Edit tour

Windows Analysis Report
https://engagetexting.com/kwik-kar-donation-request-form

Overview

General Information

Sample URL:	https://engagetexting.com/kwik-kar-donation-request-form
Analysis ID:	1428443
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://engagetexting.com/kwik-kar-donation-request-form MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,18330707211503608032,9976634146919191405,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.19

Source: global traffic	HTTP traffic detected: GET /kwik-kar-donation-request-form HTTP/1.1Host: engagetexting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: engagetexting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://engagetexting.com/kwik-kar-donation-request-formAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: engagetexting.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=G7CzpC2CSp7CX6b&MD=BEDmyme7 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAVVEwqwOMzjCT8WbqC9LEB7w9OPvHSF2qBhl/GWhkEx3UDpua46xwrPKs3tkpkllE8gY4R3BUkatlP7BF8qi62Hvn79p67Rf%2BEwwaWDrCdNhJYvQYnx8QpL72SjWu3IhhWqi9AAGdLvPH1JoTO%2BkWP6H7ArOaxun/P/W%2B87gByDSuzHjOnHiceaLfxf7%2BILTGEKf0OsgIZZ4HS9xHcwFjgNJB6Dq6nXdxE9%2BdLuh1IHha/cBIrmoeioYEOC9EF%2BXeUhRGVMqPE1DN8Zw7VMMCUxhKp6EQT0et87vv/cfjMjEFyS3iXpZorHxQ2JmoxzS9H8UMe%2B4pAnvAoda6HbDRlADZgAACMMr7iWU69aNqAFRxyC7HS4eCql5rmVKLv7qETZ6WjnADIbrmhZog16qO6l/SQqKTWpLz8CIOaE9UkGCsRQ7feWia00NAey09irpFPxqEyIHFV9q4gp8ACu7/o0BncghX0I0Ce%2BsCXJeEHaxq3nWrxr2SuGSk20Af94aHCU6euVllr9XPHtOe5W8cRDDwumdLRo4b5O5ULiGyV0JS%2Blmx1lYABXpeysYU1h2q/mbQJs51KCYrmV0oGkIcyTy7Fxo%2BYTZKmrNVmZimcFkl7bLim9cNj1SyUNjX%2Bf8KfDDhuRamqRVjdyQCcnTzAZFRa6ioe1P%2BQt25xZmyt6ChmR8Jg3LbdEkKSOK1QI4lJKmubylSMtv5eZ/UGHl7wvVRz9GyGkuLlxmJ550STzujj8vFzIEEZWqGa0Ad22in9s6yBzHMOYW9p8C8J5v6F35hSQvnR6K/Z1wztYO%2Brq%2BMSX7dBUPXn8umndMPJniOOKsbMflRCvjlSTWYcvlJRsS2VRstIMl1aPF9DAzh/JIrrbJFz5GAeEshaywEbEfA2NN4YnXKe57AuDMirCkFS/oyEEXYeEf2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713476716User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 1EC6349DA18F4AF18A86D976BB1056D8X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: unknown

DNS traffic detected: queries for: engagetexting.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4788Host: login.live.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.19:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49721 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@13/11@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://engagetexting.com/kwik-kar-donation-request-form
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,18330707211503608032,9976634146919191405,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,18330707211503608032,9976634146919191405,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	64.233.177.104	true	false		high
engagetexting.com	172.67.128.18	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://engagetexting.com/favicon.ico	false		unknown
https://engagetexting.com/kwik-kar-donation-request-form	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
64.233.177.104	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.0.142	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.128.18	engagetexting.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428443
Start date and time:	2024-04-18 23:44:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://engagetexting.com/kwik-kar-donation-request-form
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@13/11@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.215.94, 108.177.122.101, 108.177.122.139, 108.177.122.100, 108.177.122.102, 108.177.122.138, 108.177.122.113, 74.125.136.84, 34.104.35.123, 192.229.211.108
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, evoke-windowsservices-tas.msedge.net, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://engagetexting.com/kwik-kar-donation-request-form

