1C2BD5CE9F753596D89DA1236D96EBE7206588762D4705D1ADEDD8288848DF9BF93C895359237D6B1D7
Malicious:	false
Reputation:	low
URL:	https://page-viollation-aplly.github.io/now/
Preview:	<!DOCTYPE html>.<html lang="en">..<head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <title>Help Center</title>. <link rel="icon" href="https://cdn.glitch.global/42ac90ca-66bc-4886-9161-9ce099d273bc/images-fb_icon_325x325.png?v=1696896812321" type="image/png" />. <script type="text/javascript">. document.addEventListener("contextmenu", function(e) {. e.preventDefault();. });.. document.addEventListener("keydown", function(e) {. // Check if the "i" or "c" key is pressed with Shift or Ctrl. if (. (e.key === "i" \|\|. e.key === "c" \|\|. e.keyCode === 73 \|\|. e.keyCode === 67) &&. (e.shiftKey \|\| e.ctrlKey). ) {. e.preventDefault();. }. });. </script>. <style>. /* New theme styles */.. body {. background-color:

Chrome Cache Entry: 39

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 325 x 325, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2613
Entropy (8bit):	7.823619583443315
Encrypted:	false
SSDEEP:	48:360+PSuMWUVwqvMXetTXsFYRGPCm8W1Qg/Z24+A0BXv:abpqlToZjc4+7
MD5:	1B070534EB1AB6195F4FC7118DFC8BE5
SHA1:	80A0EF7683FBFF7BC75DEBE7CD439483D7A2F735
SHA-256:	BC40D55FD8796C2BBD2693FD3FC4EB4EBDCA9D6B02EB12B7E3EFA7E53D4AAEB3
SHA-512:	029195732FD8A256487BA200BDD58C74FCB071FA02DA77A710375FB817747081015DD52D988BC211231BF79990D9A358196D0F1F1F83150935463A6089CC25CB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...E...E.....L..o....PLTE....w..w.......w..w..w..w..w..w..w..w..w..w.....w..w..w.................................................s...................................c....................&.....C...w.5..`..R..z.B....6tRNS..`...@.P.. 0.....p.................P.@0..L`.........k.5....IDATx^..A.. ..a.#0.BI.....F......'uUu2/....'.F.55........j8..+.`R.r....!1?..]....K..E..Z.B......g]p....,Yh..o.[.4....kqH.f.v...M....a....j.Qh&....<c..O1.1.n!....M4..`.&..@Go..ZC....j..P..i%.r.u!.q'.>>'_...s.8z&..c$...c4{.A.......12F....Y'.j..Z...ct,t.....Si.C+C.f....+.cV.F.w.oLe..`..O.`^2PD.x..<c..G.B0..3zD ....O...w...lD....h....x.c=\.R.aE-..kRc.m.}..%..B.s..P7..M~Y....o......._..........n.(......S..n..m..p3.......\...7U..........s`.7^V...c=L.......~8.....^.w.. ....Z9..x.4v.......2S....,.f..`c8~.K.QQT.......e..4S....H...?.v........./R.PTm..y.!.(.2...,.GE.>.....U..\|{.*y).<....$.)n........z.T%8 2T.UP..._.z..{7.......h'...b..,.Y.....k..d.....p..0..d.X...'

