Edit tour

Windows Analysis Report
http://API.BEAMBENEFITS.COM

Overview

General Information

Sample URL:	http://API.BEAMBENEFITS.COM
Analysis ID:	1396491
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6640 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1864,i,14242331942881730238,11876666898652434801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3624 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://API.BEAMBENEFITS.COM MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://api.beambenefits.com/

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49725 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.5:49724 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49725 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.beambenefits.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /admin/images/beam_logo_navy.svg HTTP/1.1Host: app.beambenefits.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://api.beambenefits.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: api.beambenefits.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://api.beambenefits.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /admin/images/beam_logo_navy.svg HTTP/1.1Host: app.beambenefits.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: api.beambenefits.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.beambenefits.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Feb 2024 20:30:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closefeature-policy: camera 'none'; microphone 'none'; geolocation 'none';feature-policy: accelerometer 'none'; autoplay 'none'; encrypted-media 'none'; gyroscope 'none';feature-policy: magnetometer 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none';feature-policy: fullscreen *x-xss-protection: 1; mode=blockx-content-type-options: nosniffx-download-options: noopenx-permitted-cross-domain-policies: nonereferrer-policy: strict-origin-when-cross-originx-frame-options: DENYcache-control: no-cachex-request-id: cc15686b6e223426e5e1682f89154755x-runtime: 0.018574vary: OriginStrict-Transport-Security: max-age=15724800; includeSubDomains

Source: chromecache_59.2.dr

String found in binary or memory: https://app.beambenefits.com/admin/images/beam_logo_navy.svg

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.5:49724 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6640_243083378

Jump to behavior

Source: classification engine

Classification label: clean1.win@17/14@16/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1864,i,14242331942881730238,11876666898652434801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://API.BEAMBENEFITS.COM
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1864,i,14242331942881730238,11876666898652434801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://API.BEAMBENEFITS.COM	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://app.beambenefits.com/admin/images/beam_logo_navy.svg	0%	Avira URL Cloud	safe
http://api.beambenefits.com/	0%	Avira URL Cloud	safe
https://api.beambenefits.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
api.beambenefits.com	3.227.174.248	true	false	unknown
accounts.google.com	172.253.63.84	true	false	high
app.beambenefits.com	35.172.198.133	true	false	unknown
www.google.com	142.251.35.164	true	false	high
clients.l.google.com	142.250.65.206	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
windowsupdatebg.s.llnwi.net	69.164.46.128	true	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://api.beambenefits.com/	false	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://app.beambenefits.com/admin/images/beam_logo_navy.svg	false	Avira URL Cloud: safe	unknown
https://api.beambenefits.com/	false		unknown
https://api.beambenefits.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.65.206	clients.l.google.com	United States	15169	GOOGLEUS	false
23.23.11.185	unknown	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.227.174.248	api.beambenefits.com	United States	14618	AMAZON-AESUS	false
172.253.63.84	accounts.google.com	United States	15169	GOOGLEUS	false
35.172.198.133	app.beambenefits.com	United States	14618	AMAZON-AESUS	false
142.251.35.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1396491
Start date and time:	2024-02-21 21:29:34 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://API.BEAMBENEFITS.COM
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@17/14@16/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.72.99, 34.104.35.123, 192.229.211.108, 40.68.123.157, 23.46.156.133, 23.46.156.174, 23.46.156.172, 23.46.156.167, 23.46.156.134, 23.46.156.145, 23.46.156.164, 23.46.156.159, 23.46.156.147, 20.3.187.198, 72.21.81.240, 20.166.126.56, 142.251.40.99, 23.46.156.158, 23.46.156.143, 23.46.156.135, 23.46.156.177, 23.46.156.175, 23.46.156.176
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://API.BEAMBENEFITS.COM