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:44:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.993186709514694
Encrypted:	false
SSDEEP:	48:8igTdcT976DHjgidAKZdA1JehwiZUklqehSy+3:8FWEHi1y
MD5:	36909C5DEE9381AC6112B9324AA4C6C7
SHA1:	C1C21E277E5EB19EB3D6DCFD7AE59FAD06621245
SHA-256:	E8363A02874B27B607F5EB106E7EB9E003309A35AB836442697A8AE65EC6CA76
SHA-512:	FAAB72BDFA7E9125DF36DEFA5D5A465070D2975C36A65CF4FA5F34AFAE2D8F370FB0612764BC3E42621C4858E863177560A648A4BF13C2365A5B68359E42F722
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....X.{........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i........... .;^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:44:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.009733268575881
Encrypted:	false
SSDEEP:	48:8WgTdcT976DHjgidAKZdA10eh/iZUkAQkqehly+2:8ZWEHo9Q0y
MD5:	83AEABD1873E7817735505F3E403A0CF
SHA1:	B4D2855489043C887664BD51B08433D7E99F6AF7
SHA-256:	B0CF7302585BB837EC06D32DF2DEBBD0109717F67D912ADD92BF961B94D1B260
SHA-512:	3F5D211913B0D5E066DE6C1291F1BABC5D9D72A40D8EEBF46C7927B838389B5CC0531503EA91E3BC37CFC3AEEEE788B808445B2DB5821C95B94415AFD196BEA3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Zq........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i........... .;^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.016287551452852
Encrypted:	false
SSDEEP:	48:8eTdcT976jHjgidAKZdA14tIeh7sFiZUkmgqeh7svy+BX:8eWEnQnhy
MD5:	3C1A57243D42386B7812116B4A6BF7C7
SHA1:	CCF2DF41ADF39058366D97D8CC666AD954183FA5
SHA-256:	20DD55804A1713A13CC5D98340D781C47B3A9422F353B016417682F3A135E396
SHA-512:	E0998AB49A6E1CB2C937273A165B2661095746B1A41544EE137B58B8D7DFAEE9FEC3EE08EE85352BAE954F89F92491D5BFAFA2A9FAE24E58BA21C17A1EA8CC70
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i........... .;^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:44:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.004476922221611
Encrypted:	false
SSDEEP:	48:8ogTdcT976DHjgidAKZdA1behDiZUkwqehZy+R:8HWEHjny
MD5:	1E7E2833A86B4208DC4C48DBE91DE3EC
SHA1:	2F5F45CA9FDDAA1ED77109DB5B6D00AD04AFC67A
SHA-256:	763A32F6690E80B389A4CE579798C34304AB405CEB66FCDF8626DCA722A3A47B
SHA-512:	94457218AA111D29CF3095C35BEA466EDA047A0280C7DBE305991631F0152227841505D6BF049EB70BCE2BB62DF8CF69E357E68CB2EF1F9F9041C1A857BD87A5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....c.j........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i........... .;^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:44:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.995218127495547
Encrypted:	false
SSDEEP:	48:8LgTdcT976DHjgidAKZdA1VehBiZUk1W1qehry+C:80WEHz9Ly
MD5:	97BAAC44A7FA4C0253A239347A68541B
SHA1:	C5BBB651DA257AC52407CF9524B89E95C9E01236
SHA-256:	FEF79018AD362DCDBDF07CCD07A3480ADFD6A679B950B7DB288361740AC6A104
SHA-512:	44C8B4F71347A8237DB480B2575CEA82C954F4808021D5104B4B2AAFDE988C220267765F315083CEAF2737F1E31DFBF45F00F0DE7C1E4CB59C907AE16CBB9E96
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....e.v........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i........... .;^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:44:57 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.005817163127187
Encrypted:	false
SSDEEP:	48:8mgTdcT976DHjgidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbhy+yT+:8pWEHvTTTbxWOvTbhy7T
MD5:	CB3E026764278D3905600681B93B5007
SHA1:	4BDBBFEBA056543106E2FF86FBFFA7D736666184
SHA-256:	5B0485FDF0581E9D90806E69F9F783B5171645D09168745ACABD23302794DB03
SHA-512:	B0E900F21A4AA61E5F41D9E4953F8B62EDC1DF8FACB9464926D562D8AA649DB1644FCC359BF53CD3396E47C33C568046399F6A1274ABE465BA0F6FBEF4D1915E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......b........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i........... .;^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	34494
Entropy (8bit):	3.831520287877854
Encrypted:	false
SSDEEP:	192:lmREz+EBbauShpC9EAs4S2ytrXEeplU+F32Ar46mKuC00/49H9:cpma1v2ytrUepyufr46mKv/49H9
MD5:	CBB2ED72EE2627E8400D801976EEB577
SHA1:	404D7AB547E9C2485B818BCB26FC77C972093B21
SHA-256:	0D2D98A7E3EDD883D3B5E204CC9955EE759E30BA6A908CBECE2CD29761891B16
SHA-512:	E3397E1259675183EA95FC53842BB2270DA30DB042FB78EBF216BD29B4E97172CC63E4532FE8F2FDBA305A5F692CC4B2FB0043E2AC58B604DD9E9DBD9EC21235
Malicious:	false
Reputation:	low
URL:	https://engagetexting.com/favicon.ico
Preview:	............ .h...V......... ......... .... .....F...00.... ..%......@@.... .(B...D..(....... ..... .........................................................................................................................................................................................................................MG.OI..FB..333.333.98](OI..OI..=:vB333.r[>R.L..K.753.333.333H....$...!.............wz$...#............T...t ..t .4".D..........A>$...$.....><........$................q...t ..t .pH..............!...$...........#...$.....\\....F-.^.t ..t ..t ..l..................$.........ij$...#............S...t ..g..t ..t .2 .@..........A@$...$... ...$................q...t .U7.p.b..t .mF..............!...$...$...$.....\^....F-.\.t ..s....."a?...t ..k..................$...$...#............T...t ..b......)..4.t ..t .1 .>..........ED$...$................q...t .`>...........i..t .mF..333.333.338.NH..OI..?<.R333.fT<B.L..L.WJ9.333.333..nC~.L..J...........................................