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 325 x 325, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2613
Entropy (8bit):	7.823619583443315
Encrypted:	false
SSDEEP:	48:360+PSuMWUVwqvMXetTXsFYRGPCm8W1Qg/Z24+A0BXv:abpqlToZjc4+7
MD5:	1B070534EB1AB6195F4FC7118DFC8BE5
SHA1:	80A0EF7683FBFF7BC75DEBE7CD439483D7A2F735
SHA-256:	BC40D55FD8796C2BBD2693FD3FC4EB4EBDCA9D6B02EB12B7E3EFA7E53D4AAEB3
SHA-512:	029195732FD8A256487BA200BDD58C74FCB071FA02DA77A710375FB817747081015DD52D988BC211231BF79990D9A358196D0F1F1F83150935463A6089CC25CB
Malicious:	false
Reputation:	low
URL:	https://cdn.glitch.global/42ac90ca-66bc-4886-9161-9ce099d273bc/images-fb_icon_325x325.png?v=1696896812321
Preview:	.PNG........IHDR...E...E.....L..o....PLTE....w..w.......w..w..w..w..w..w..w..w..w..w.....w..w..w.................................................s...................................c....................&.....C...w.5..`..R..z.B....6tRNS..`...@.P.. 0.....p.................P.@0..L`.........k.5....IDATx^..A.. ..a.#0.BI.....F......'uUu2/....'.F.55........j8..+.`R.r....!1?..]....K..E..Z.B......g]p....,Yh..o.[.4....kqH.f.v...M....a....j.Qh&....<c..O1.1.n!....M4..`.&..@Go..ZC....j..P..i%.r.u!.q'.>>'_...s.8z&..c$...c4{.A.......12F....Y'.j..Z...ct,t.....Si.C+C.f....+.cV.F.w.oLe..`..O.`^2PD.x..<c..G.B0..3zD ....O...w...lD....h....x.c=\.R.aE-..kRc.m.}..%..B.s..P7..M~Y....o......._..........n.(......S..n..m..p3.......\...7U..........s`.7^V...c=L.......~8.....^.w.. ....Z9..x.4v.......2S....,.f..`c8~.K.QQT.......e..4S....H...?.v........./R.PTm..y.!.(.2...,.GE.>.....U..\|{.*y).<....$.)n........z.T%8 2T.UP..._.z..{7.......h'...b..,.Y.....k..d.....p..0..d.X...'