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9774761710624826
Encrypted:	false
SSDEEP:	48:8FudWTSG3HLidAKZdA19ehwiZUklqehAy+3:8FXHt/y
MD5:	9467372CEDAF4F60054670554D5DD4A2
SHA1:	0D65251C88608BED276B50F7B01BD23114D998F8
SHA-256:	4B5972A9121E24CCFAF4818E3DF62F2C04D8EF10E00B1AD8DAEE7E1D90675F2A
SHA-512:	96536F8B0C3C3A3C18193C6A286AD15403CBB61F3AC67DD10F2530A311D9FFFC4A8FFF8485ECC18685B8EEDE9A686E44D0671893ED4236E7615E2BC95A084851
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....x.N..e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IUX.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,F.s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.993328793075595
Encrypted:	false
SSDEEP:	48:82udWTSG3HLidAKZdA1weh/iZUkAQkqehvy+2:82XHH9Qay
MD5:	DCCFF27D42162B03E45EFAF41A99CA58
SHA1:	15CEF94C8196903884FFBF10E0F655371D15E4B5
SHA-256:	9C3DAEEF15D6F6F119697EBE933B34B6CC9375DDBA47951A8EE0338EF24CA09A
SHA-512:	FF6A327CDAA087563D2B6E8C389121CBE6E6ED12C83D6457BD01518D401C8F180FFA17476021B64AEF25874FCED5920B41BE205CF25B9F399F7380B5E095C7C3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......C..e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IUX.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,F.s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.007278904857374
Encrypted:	false
SSDEEP:	48:8xndWTSGsHLidAKZdA14tseh7sFiZUkmgqeh7sZy+BX:8xYHKnby
MD5:	F1CE81D611E8B32281130ADCC6539B2D
SHA1:	2419834433C6B079EA9F78F098B0C4BAD6B68FBA
SHA-256:	9A54469D6C7ABE81E6CF824C4C6D5707FD392F5699DF9EA45B9705B6391BE545
SHA-512:	D0DF4959A251BD7AD4DFCB91B6726CF7E03D393A31AB5BA8A5E783CEDB8290D54D2D32EF2FFDE034F03AD579F2276B4FA07CE2AC8AD03E2AD8CFC67BCFC30973
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IUX.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,F.s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.990738052456772
Encrypted:	false
SSDEEP:	48:8QudWTSG3HLidAKZdA1vehDiZUkwqehTy+R:8QXHkRy
MD5:	A4E508FC1557C4FD8EFE6D096862398F
SHA1:	FF1F4724567CC57234079E876BF75EBAAD5DBB8F
SHA-256:	D4A8F29E8F20775DF62138627BDFA1697E0190171498D3AC8B1127BF6A77C0F4
SHA-512:	3D5272ACE153E2FA065EAAC43C614CCD94C7DC6A1D2A5654B842645AACAD4D002DB7E487D9FDFF42D768BBFB619BFD859FE17690E1F289B97AC1426987EA3982
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....ym?..e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IUX.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,F.s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9808551621259873
Encrypted:	false
SSDEEP:	48:82udWTSG3HLidAKZdA1hehBiZUk1W1qehFy+C:82XHk9ly
MD5:	229ED3BB67A947D92611BE2A6F28EBAD
SHA1:	74EB18AE92AA6D230B80DC4097A1BC20CC87C2F1
SHA-256:	1D4ADE2CA52F3968BBEF70E84E55B3CB0FA5EED4C75305DA7FA8D58626D36C36
SHA-512:	3CD75F71722A03B05397651B7C007C63A9B98121F54EF0962BE1BA85AD06546D886BB0D918905105732BE688CA7807B00D7F1A850895A01D66D9068E1AC713CE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......I..e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IUX.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,F.s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9915393016868443
Encrypted:	false
SSDEEP:	48:87udWTSG3HLidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbby+yT+:87XHKT/TbxWOvTbby7T
MD5:	358F652021996C9821837A5970B2AD9C
SHA1:	A08666FB33F4BA553279F5322F1A2088FED4437F
SHA-256:	9381E6B0E420420A480BB351509126239EE2BEBE3565FA8EC4A0AB0816CD1C73
SHA-512:	D9519427C6D070994F81EBB7BADC07D8ECF3C67971464357DB101304AA7DED20FF691019F8DD7A47E19A4A5E66A74E4347EA2829E1A74DEBF12EF99E18E452A6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....&.7..e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IUX.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,F.s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	9865
Entropy (8bit):	3.9154230679551443
Encrypted:	false
SSDEEP:	192:J3Q/J+mE3gMr9NpO/vfkXZ/N9y1W12dIGOS5V/+lkO8RcFEKv:FQ/S3TN+v8XH9y+gPgkjctv
MD5:	C411B5D4D410DB5976835788BFB48300
SHA1:	8F5FCEF8854732D130EED03F9BE32F7031D3FAF1
SHA-256:	E0083E8B25B0FF25E307BBE4AA8594CAA6BDB871154749F91B2B86A8865F2F81
SHA-512:	9C00E9B861215CC03BA008407A32BCC868F813E87470465B9EBE5D8A050F53EB1407591F546E1AE488FEBB805F9BB579CAE7E3979638A76E61654B9F3880E11A
Malicious:	false
Reputation:	low
URL:	https://app.beambenefits.com/admin/images/beam_logo_navy.svg
Preview:	<svg width="40" height="24" viewBox="0 0 40 24" fill="none" xmlns="http://www.w3.org/2000/svg">.<g clip-path="url(#clip0_622_2813)">.<path d="M28.4223 6.4827C29.0173 6.4827 29.4997 6.0003 29.4997 5.40523C29.4997 4.81016 29.0173 4.32776 28.4223 4.32776C27.8272 4.32776 27.3448 4.81016 27.3448 5.40523C27.3448 6.0003 27.8272 6.4827 28.4223 6.4827Z" fill="#029EE2"/>.<path d="M23.8299 7.02209C24.7226 7.02209 25.4464 6.29818 25.4464 5.40521C25.4464 4.51223 24.7226 3.78833 23.8299 3.78833C22.9371 3.78833 22.2133 4.51223 22.2133 5.40521C22.2133 6.29818 22.9371 7.02209 23.8299 7.02209Z" fill="#029EE2"/>.<path d="M23.8299 2.44627C24.499 2.44627 25.0414 1.90387 25.0414 1.23479C25.0414 0.565712 24.499 0.0233154 23.8299 0.0233154C23.1608 0.0233154 22.6184 0.565712 22.6184 1.23479C22.6184 1.90387 23.1608 2.44627 23.8299 2.44627Z" fill="#029EE2"/>.<path d="M16.0375 12.5935C16.0354 11.9573 15.9395 11.3979 15.7495 10.9152C15.5729 10.4523 15.3031 10.0307 14.957 9.67633C14.6266 9.34172 14.2297 9.08002 13.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	2.820322190495294
Encrypted:	false
SSDEEP:	12:XHaQaY8Ia48vnraROl8R/Fjv8Rlq0LQY4co3assR3saKmamj2kl:X6g8nNnrVMtj+8s3xl7KtU2k
MD5:	D95E8EB0CA87D5E1E9E1D0891098DB34
SHA1:	E6376BF2700FCE504A015A8697867BF407530CF3
SHA-256:	ABB421E4DB49ADCFA1C8A290A1C95CD858E0F5FC916613314040E0148DB7E37E
SHA-512:	93AE49E6D32F5FE8E47ABE6231DBCAF401B934A721FC6F6B14EFD4144B6FF0BEB0917AE7955CDA425BBC1CD6AD4AAE2861AE459241C3E02FBBE02FE5DFFC93E3
Malicious:	false
Reputation:	low
URL:	https://api.beambenefits.com/favicon.ico
Preview:	............ .h.......(....... ..... .............................................................................................................POO.MLL.322.....................................................100.........655.................................................LKK.........@??.................................................JII.........@??.................................................JII.........@??.................................................JII.........@??.................................................KJJ.........A@@.................................................877.........322.................................................544.HGG.877.....................................................NMM.............................................................DCC...............z.............................................qpp...........u...........F......................................................................................................................7...