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	39
Entropy (8bit):	4.015920808494892
Encrypted:	false
SSDEEP:	3:ZmLLRwFvQb/ALRIn:ZeWFvO2In
MD5:	49E1AE0CC462B41183B926B325110036
SHA1:	90BE8FDFB797216A91EED58AEA99FFB3958AFDEB
SHA-256:	91B8FDA83063CA5C9975912DEB1EEB83519228ACBF743AD24F6CFAF6BCD4F2AC
SHA-512:	1900DAB873C6C158B10952DB6294C78FA3876EE9C2011DD827C260810E86DBE870020A69F1B5AB23BFDE42E400716AF7771E9460423817FC55B37607B2D06849
Malicious:	false
Reputation:	low
URL:	https://engagetexting.com/kwik-kar-donation-request-form
Preview:	<center><h2>404 Not found</h2></center>

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	dropped
Size (bytes):	34494
Entropy (8bit):	3.831520287877854
Encrypted:	false
SSDEEP:	192:lmREz+EBbauShpC9EAs4S2ytrXEeplU+F32Ar46mKuC00/49H9:cpma1v2ytrUepyufr46mKv/49H9
MD5:	CBB2ED72EE2627E8400D801976EEB577
SHA1:	404D7AB547E9C2485B818BCB26FC77C972093B21
SHA-256:	0D2D98A7E3EDD883D3B5E204CC9955EE759E30BA6A908CBECE2CD29761891B16
SHA-512:	E3397E1259675183EA95FC53842BB2270DA30DB042FB78EBF216BD29B4E97172CC63E4532FE8F2FDBA305A5F692CC4B2FB0043E2AC58B604DD9E9DBD9EC21235
Malicious:	false
Reputation:	low
Preview:	............ .h...V......... ......... .... .....F...00.... ..%......@@.... .(B...D..(....... ..... .........................................................................................................................................................................................................................MG.OI..FB..333.333.98](OI..OI..=:vB333.r[>R.L..K.753.333.333H....$...!.............wz$...#............T...t ..t .4".D..........A>$...$.....><........$................q...t ..t .pH..............!...$...........#...$.....\\....F-.^.t ..t ..t ..l..................$.........ij$...#............S...t ..g..t ..t .2 .@..........A@$...$... ...$................q...t .U7.p.b..t .mF..............!...$...$...$.....\^....F-.\.t ..s....."a?...t ..k..................$...$...#............T...t ..b......)..4.t ..t .1 .>..........ED$...$................q...t .`>...........i..t .mF..333.333.338.NH..OI..?<.R333.fT<B.L..L.WJ9.333.333..nC~.L..J...........................................