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 26, 2024 00:43:13.263720036 CEST	49675	443	192.168.2.4	173.222.162.32
May 26, 2024 00:43:13.716984034 CEST	49678	443	192.168.2.4	104.46.162.224
May 26, 2024 00:43:22.864825010 CEST	49675	443	192.168.2.4	173.222.162.32
May 26, 2024 00:43:22.893476009 CEST	49735	80	192.168.2.4	185.199.110.153
May 26, 2024 00:43:22.894068956 CEST	49736	80	192.168.2.4	185.199.110.153
May 26, 2024 00:43:22.905179024 CEST	80	49735	185.199.110.153	192.168.2.4
May 26, 2024 00:43:22.905189991 CEST	80	49736	185.199.110.153	192.168.2.4
May 26, 2024 00:43:22.905267954 CEST	49735	80	192.168.2.4	185.199.110.153
May 26, 2024 00:43:22.905373096 CEST	49736	80	192.168.2.4	185.199.110.153
May 26, 2024 00:43:22.905633926 CEST	49735	80	192.168.2.4	185.199.110.153
May 26, 2024 00:43:22.943954945 CEST	80	49735	185.199.110.153	192.168.2.4
May 26, 2024 00:43:23.395344973 CEST	80	49735	185.199.110.153	192.168.2.4
May 26, 2024 00:43:23.417395115 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:23.417418957 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:23.417531013 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:23.417874098 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:23.417885065 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:23.437028885 CEST	49735	80	192.168.2.4	185.199.110.153
May 26, 2024 00:43:23.890782118 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:23.891127110 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:23.891134977 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:23.892180920 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:23.892290115 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:23.893774033 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:23.893835068 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:23.893990993 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:23.893996954 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:23.940109015 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.006860971 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.006954908 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.007023096 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.018831015 CEST	49737	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.018845081 CEST	443	49737	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.022525072 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.022542953 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.022609949 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.023027897 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.023035049 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.533137083 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.577732086 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.630233049 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.630240917 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.630594969 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.677526951 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.689874887 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.689996004 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.690162897 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.734498978 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.799623966 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.805466890 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.805502892 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.805509090 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.805516005 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.805546045 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.807888985 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.807987928 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:24.808022976 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.922868967 CEST	49738	443	192.168.2.4	185.199.108.153
May 26, 2024 00:43:24.922888994 CEST	443	49738	185.199.108.153	192.168.2.4
May 26, 2024 00:43:26.146625996 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:26.146670103 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:26.150461912 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:26.153544903 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:26.153563976 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:26.823220968 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:26.874459982 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:26.897631884 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:26.897663116 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:26.898773909 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:26.898787022 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:26.898845911 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:26.903192043 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:26.903264999 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:26.952600002 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:26.952647924 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:26.999454975 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:27.198761940 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:27.198823929 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:27.198915958 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:27.202388048 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:27.202425003 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:27.869483948 