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2475
Entropy (8bit):	3.7856458072446157
Encrypted:	false
SSDEEP:	24:3vkxZO+jwVKYxCbbzwtbc1PvrsxEbkSiMJ+2+BN7bOibX3r9GXEtoRNJ:OO+kVB0/WkJgqir3JGXjR/
MD5:	A4F83847641B2108B26704A4092422AF
SHA1:	1FDB98FC8D43D63DFFAC1995F51270151607E3C2
SHA-256:	B092996590CDB9BF9C0C87810CA175E298EA87430AA3473C4330FAB073EE6A01
SHA-512:	7FAE38F59AC101F8D7E7598B51EA74D643B0304C2757338D4B5C5583C132BB519116D124239297069B49D00E55944E917EBDC519313C949131210769D6E8F246
Malicious:	false
Reputation:	low
URL:	https://api.beambenefits.com/
Preview:	<html>. <head>. <style>. body, html {. background-color: #DDD;. font-family: proxima-nova, sans-serif;. width: 100%;. height: 100%;. -moz-box-sizing: border-box;. -webkit-box-sizing: border-box;. box-sizing: border-box;. }.. body {. padding: 1em;. overflow: hidden;. }.. section {. width: 80%;. height: 100vw;. margin: 0 auto;. overflow: hidden;. position: relative;. }.. section>div {. position: absolute;. text-align: center;. max-height: none;. top: 50%;. margin-top: -187px;. left: 0;. width: 100%;. height: 375px;. -moz-transform: translateX(-100%);. -ms-transform: translateX(-100%);. -webkit-transform: translateX(-100%);. transform: translateX(-100%);.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	9865
Entropy (8bit):	3.9154230679551443
Encrypted:	false
SSDEEP:	192:J3Q/J+mE3gMr9NpO/vfkXZ/N9y1W12dIGOS5V/+lkO8RcFEKv:FQ/S3TN+v8XH9y+gPgkjctv
MD5:	C411B5D4D410DB5976835788BFB48300
SHA1:	8F5FCEF8854732D130EED03F9BE32F7031D3FAF1
SHA-256:	E0083E8B25B0FF25E307BBE4AA8594CAA6BDB871154749F91B2B86A8865F2F81
SHA-512:	9C00E9B861215CC03BA008407A32BCC868F813E87470465B9EBE5D8A050F53EB1407591F546E1AE488FEBB805F9BB579CAE7E3979638A76E61654B9F3880E11A
Malicious:	false
Reputation:	low
Preview:	<svg width="40" height="24" viewBox="0 0 40 24" fill="none" xmlns="http://www.w3.org/2000/svg">.<g clip-path="url(#clip0_622_2813)">.<path d="M28.4223 6.4827C29.0173 6.4827 29.4997 6.0003 29.4997 5.40523C29.4997 4.81016 29.0173 4.32776 28.4223 4.32776C27.8272 4.32776 27.3448 4.81016 27.3448 5.40523C27.3448 6.0003 27.8272 6.4827 28.4223 6.4827Z" fill="#029EE2"/>.<path d="M23.8299 7.02209C24.7226 7.02209 25.4464 6.29818 25.4464 5.40521C25.4464 4.51223 24.7226 3.78833 23.8299 3.78833C22.9371 3.78833 22.2133 4.51223 22.2133 5.40521C22.2133 6.29818 22.9371 7.02209 23.8299 7.02209Z" fill="#029EE2"/>.<path d="M23.8299 2.44627C24.499 2.44627 25.0414 1.90387 25.0414 1.23479C25.0414 0.565712 24.499 0.0233154 23.8299 0.0233154C23.1608 0.0233154 22.6184 0.565712 22.6184 1.23479C22.6184 1.90387 23.1608 2.44627 23.8299 2.44627Z" fill="#029EE2"/>.<path d="M16.0375 12.5935C16.0354 11.9573 15.9395 11.3979 15.7495 10.9152C15.5729 10.4523 15.3031 10.0307 14.957 9.67633C14.6266 9.34172 14.2297 9.08002 13.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	2.820322190495294
Encrypted:	false
SSDEEP:	12:XHaQaY8Ia48vnraROl8R/Fjv8Rlq0LQY4co3assR3saKmamj2kl:X6g8nNnrVMtj+8s3xl7KtU2k
MD5:	D95E8EB0CA87D5E1E9E1D0891098DB34
SHA1:	E6376BF2700FCE504A015A8697867BF407530CF3
SHA-256:	ABB421E4DB49ADCFA1C8A290A1C95CD858E0F5FC916613314040E0148DB7E37E
SHA-512:	93AE49E6D32F5FE8E47ABE6231DBCAF401B934A721FC6F6B14EFD4144B6FF0BEB0917AE7955CDA425BBC1CD6AD4AAE2861AE459241C3E02FBBE02FE5DFFC93E3
Malicious:	false
Reputation:	low
Preview:	............ .h.......(....... ..... .............................................................................................................POO.MLL.322.....................................................100.........655.................................................LKK.........@??.................................................JII.........@??.................................................JII.........@??.................................................JII.........@??.................................................KJJ.........A@@.................................................877.........322.................................................544.HGG.877.....................................................NMM.............................................................DCC...............z.............................................qpp...........u...........F......................................................................................................................7...