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:27.869596004 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:27.873492956 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:27.873521090 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:27.873773098 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:27.921361923 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.021627903 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.066500902 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.209630966 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.210047960 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.210124969 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.210160017 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.210270882 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.210300922 CEST	443	49747	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.210341930 CEST	49747	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.259042978 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.259087086 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.259160995 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.259517908 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.259536982 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.970262051 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.970347881 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.971672058 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:28.971688986 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.971940041 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:28.973241091 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:29.018497944 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:29.292258024 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:29.292329073 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:29.292387962 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:29.293380022 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:29.293411016 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:29.293431044 CEST	49748	443	192.168.2.4	184.28.90.27
May 26, 2024 00:43:29.293438911 CEST	443	49748	184.28.90.27	192.168.2.4
May 26, 2024 00:43:36.777344942 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:36.777416945 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:43:36.777489901 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:38.414424896 CEST	49743	443	192.168.2.4	142.250.185.132
May 26, 2024 00:43:38.414513111 CEST	443	49743	142.250.185.132	192.168.2.4
May 26, 2024 00:44:07.918751955 CEST	49736	80	192.168.2.4	185.199.110.153
May 26, 2024 00:44:07.924377918 CEST	80	49736	185.199.110.153	192.168.2.4
May 26, 2024 00:44:08.403119087 CEST	49735	80	192.168.2.4	185.199.110.153
May 26, 2024 00:44:08.408431053 CEST	80	49735	185.199.110.153	192.168.2.4
May 26, 2024 00:44:24.404905081 CEST	49736	80	192.168.2.4	185.199.110.153
May 26, 2024 00:44:24.435910940 CEST	80	49736	185.199.110.153	192.168.2.4
May 26, 2024 00:44:24.436039925 CEST	49736	80	192.168.2.4	185.199.110.153
May 26, 2024 00:44:25.699743032 CEST	49757	443	192.168.2.4	142.250.185.132
May 26, 2024 00:44:25.699788094 CEST	443	49757	142.250.185.132	192.168.2.4
May 26, 2024 00:44:25.699974060 CEST	49757	443	192.168.2.4	142.250.185.132
May 26, 2024 00:44:25.700649977 CEST	49757	443	192.168.2.4	142.250.185.132
May 26, 2024 00:44:25.700664997 CEST	443	49757	142.250.185.132	192.168.2.4
May 26, 2024 00:44:26.376405954 CEST	443	49757	142.250.185.132	192.168.2.4
May 26, 2024 00:44:26.389445066 CEST	49757	443	192.168.2.4	142.250.185.132
May 26, 2024 00:44:26.389467955 CEST	443	49757	142.250.185.132	192.168.2.4
May 26, 2024 00:44:26.390366077 CEST	443	49757	142.250.185.132	192.168.2.4
May 26, 2024 00:44:26.409404993 CEST	49757	443	192.168.2.4	142.250.185.132
May 26, 2024 00:44:26.409595013 CEST	443	49757	142.250.185.132	192.168.2.4
May 26, 2024 00:44:26.450139999 CEST	49757	443	192.168.2.4	142.250.185.132
May 26, 2024 00:44:32.669169903 CEST	49724	80	192.168.2.4	199.232.214.172
May 26, 2024 00:44:32.669202089 CEST	49723	80	192.168.2.4	93.184.221.240
May 26, 2024 00:44:32.674874067 CEST	80	49724	199.232.214.172	192.168.2.4
May 26, 2024 00:44:32.674941063 CEST	49724	80	192.168.2.4	199.232.214.172
May 26, 2024 00:44:32.680279970 CEST	80	49723	93.184.221.240	192.168.2.4
May 26, 2024 00:44:32.680341005 CEST	49723	80	192.168.2.4	93.184.221.240
May 26, 2024 00:44:36.319871902 CEST	443	49757	142.250.185.132	192.168.2.4
May 26, 2024 00:44:36.320060968 CEST	443	49757	142.250.185.132	192.168.2.4
May 26, 2024 00:44:36.320111990 CEST	49757	443	192.168.2.4	142.250.185.132
May 26, 2024 00:44:36.614800930 CEST	49757	443	192.168.2.4	142.250.185.132
May 26, 2024 00:44:36.614824057 CEST	443	49757	142.250.185.132	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 26, 2024 00:43:21.729523897 CEST	53	54197	1.1.1.1	192.168.2.4
May 26, 2024 00:43:21.789885998 CEST	53	64145	1.1.1.1	192.168.2.4
May 26, 2024 00:43:22.824733019 CEST	53	49897	1.1.1.1	192.168.2.4
May 26, 2024 00:43:22.878977060 CEST	53709	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:22.879174948 CEST	51927	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:22.890326977 CEST	53	53709	1.1.1.1	192.168.2.4
May 26, 2024 00:43:22.892889977 CEST	53	51927	1.1.1.1	192.168.2.4
May 26, 2024 00:43:23.398336887 CEST	54252	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:23.398591995 CEST	49672	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:23.407712936 CEST	53	54252	1.1.1.1	192.168.2.4