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 21, 2024 21:30:20.486169100 CET	49675	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:20.486186981 CET	49674	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:20.751722097 CET	49673	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:26.028189898 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.028224945 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.028326035 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.028801918 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.028841972 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.028939962 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.029228926 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.029246092 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.030891895 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.030914068 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.233746052 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.234234095 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.234266043 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.236259937 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.236331940 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.239906073 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.239996910 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.242295027 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.242304087 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.249562025 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.249783993 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.249804974 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.250195026 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.250264883 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.250870943 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.250936985 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.251785040 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.251981020 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.252017021 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.297900915 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.364180088 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.364263058 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.364279032 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.456073046 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.456171989 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.456182957 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.456281900 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.456425905 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.456830025 CET	49708	443	192.168.2.5	142.250.65.206
Feb 21, 2024 21:30:26.456841946 CET	443	49708	142.250.65.206	192.168.2.5
Feb 21, 2024 21:30:26.459342957 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.459526062 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:26.459592104 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.461325884 CET	49707	443	192.168.2.5	172.253.63.84
Feb 21, 2024 21:30:26.461342096 CET	443	49707	172.253.63.84	192.168.2.5
Feb 21, 2024 21:30:27.634701967 CET	49711	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:30:27.635175943 CET	49712	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:30:27.733352900 CET	80	49712	3.227.174.248	192.168.2.5
Feb 21, 2024 21:30:27.733374119 CET	80	49711	3.227.174.248	192.168.2.5
Feb 21, 2024 21:30:27.733510017 CET	49711	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:30:27.733870983 CET	49712	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:30:27.733870983 CET	49712	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:30:27.829194069 CET	80	49712	3.227.174.248	192.168.2.5
Feb 21, 2024 21:30:27.830468893 CET	80	49712	3.227.174.248	192.168.2.5
Feb 21, 2024 21:30:27.878966093 CET	49712	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:30:27.945497990 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:27.945583105 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:27.945678949 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:27.946073055 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:27.946105957 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.146315098 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.157259941 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.157325983 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.158371925 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.158451080 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.166898012 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.167032957 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.167074919 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.209909916 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.214396000 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.214456081 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.255614042 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.359174013 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.359194040 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.359289885 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.359303951 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.359383106 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.360241890 CET	49713	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.360285997 CET	443	49713	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.506164074 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.506201029 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.506272078 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.506728888 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.506737947 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.703111887 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.722033978 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.722059011 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.723222017 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.723346949 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.730401039 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.730462074 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.730573893 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.730580091 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.780152082 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.895525932 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.895546913 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.895710945 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.895721912 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.895747900 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.895761013 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.895773888 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.895773888 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.895786047 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.895807028 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.895811081 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.895833015 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.895875931 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.901454926 CET	49716	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.901468039 CET	443	49716	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.930985928 CET	49717	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.931044102 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:28.931162119 CET	49717	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.931719065 CET	49717	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:28.931739092 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.052309990 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.052352905 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.052427053 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.054630995 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.054645061 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.128715038 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.129894972 CET	49717	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:29.129930019 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.130247116 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.132210970 CET	49717	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:29.132288933 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.132474899 CET	49717	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:29.177907944 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.251763105 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.252509117 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.252521038 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.254053116 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.254116058 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.256406069 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.256509066 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.257293940 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.257303953 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.300767899 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.328006029 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.328111887 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.328176022 CET	49717	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:29.329505920 CET	49717	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:29.329526901 CET	443	49717	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.443907022 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.443938971 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.444013119 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.444017887 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.444031954 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.444068909 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.444080114 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.444123030 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.444129944 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.444158077 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.444206953 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.453394890 CET	49718	443	192.168.2.5	23.23.11.185
Feb 21, 2024 21:30:29.453413963 CET	443	49718	23.23.11.185	192.168.2.5
Feb 21, 2024 21:30:29.492444992 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:29.492479086 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:29.492558956 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:29.493580103 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:29.493587017 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.074004889 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.081473112 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:30.081486940 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.082479000 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.082582951 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:30.083403111 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:30.083448887 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.083683014 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:30.083688974 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.084633112 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:30.084686041 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:30.084747076 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:30.085330009 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:30.085340977 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:30.097518921 CET	49675	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:30.097523928 CET	49674	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:30.129070044 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:30.267008066 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.267082930 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.267213106 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:30.267983913 CET	49719	443	192.168.2.5	35.172.198.133
Feb 21, 2024 21:30:30.267991066 CET	443	49719	35.172.198.133	192.168.2.5
Feb 21, 2024 21:30:30.276825905 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:30.277095079 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:30.277124882 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:30.278119087 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:30.278206110 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:30.363198042 CET	49673	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:30.577600956 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:30.577760935 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:30.628810883 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:30.628829956 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:30.675642014 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:31.721120119 CET	443	49703	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:31.721246004 CET	49703	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:32.057010889 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.057060957 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.057131052 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.060245037 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.060261965 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.245259047 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.245345116 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.248346090 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.248358011 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.248579979 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.323283911 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.365906954 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.423320055 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.423398018 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.423592091 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.423655033 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.423675060 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.423686981 CET	49723	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.423692942 CET	443	49723	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.489698887 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.489746094 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.489860058 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.492019892 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.492033958 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.674021959 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.674135923 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.675740957 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.675750017 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.675961018 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.682476997 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.725939989 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.850159883 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.850364923 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.850430965 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.852415085 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.852432966 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:32.852482080 CET	49724	443	192.168.2.5	23.41.168.93
Feb 21, 2024 21:30:32.852488041 CET	443	49724	23.41.168.93	192.168.2.5
Feb 21, 2024 21:30:37.977351904 CET	80	49712	3.227.174.248	192.168.2.5
Feb 21, 2024 21:30:37.977577925 CET	49712	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:30:40.310421944 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:40.310477018 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:30:40.310534000 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:41.255244970 CET	49703	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.255354881 CET	49703	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.255708933 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.255752087 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.255836010 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.256345987 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.256356955 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.408176899 CET	443	49703	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.408258915 CET	443	49703	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.571553946 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.571636915 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.607619047 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.607637882 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.607964039 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.608474016 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.609144926 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.609178066 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.609313965 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.609321117 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.922856092 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.922933102 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.923136950 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.923192024 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.923193932 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.923239946 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.998795986 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.998828888 CET	443	49725	23.1.237.91	192.168.2.5
Feb 21, 2024 21:30:41.998836040 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:41.998913050 CET	49725	443	192.168.2.5	23.1.237.91
Feb 21, 2024 21:30:42.220146894 CET	49721	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:30:42.220171928 CET	443	49721	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:12.748181105 CET	49711	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:31:12.842108011 CET	49712	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:31:12.843601942 CET	80	49711	3.227.174.248	192.168.2.5
Feb 21, 2024 21:31:12.937238932 CET	80	49712	3.227.174.248	192.168.2.5
Feb 21, 2024 21:31:30.040386915 CET	49732	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:31:30.040410995 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:30.040493011 CET	49732	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:31:30.040924072 CET	49732	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:31:30.040936947 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:30.229645967 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:30.229986906 CET	49732	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:31:30.230000019 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:30.230279922 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:30.230674982 CET	49732	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:31:30.230717897 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:30.270112991 CET	49732	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:31:40.244870901 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:40.244940042 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:40.245121956 CET	49732	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:31:42.216763020 CET	49732	443	192.168.2.5	142.251.35.164