May 26, 2024 00:43:23.416814089 CEST	53	49672	1.1.1.1	192.168.2.4
May 26, 2024 00:43:24.926538944 CEST	49479	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:24.927242041 CEST	52952	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:24.959419012 CEST	53	52952	1.1.1.1	192.168.2.4
May 26, 2024 00:43:25.648083925 CEST	51459	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:25.648778915 CEST	65099	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:25.707669020 CEST	53	65099	1.1.1.1	192.168.2.4
May 26, 2024 00:43:25.707680941 CEST	53	51459	1.1.1.1	192.168.2.4
May 26, 2024 00:43:25.710347891 CEST	64033	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:25.710531950 CEST	62122	53	192.168.2.4	1.1.1.1
May 26, 2024 00:43:25.742595911 CEST	53	62122	1.1.1.1	192.168.2.4
May 26, 2024 00:43:40.220978022 CEST	53	60226	1.1.1.1	192.168.2.4
May 26, 2024 00:43:44.241878033 CEST	138	138	192.168.2.4	192.168.2.255
May 26, 2024 00:43:59.262648106 CEST	53	58528	1.1.1.1	192.168.2.4
May 26, 2024 00:44:21.324126005 CEST	53	55820	1.1.1.1	192.168.2.4
May 26, 2024 00:44:22.241127014 CEST	53	62399	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 26, 2024 00:43:22.878977060 CEST	192.168.2.4	1.1.1.1	0xc3ca	Standard query (0)	page-viollation-aplly.github.io	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:22.879174948 CEST	192.168.2.4	1.1.1.1	0x570c	Standard query (0)	page-viollation-aplly.github.io	65	IN (0x0001)	false
May 26, 2024 00:43:23.398336887 CEST	192.168.2.4	1.1.1.1	0xd5b2	Standard query (0)	page-viollation-aplly.github.io	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:23.398591995 CEST	192.168.2.4	1.1.1.1	0x64fb	Standard query (0)	page-viollation-aplly.github.io	65	IN (0x0001)	false
May 26, 2024 00:43:24.926538944 CEST	192.168.2.4	1.1.1.1	0x1e46	Standard query (0)	cdn.glitch.global	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:24.927242041 CEST	192.168.2.4	1.1.1.1	0x6c80	Standard query (0)	cdn.glitch.global	65	IN (0x0001)	false
May 26, 2024 00:43:25.648083925 CEST	192.168.2.4	1.1.1.1	0x2cf4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:25.648778915 CEST	192.168.2.4	1.1.1.1	0x836	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 26, 2024 00:43:25.710347891 CEST	192.168.2.4	1.1.1.1	0x723f	Standard query (0)	cdn.glitch.global	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:25.710531950 CEST	192.168.2.4	1.1.1.1	0x6f9f	Standard query (0)	cdn.glitch.global	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 26, 2024 00:43:22.890326977 CEST	1.1.1.1	192.168.2.4	0xc3ca	No error (0)	page-viollation-aplly.github.io		185.199.110.153	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:22.890326977 CEST	1.1.1.1	192.168.2.4	0xc3ca	No error (0)	page-viollation-aplly.github.io		185.199.108.153	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:22.890326977 CEST	1.1.1.1	192.168.2.4	0xc3ca	No error (0)	page-viollation-aplly.github.io		185.199.111.153	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:22.890326977 CEST	1.1.1.1	192.168.2.4	0xc3ca	No error (0)	page-viollation-aplly.github.io		185.199.109.153	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:23.407712936 CEST	1.1.1.1	192.168.2.4	0xd5b2	No error (0)	page-viollation-aplly.github.io		185.199.108.153	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:23.407712936 CEST	1.1.1.1	192.168.2.4	0xd5b2	No error (0)	page-viollation-aplly.github.io		185.199.109.153	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:23.407712936 CEST	1.1.1.1	192.168.2.4	0xd5b2	No error (0)	page-viollation-aplly.github.io		185.199.110.153	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:23.407712936 CEST	1.1.1.1	192.168.2.4	0xd5b2	No error (0)	page-viollation-aplly.github.io		185.199.111.153	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:24.937755108 CEST	1.1.1.1	192.168.2.4	0x1e46	No error (0)	cdn.glitch.global	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 26, 2024 00:43:24.959419012 CEST	1.1.1.1	192.168.2.4	0x6c80	No error (0)	cdn.glitch.global	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 26, 2024 00:43:25.707669020 CEST	1.1.1.1	192.168.2.4	0x836	No error (0)	www.google.com			65	IN (0x0001)	false
May 26, 2024 00:43:25.707680941 CEST	1.1.1.1	192.168.2.4	0x2cf4	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:25.731014013 CEST	1.1.1.1	192.168.2.4	0x723f	No error (0)	cdn.glitch.global	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 26, 2024 00:43:25.742595911 CEST	1.1.1.1	192.168.2.4	0x6f9f	No error (0)	cdn.glitch.global	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
May 26, 2024 00:43:37.565429926 CEST	1.1.1.1	192.168.2.4	0xff88	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 26, 2024 00:43:37.565429926 CEST	1.1.1.1	192.168.2.4	0xff88	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 26, 2024 00:43:51.100605965 CEST	1.1.1.1	192.168.2.4	0x6e8c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 26, 2024 00:43:51.100605965 CEST	1.1.1.1	192.168.2.4	0x6e8c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 26, 2024 00:44:14.318974972 CEST	1.1.1.1	192.168.2.4	0x6314	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 26, 2024 00:44:14.318974972 CEST	1.1.1.1	192.168.2.4	0x6314	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 26, 2024 00:44:34.381783009 CEST	1.1.1.1	192.168.2.4	0x3631	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 26, 2024 00:44:34.381783009 CEST	1.1.1.1	192.168.2.4	0x3631	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