Feb 21, 2024 21:31:42.216804028 CET	443	49732	142.251.35.164	192.168.2.5
Feb 21, 2024 21:31:42.833853006 CET	80	49712	3.227.174.248	192.168.2.5
Feb 21, 2024 21:31:42.833930969 CET	49712	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:31:44.213896990 CET	49712	80	192.168.2.5	3.227.174.248
Feb 21, 2024 21:31:44.309150934 CET	80	49712	3.227.174.248	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 21, 2024 21:30:25.883732080 CET	58202	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:25.884179115 CET	65222	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:25.884793997 CET	58358	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:25.885164022 CET	53410	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:25.971551895 CET	53	58202	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:25.972919941 CET	53	65222	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:25.973015070 CET	53	53410	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:25.973103046 CET	53	58358	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:25.994313955 CET	53	50173	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:26.600061893 CET	53	61003	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:27.523601055 CET	56739	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:27.523827076 CET	57617	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:27.631885052 CET	53	56739	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:27.633584023 CET	53	57617	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:27.834398985 CET	60813	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:27.834615946 CET	50164	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:27.944314957 CET	53	50164	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:27.944804907 CET	53	60813	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:28.395421982 CET	59004	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:28.395637035 CET	55507	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:28.491477966 CET	53	59004	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:28.504156113 CET	53	55507	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:28.942619085 CET	63006	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:28.943710089 CET	59495	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:29.040005922 CET	53	59495	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:29.050935984 CET	53	63006	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:29.342089891 CET	50940	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:29.342904091 CET	57835	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:29.450526953 CET	53	50940	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:29.541471958 CET	53	57835	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:29.984941959 CET	51502	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:29.988356113 CET	58095	53	192.168.2.5	1.1.1.1
Feb 21, 2024 21:30:30.072977066 CET	53	51502	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:30.076342106 CET	53	58095	1.1.1.1	192.168.2.5
Feb 21, 2024 21:30:43.984977961 CET	53	58407	1.1.1.1	192.168.2.5
Feb 21, 2024 21:31:02.783260107 CET	53	54227	1.1.1.1	192.168.2.5
Feb 21, 2024 21:31:25.727256060 CET	53	54032	1.1.1.1	192.168.2.5
Feb 21, 2024 21:31:25.736032009 CET	53	52115	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Feb 21, 2024 21:30:29.541553020 CET	192.168.2.5	1.1.1.1	c23f	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 21, 2024 21:30:25.883732080 CET	192.168.2.5	1.1.1.1	0xaaba	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:25.884179115 CET	192.168.2.5	1.1.1.1	0x3828	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Feb 21, 2024 21:30:25.884793997 CET	192.168.2.5	1.1.1.1	0x13e6	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:25.885164022 CET	192.168.2.5	1.1.1.1	0x2776	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Feb 21, 2024 21:30:27.523601055 CET	192.168.2.5	1.1.1.1	0x60be	Standard query (0)	api.beambenefits.com	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.523827076 CET	192.168.2.5	1.1.1.1	0x16c3	Standard query (0)	api.beambenefits.com	65	IN (0x0001)	false
Feb 21, 2024 21:30:27.834398985 CET	192.168.2.5	1.1.1.1	0x671	Standard query (0)	api.beambenefits.com	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.834615946 CET	192.168.2.5	1.1.1.1	0x6365	Standard query (0)	api.beambenefits.com	65	IN (0x0001)	false
Feb 21, 2024 21:30:28.395421982 CET	192.168.2.5	1.1.1.1	0xfca2	Standard query (0)	app.beambenefits.com	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:28.395637035 CET	192.168.2.5	1.1.1.1	0x17f0	Standard query (0)	app.beambenefits.com	65	IN (0x0001)	false
Feb 21, 2024 21:30:28.942619085 CET	192.168.2.5	1.1.1.1	0x56b9	Standard query (0)	app.beambenefits.com	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:28.943710089 CET	192.168.2.5	1.1.1.1	0x3d12	Standard query (0)	app.beambenefits.com	65	IN (0x0001)	false
Feb 21, 2024 21:30:29.342089891 CET	192.168.2.5	1.1.1.1	0xf9d2	Standard query (0)	api.beambenefits.com	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.342904091 CET	192.168.2.5	1.1.1.1	0x15af	Standard query (0)	api.beambenefits.com	65	IN (0x0001)	false
Feb 21, 2024 21:30:29.984941959 CET	192.168.2.5	1.1.1.1	0x4f09	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.988356113 CET	192.168.2.5	1.1.1.1	0x36f2	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 21, 2024 21:30:25.971551895 CET	1.1.1.1	192.168.2.5	0xaaba	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 21, 2024 21:30:25.971551895 CET	1.1.1.1	192.168.2.5	0xaaba	No error (0)	clients.l.google.com		142.250.65.206	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:25.972919941 CET	1.1.1.1	192.168.2.5	0x3828	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 21, 2024 21:30:25.973103046 CET	1.1.1.1	192.168.2.5	0x13e6	No error (0)	accounts.google.com		172.253.63.84	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.631885052 CET	1.1.1.1	192.168.2.5	0x60be	No error (0)	api.beambenefits.com		3.227.174.248	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.631885052 CET	1.1.1.1	192.168.2.5	0x60be	No error (0)	api.beambenefits.com		35.172.198.133	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.631885052 CET	1.1.1.1	192.168.2.5	0x60be	No error (0)	api.beambenefits.com		18.209.170.187	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.631885052 CET	1.1.1.1	192.168.2.5	0x60be	No error (0)	api.beambenefits.com		23.23.11.185	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.944804907 CET	1.1.1.1	192.168.2.5	0x671	No error (0)	api.beambenefits.com		35.172.198.133	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.944804907 CET	1.1.1.1	192.168.2.5	0x671	No error (0)	api.beambenefits.com		18.209.170.187	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.944804907 CET	1.1.1.1	192.168.2.5	0x671	No error (0)	api.beambenefits.com		23.23.11.185	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:27.944804907 CET	1.1.1.1	192.168.2.5	0x671	No error (0)	api.beambenefits.com		3.227.174.248	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:28.491477966 CET	1.1.1.1	192.168.2.5	0xfca2	No error (0)	app.beambenefits.com		35.172.198.133	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:28.491477966 CET	1.1.1.1	192.168.2.5	0xfca2	No error (0)	app.beambenefits.com		23.23.11.185	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:28.491477966 CET	1.1.1.1	192.168.2.5	0xfca2	No error (0)	app.beambenefits.com		18.209.170.187	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:28.491477966 CET	1.1.1.1	192.168.2.5	0xfca2	No error (0)	app.beambenefits.com		3.227.174.248	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.050935984 CET	1.1.1.1	192.168.2.5	0x56b9	No error (0)	app.beambenefits.com		23.23.11.185	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.050935984 CET	1.1.1.1	192.168.2.5	0x56b9	No error (0)	app.beambenefits.com		35.172.198.133	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.050935984 CET	1.1.1.1	192.168.2.5	0x56b9	No error (0)	app.beambenefits.com		18.209.170.187	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.050935984 CET	1.1.1.1	192.168.2.5	0x56b9	No error (0)	app.beambenefits.com		3.227.174.248	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.450526953 CET	1.1.1.1	192.168.2.5	0xf9d2	No error (0)	api.beambenefits.com		35.172.198.133	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.450526953 CET	1.1.1.1	192.168.2.5	0xf9d2	No error (0)	api.beambenefits.com		18.209.170.187	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.450526953 CET	1.1.1.1	192.168.2.5	0xf9d2	No error (0)	api.beambenefits.com		23.23.11.185	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:29.450526953 CET	1.1.1.1	192.168.2.5	0xf9d2	No error (0)	api.beambenefits.com		3.227.174.248	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:30.072977066 CET	1.1.1.1	192.168.2.5	0x4f09	No error (0)	www.google.com		142.251.35.164	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:30:30.076342106 CET	1.1.1.1	192.168.2.5	0x36f2	No error (0)	www.google.com			65	IN (0x0001)	false
Feb 21, 2024 21:30:41.368211985 CET	1.1.1.1	192.168.2.5	0xc159	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 21, 2024 21:30:41.368211985 CET	1.1.1.1	192.168.2.5	0xc159	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:31:17.859602928 CET	1.1.1.1	192.168.2.5	0xe37b	No error (0)	windowsupdatebg.s.llnwi.net		69.164.46.128	A (IP address)	IN (0x0001)	false
Feb 21, 2024 21:31:38.547481060 CET	1.1.1.1	192.168.2.5	0x89a6	No error (0)	windowsupdatebg.s.llnwi.net		69.164.46.128	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

api.beambenefits.com

https:

app.beambenefits.com

www.bing.com

fs.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49712	3.227.174.248	80	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Feb 21, 2024 21:30:27.733870983 CET	435	OUT	GET / HTTP/1.1 Host: api.beambenefits.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Feb 21, 2024 21:30:27.830468893 CET	346	IN	HTTP/1.1 308 Permanent Redirect Date: Wed, 21 Feb 2024 20:30:27 GMT Content-Type: text/html Content-Length: 164 Connection: keep-alive Location: https://api.beambenefits.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 38 20 50 65 72 6d 61 6e 65 6e 74 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 38 20 50 65 72 6d 61 6e 65 6e 74 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>308 Permanent Redirect</title></head><body><center><h1>308 Permanent Redirect</h1></center><hr><center>nginx</center></body></html>
Feb 21, 2024 21:31:12.842108011 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49711	3.227.174.248	80	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Feb 21, 2024 21:31:12.748181105 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49707	172.253.63.84	443	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:26 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
2024-02-21 20:30:26 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-02-21 20:30:26 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 21 Feb 2024 20:30:26 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-OYCrKkd6UkvvvdWvfOTOUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw1JBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQJiIR6OR7turmMTePHm3E5GALtsGGQ" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-21 20:30:26 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-02-21 20:30:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49708	142.250.65.206	443	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:26 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-21 20:30:26 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-b6bfMKEmi4FY9fazq9L88A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 21 Feb 2024 20:30:26 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6260 X-Daystart: 45026 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-21 20:30:26 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 36 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 35 30 32 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6260" elapsed_seconds="45026"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-02-21 20:30:26 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-02-21 20:30:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49713	35.172.198.133	443	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:28 UTC	663	OUT	GET / HTTP/1.1 Host: api.beambenefits.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-21 20:30:28 UTC	835	IN	HTTP/1.1 404 Not Found Date: Wed, 21 Feb 2024 20:30:28 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; feature-policy: accelerometer 'none'; autoplay 'none'; encrypted-media 'none'; gyroscope 'none'; feature-policy: magnetometer 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; feature-policy: fullscreen * x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin x-frame-options: DENY cache-control: no-cache x-request-id: cc15686b6e223426e5e1682f89154755 x-runtime: 0.018574 vary: Origin Strict-Transport-Security: max-age=15724800; includeSubDomains
2024-02-21 20:30:28 UTC	2482	IN	Data Raw: 39 61 62 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 44 44 44 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f Data Ascii: 9ab<html> <head> <style> body, html { background-color: #DDD; font-family: proxima-nova, sans-serif; width: 100%; height: 100%; -moz-box-sizing: border-box; -webkit-bo
2024-02-21 20:30:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49716	35.172.198.133	443	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:28 UTC	614	OUT	GET /admin/images/beam_logo_navy.svg HTTP/1.1 Host: app.beambenefits.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://api.beambenefits.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-21 20:30:28 UTC	250	IN	HTTP/1.1 200 OK Date: Wed, 21 Feb 2024 20:30:28 GMT Content-Type: image/svg+xml Content-Length: 9865 Connection: close last-modified: Wed, 21 Feb 2024 17:47:06 GMT vary: Origin Strict-Transport-Security: max-age=15724800; includeSubDomains
2024-02-21 20:30:28 UTC	3846	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 34 30 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 30 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 67 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 63 6c 69 70 30 5f 36 32 32 5f 32 38 31 33 29 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 32 38 2e 34 32 32 33 20 36 2e 34 38 32 37 43 32 39 2e 30 31 37 33 20 36 2e 34 38 32 37 20 32 39 2e 34 39 39 37 20 36 2e 30 30 30 33 20 32 39 2e 34 39 39 37 20 35 2e 34 30 35 32 33 43 32 39 2e 34 39 39 37 20 34 2e 38 31 30 31 36 20 32 39 2e 30 31 37 33 20 34 2e 33 32 37 37 36 20 32 38 2e 34 32 32 33 20 34 2e 33 32 37 37 36 43 32 37 2e Data Ascii: <svg width="40" height="24" viewBox="0 0 40 24" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#clip0_622_2813)"><path d="M28.4223 6.4827C29.0173 6.4827 29.4997 6.0003 29.4997 5.40523C29.4997 4.81016 29.0173 4.32776 28.4223 4.32776C27.
2024-02-21 20:30:28 UTC	4096	IN	Data Raw: 31 20 32 35 2e 32 31 35 39 20 32 33 2e 34 33 33 33 43 32 35 2e 33 31 36 31 20 32 33 2e 35 33 35 36 20 32 35 2e 34 33 35 36 20 32 33 2e 36 31 36 39 20 32 35 2e 35 36 37 36 20 32 33 2e 36 37 32 35 43 32 35 2e 36 39 39 36 20 32 33 2e 37 32 38 20 32 35 2e 38 34 31 33 20 32 33 2e 37 35 36 37 20 32 35 2e 39 38 34 35 20 32 33 2e 37 35 36 39 43 32 36 2e 31 32 37 36 20 32 33 2e 37 35 37 31 20 32 36 2e 32 36 39 34 20 32 33 2e 37 32 38 38 20 32 36 2e 34 30 31 36 20 32 33 2e 36 37 33 36 43 32 36 2e 35 33 33 37 20 32 33 2e 36 31 38 34 20 32 36 2e 36 35 33 35 20 32 33 2e 35 33 37 35 20 32 36 2e 37 35 34 20 32 33 2e 34 33 35 35 43 32 36 2e 38 35 34 35 20 32 33 2e 33 33 33 35 20 32 36 2e 39 33 33 36 20 32 33 2e 32 31 32 35 20 32 36 2e 39 38 36 39 20 32 33 2e 30 37 39 36 Data Ascii: 1 25.2159 23.4333C25.3161 23.5356 25.4356 23.6169 25.5676 23.6725C25.6996 23.728 25.8413 23.7567 25.9845 23.7569C26.1276 23.7571 26.2694 23.7288 26.4016 23.6736C26.5337 23.6184 26.6535 23.5375 26.754 23.4355C26.8545 23.3335 26.9336 23.2125 26.9869 23.0796
2024-02-21 20:30:28 UTC	101	IN	Data Raw: 32 20 32 32 2e 36 36 32 37 4c 32 33 2e 38 32 39 32 20 31 32 2e 33 39 35 37 5a 4d 32 31 2e 36 37 32 36 20 32 30 2e 31 37 32 32 43 32 31 2e 34 35 30 38 20 32 32 2e 30 31 37 33 20 31 38 2e 38 38 35 37 20 32 32 2e 30 37 30 33 20 31 38 2e 35 35 36 33 20 32 30 2e 32 33 39 37 43 31 38 2e 34 35 35 20 31 39 2e Data Ascii: 2 22.6627L23.8292 12.3957ZM21.6726 20.1722C21.4508 22.0173 18.8857 22.0703 18.5563 20.2397C18.455 19.
2024-02-21 20:30:28 UTC	1822	IN	Data Raw: 36 32 34 20 31 38 2e 35 35 32 32 20 31 39 2e 32 35 36 38 20 31 38 2e 36 30 32 38 20 31 39 2e 30 35 38 33 43 31 38 2e 38 32 31 32 20 31 38 2e 32 30 36 36 20 31 39 2e 35 35 32 37 20 31 37 2e 31 38 30 31 20 32 30 2e 32 37 35 34 20 31 36 2e 36 38 31 32 43 32 31 2e 32 38 32 20 31 35 2e 39 37 32 34 20 32 31 2e 37 31 36 38 20 31 36 2e 31 32 32 36 20 32 31 2e 37 31 36 38 20 31 36 2e 39 35 33 36 4c 32 31 2e 36 37 32 36 20 32 30 2e 31 37 32 32 5a 22 20 66 69 6c 6c 3d 22 23 32 36 32 32 36 31 22 2f 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 33 39 2e 34 36 35 37 20 37 2e 37 31 31 37 32 43 33 39 2e 36 32 38 33 20 37 2e 38 30 34 33 20 33 39 2e 37 36 33 32 20 37 2e 39 33 38 38 32 20 33 39 2e 38 35 36 32 20 38 2e 31 30 31 32 36 43 33 39 2e 39 37 34 36 20 38 2e 33 30 38 32 34 20 Data Ascii: 624 18.5522 19.2568 18.6028 19.0583C18.8212 18.2066 19.5527 17.1801 20.2754 16.6812C21.282 15.9724 21.7168 16.1226 21.7168 16.9536L21.6726 20.1722Z" fill="#262261"/><path d="M39.4657 7.71172C39.6283 7.8043 39.7632 7.93882 39.8562 8.10126C39.9746 8.30824