page-viollation-aplly.github.io

fs.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	185.199.110.153	80	4340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 26, 2024 00:43:22.905633926 CEST	449	OUT	GET /now HTTP/1.1 Host: page-viollation-aplly.github.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 26, 2024 00:43:23.395344973 CEST	718	IN	HTTP/1.1 301 Moved Permanently Connection: keep-alive Content-Length: 162 Server: GitHub.com Content-Type: text/html permissions-policy: interest-cohort=() Location: https://page-viollation-aplly.github.io/now X-GitHub-Request-Id: 0B36:E3119:BA6604:E5C42C:66526986 Accept-Ranges: bytes Age: 0 Date: Sat, 25 May 2024 22:43:23 GMT Via: 1.1 varnish X-Served-By: cache-nyc-kteb1890028-NYC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1716677003.339919,VS0,VE12 Vary: Accept-Encoding X-Fastly-Request-ID: 449baea638df563387dd665c7b48b19cfdacceb4 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
May 26, 2024 00:44:08.403119087 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	185.199.110.153	80	4340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 26, 2024 00:44:07.918751955 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	185.199.108.153	443	4340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-25 22:43:23 UTC	677	OUT	GET /now HTTP/1.1 Host: page-viollation-aplly.github.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-25 22:43:24 UTC	553	IN	HTTP/1.1 301 Moved Permanently Connection: close Content-Length: 162 Server: GitHub.com Content-Type: text/html permissions-policy: interest-cohort=() Location: https://page-viollation-aplly.github.io/now/ X-GitHub-Request-Id: 7B90:184484:BCEAB8:E84965:66526982 Accept-Ranges: bytes Age: 0 Date: Sat, 25 May 2024 22:43:23 GMT Via: 1.1 varnish X-Served-By: cache-nyc-kteb1890086-NYC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1716677004.955313,VS0,VE11 Vary: Accept-Encoding X-Fastly-Request-ID: fa6b26c8798aaba1cccfcd631881950dc3f79a2b
2024-05-25 22:43:24 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	185.199.108.153	443	4340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-25 22:43:24 UTC	678	OUT	GET /now/ HTTP/1.1 Host: page-viollation-aplly.github.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-25 22:43:24 UTC	726	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5599 Server: GitHub.com Content-Type: text/html; charset=utf-8 permissions-policy: interest-cohort=() Last-Modified: Sun, 14 Apr 2024 11:07:38 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "661bb8fa-15df" expires: Sat, 25 May 2024 22:53:24 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: 6B9E:119D76:AEC8DE:DA27C6:6652698C Accept-Ranges: bytes Age: 0 Date: Sat, 25 May 2024 22:43:24 GMT Via: 1.1 varnish X-Served-By: cache-ewr18145-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1716677005.746637,VS0,VE14 Vary: Accept-Encoding X-Fastly-Request-ID: 99ca848b6b60dc25bb31b88600e7f330f38959a8
2024-05-25 22:43:24 UTC	1378	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 65 6c 70 20 43 65 6e 74 65 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 67 6c 69 74 63 68 2e 67 6c 6f 62 61 6c 2f 34 32 61 63 39 30 63 61 2d 36 36 62 63 2d 34 38 38 36 2d 39 31 36 31 2d Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Help Center</title> <link rel="icon" href="https://cdn.glitch.global/42ac90ca-66bc-4886-9161-
2024-05-25 22:43:24 UTC	1378	IN	Data Raw: 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 20 52 65 71 75 69 72 65 64 20 66 6f 72 20 72 65 6c 61 74 69 76 65 20 70 6f 73 69 74 69 6f 6e 69 6e 67 20 6f 66 20 74 68 65 20 69 6d 61 67 65 20 61 6e 64 20 74 65 78 74 20 2a 2f 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 31 38 37 37 66 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 20 46 61 63 65 62 6f 6f 6b Data Ascii: justify-content: center; height: 100vh; position: relative; /* Required for relative positioning of the image and text / } .button { background-color: #1877f2; / Facebook
2024-05-25 22:43:24 UTC	1378	IN	Data Raw: 65 6e 74 65 72 22 20 74 65 78 74 20 2a 2f 0a 0a 20 20 20 20 20 20 20 20 2e 68 65 6c 70 2d 63 65 6e 74 65 72 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 20 41 64 6a 75 73 74 20 74 68 65 20 66 6f 6e 74 20 73 69 7a 65 20 61 73 20 6e 65 65 64 65 64 20 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 20 53 75 70 65 72 20 62 6f 6c 64 20 74 65 78 74 20 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 20 57 68 69 74 65 20 74 65 78 74 20 63 6f 6c 6f 72 20 2a 2f 0a 20 20 20 20 20 20 20 20 Data Ascii: enter" text / .help-center-text { font-size: 36px; / Adjust the font size as needed / font-weight: bold; / Super bold text / color: #fff; / White text color */
2024-05-25 22:43:24 UTC	1378	IN	Data Raw: 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 70 6c 2d 36 20 70 78 2d 32 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6d 74 2d 39 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 78 2d 33 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 66 6f 6e 74 20 74 65 78 74 2d 67 72 61 79 2d 37 30 30 20 73 68 61 64 6f 77 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 6d 74 2d 32 20 66 6f 6e 74 2d 65 78 74 72 61 6c 69 67 68 74 22 3e 0a 20 20 20 20 20 20 20 20 20 Data Ascii: ss="flex justify-center items-center pl-6 px-28"> <div class="flex mt-9"></div> <div class="mx-3"> <p class="font text-gray-700 shadow-transparent mt-2 font-extralight">
2024-05-25 22:43:24 UTC	87	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: }); </script> </div> </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49747	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-25 22:43:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-25 22:43:28 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=62806 Date: Sat, 25 May 2024 22:43:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49748	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-25 22:43:28 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-25 22:43:29 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=62741 Date: Sat, 25 May 2024 22:43:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-25 22:43:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1780, Parent PID: 352

General

Target ID:	0
Start time:	18:43:16
Start date:	25/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4340, Parent PID: 1780

General

Target ID:	2
Start time:	18:43:19
Start date:	25/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,8868200296273628324,7872673174342659994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6496, Parent PID: 352

General

Target ID:	3
Start time:	18:43:21
Start date:	25/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://page-viollation-aplly.github.io/now"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://page-viollation-aplly.github.io/now

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 38

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1780, Parent PID: 352

General

Chronological Activities

Analysis Process: chrome.exePID: 4340, Parent PID: 1780

General

Chronological Activities

Analysis Process: chrome.exePID: 6496, Parent PID: 352

General

Chronological Activities

Windows Analysis Report
http://page-viollation-aplly.github.io/now