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49717	35.172.198.133	443	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:29 UTC	596	OUT	GET /favicon.ico HTTP/1.1 Host: api.beambenefits.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://api.beambenefits.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-21 20:30:29 UTC	261	IN	HTTP/1.1 200 OK Date: Wed, 21 Feb 2024 20:30:29 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 1150 Connection: close last-modified: Wed, 21 Feb 2024 17:47:06 GMT vary: Origin Strict-Transport-Security: max-age=15724800; includeSubDomains
2024-02-21 20:30:29 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa fa fa ff f9 f9 f9 ff dc dc dc ff cf cf cf ff fd fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fc fc ff ff ff ff ff c2 c2 c2 ff 50 4f 4f ff 4d 4c 4c ff 33 32 32 ff 8d 8c 8c ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fc fc fc ff ff ff ff ff b5 b5 b5 ff 31 30 30 ff d9 d9 d9 ff c1 c1 c1 ff 36 35 35 ff e2 e2 e2 ff ff ff ff ff fd fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: h( POOMLL322100655

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49718	23.23.11.185	443	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:29 UTC	375	OUT	GET /admin/images/beam_logo_navy.svg HTTP/1.1 Host: app.beambenefits.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-21 20:30:29 UTC	250	IN	HTTP/1.1 200 OK Date: Wed, 21 Feb 2024 20:30:29 GMT Content-Type: image/svg+xml Content-Length: 9865 Connection: close last-modified: Wed, 21 Feb 2024 17:47:06 GMT vary: Origin Strict-Transport-Security: max-age=15724800; includeSubDomains
2024-02-21 20:30:29 UTC	3846	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 34 30 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 30 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 67 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 63 6c 69 70 30 5f 36 32 32 5f 32 38 31 33 29 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 32 38 2e 34 32 32 33 20 36 2e 34 38 32 37 43 32 39 2e 30 31 37 33 20 36 2e 34 38 32 37 20 32 39 2e 34 39 39 37 20 36 2e 30 30 30 33 20 32 39 2e 34 39 39 37 20 35 2e 34 30 35 32 33 43 32 39 2e 34 39 39 37 20 34 2e 38 31 30 31 36 20 32 39 2e 30 31 37 33 20 34 2e 33 32 37 37 36 20 32 38 2e 34 32 32 33 20 34 2e 33 32 37 37 36 43 32 37 2e Data Ascii: <svg width="40" height="24" viewBox="0 0 40 24" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#clip0_622_2813)"><path d="M28.4223 6.4827C29.0173 6.4827 29.4997 6.0003 29.4997 5.40523C29.4997 4.81016 29.0173 4.32776 28.4223 4.32776C27.
2024-02-21 20:30:29 UTC	4096	IN	Data Raw: 31 20 32 35 2e 32 31 35 39 20 32 33 2e 34 33 33 33 43 32 35 2e 33 31 36 31 20 32 33 2e 35 33 35 36 20 32 35 2e 34 33 35 36 20 32 33 2e 36 31 36 39 20 32 35 2e 35 36 37 36 20 32 33 2e 36 37 32 35 43 32 35 2e 36 39 39 36 20 32 33 2e 37 32 38 20 32 35 2e 38 34 31 33 20 32 33 2e 37 35 36 37 20 32 35 2e 39 38 34 35 20 32 33 2e 37 35 36 39 43 32 36 2e 31 32 37 36 20 32 33 2e 37 35 37 31 20 32 36 2e 32 36 39 34 20 32 33 2e 37 32 38 38 20 32 36 2e 34 30 31 36 20 32 33 2e 36 37 33 36 43 32 36 2e 35 33 33 37 20 32 33 2e 36 31 38 34 20 32 36 2e 36 35 33 35 20 32 33 2e 35 33 37 35 20 32 36 2e 37 35 34 20 32 33 2e 34 33 35 35 43 32 36 2e 38 35 34 35 20 32 33 2e 33 33 33 35 20 32 36 2e 39 33 33 36 20 32 33 2e 32 31 32 35 20 32 36 2e 39 38 36 39 20 32 33 2e 30 37 39 36 Data Ascii: 1 25.2159 23.4333C25.3161 23.5356 25.4356 23.6169 25.5676 23.6725C25.6996 23.728 25.8413 23.7567 25.9845 23.7569C26.1276 23.7571 26.2694 23.7288 26.4016 23.6736C26.5337 23.6184 26.6535 23.5375 26.754 23.4355C26.8545 23.3335 26.9336 23.2125 26.9869 23.0796
2024-02-21 20:30:29 UTC	1923	IN	Data Raw: 32 20 32 32 2e 36 36 32 37 4c 32 33 2e 38 32 39 32 20 31 32 2e 33 39 35 37 5a 4d 32 31 2e 36 37 32 36 20 32 30 2e 31 37 32 32 43 32 31 2e 34 35 30 38 20 32 32 2e 30 31 37 33 20 31 38 2e 38 38 35 37 20 32 32 2e 30 37 30 33 20 31 38 2e 35 35 36 33 20 32 30 2e 32 33 39 37 43 31 38 2e 34 35 35 20 31 39 2e 36 32 34 20 31 38 2e 35 35 32 32 20 31 39 2e 32 35 36 38 20 31 38 2e 36 30 32 38 20 31 39 2e 30 35 38 33 43 31 38 2e 38 32 31 32 20 31 38 2e 32 30 36 36 20 31 39 2e 35 35 32 37 20 31 37 2e 31 38 30 31 20 32 30 2e 32 37 35 34 20 31 36 2e 36 38 31 32 43 32 31 2e 32 38 32 20 31 35 2e 39 37 32 34 20 32 31 2e 37 31 36 38 20 31 36 2e 31 32 32 36 20 32 31 2e 37 31 36 38 20 31 36 2e 39 35 33 36 4c 32 31 2e 36 37 32 36 20 32 30 2e 31 37 32 32 5a 22 20 66 69 6c 6c 3d Data Ascii: 2 22.6627L23.8292 12.3957ZM21.6726 20.1722C21.4508 22.0173 18.8857 22.0703 18.5563 20.2397C18.455 19.624 18.5522 19.2568 18.6028 19.0583C18.8212 18.2066 19.5527 17.1801 20.2754 16.6812C21.282 15.9724 21.7168 16.1226 21.7168 16.9536L21.6726 20.1722Z" fill=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49719	35.172.198.133	443	5268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:30 UTC	355	OUT	GET /favicon.ico HTTP/1.1 Host: api.beambenefits.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-21 20:30:30 UTC	261	IN	HTTP/1.1 200 OK Date: Wed, 21 Feb 2024 20:30:30 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 1150 Connection: close last-modified: Wed, 21 Feb 2024 17:47:06 GMT vary: Origin Strict-Transport-Security: max-age=15724800; includeSubDomains
2024-02-21 20:30:30 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa fa fa ff f9 f9 f9 ff dc dc dc ff cf cf cf ff fd fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fc fc ff ff ff ff ff c2 c2 c2 ff 50 4f 4f ff 4d 4c 4c ff 33 32 32 ff 8d 8c 8c ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fc fc fc ff ff ff ff ff b5 b5 b5 ff 31 30 30 ff d9 d9 d9 ff c1 c1 c1 ff 36 35 35 ff e2 e2 e2 ff ff ff ff ff fd fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: h( POOMLL322100655

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49723	23.41.168.93	443

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:32 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-02-21 20:30:32 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=82490 Date: Wed, 21 Feb 2024 20:30:32 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49724	23.41.168.93	443

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:32 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-02-21 20:30:32 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 08K+nYgAAAACXC/Ywsy9UQ60qHfPpvzYzU0pDRURHRTA1MTIAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=82476 Date: Wed, 21 Feb 2024 20:30:32 GMT Content-Length: 55 Connection: close X-CID: 2
2024-02-21 20:30:32 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49725	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-02-21 20:30:41 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1708547410672&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-02-21 20:30:41 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-02-21 20:30:41 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-02-21 20:30:41 UTC	476	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 01882A6863CA442E871774E139A3A9D1 Ref B: PAOEDGE0620 Ref C: 2024-02-21T20:30:41Z Date: Wed, 21 Feb 2024 20:30:41 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1708547441.1df3028a

Target ID:	0
Start time:	21:30:21
Start date:	21/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	21:30:24
Start date:	21/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1864,i,14242331942881730238,11876666898652434801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	21:30:26
Start date:	21/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://API.BEAMBENEFITS.COM
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://API.BEAMBENEFITS.COM

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6640, Parent PID: 5464

General

Windows Analysis Report
http://API.BEAMBENEFITS.COM