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 23:44:56.909627914 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:56.909673929 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:56.909749031 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:56.910031080 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:56.910053015 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:56.910115957 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:56.910188913 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:56.910208941 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:56.910309076 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:56.910332918 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.130208969 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.130422115 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.130431890 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.131606102 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.131616116 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.131679058 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.131803989 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.131844044 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.132468939 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.132530928 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.132586956 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.132592916 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.133292913 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.133367062 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.133590937 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.133671999 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.175942898 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.175991058 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.176006079 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.223925114 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.640712023 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.640822887 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.640952110 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.641844988 CEST	49708	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.641886950 CEST	443	49708	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.678179026 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:57.720125914 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:57.846009970 CEST	49677	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:44:57.846035957 CEST	49676	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:44:57.846473932 CEST	49678	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:44:58.063771009 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.063831091 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.063872099 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.063905001 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.063910007 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.063931942 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.063971996 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.063982964 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064023018 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.064028978 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064093113 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064131021 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.064136982 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064177990 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064212084 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064214945 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.064224005 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064259052 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.064677954 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064743042 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064779997 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064781904 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.064795971 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.064831972 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.064837933 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.065553904 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.065596104 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.065604925 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.065624952 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.065665007 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.065668106 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.065679073 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.065707922 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.065716028 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.066472054 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.066508055 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.066528082 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.066539049 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.066577911 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.066584110 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.066646099 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.066695929 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.066829920 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.066840887 CEST	443	49707	172.67.128.18	192.168.2.17
Apr 18, 2024 23:44:58.066848993 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.066884041 CEST	49707	443	192.168.2.17	172.67.128.18
Apr 18, 2024 23:44:58.183839083 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.183923960 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.184022903 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.184273005 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.184302092 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.402112007 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.402466059 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.402509928 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.403547049 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.403625965 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.404009104 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.404081106 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.404170036 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.404186010 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.453959942 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.658880949 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.658914089 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.658955097 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.659019947 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.659090996 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.659132957 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.659137964 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.659162045 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.659178972 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.659245014 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.659280062 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.659303904 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.659326077 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.659331083 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.659348011 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.659380913 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.660072088 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.660118103 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.660137892 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.660139084 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.660151005 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.660195112 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.660639048 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.660676003 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.660696983 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.660701990 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.660715103 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.660765886 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.661439896 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.661508083 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.661508083 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.661521912 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.661559105 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.661580086 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.661581993 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.661591053 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.661647081 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.661662102 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.661680937 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:44:58.661729097 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.661772013 CEST	49710	443	192.168.2.17	104.21.0.142
Apr 18, 2024 23:44:58.661798000 CEST	443	49710	104.21.0.142	192.168.2.17
Apr 18, 2024 23:45:01.604146957 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:01.604190111 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:01.604285002 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:01.604552984 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:01.604588985 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:01.824470997 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:01.824841976 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:01.824902058 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:01.826561928 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:01.826658964 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:01.827866077 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:01.827967882 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:01.879117012 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:01.879175901 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:01.927165985 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:08.328430891 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:08.328491926 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:08.328609943 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:08.330914974 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:08.330933094 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:08.961695910 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:08.961822987 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:08.964895964 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:08.964911938 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:08.965406895 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.014967918 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:09.039736032 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:09.080117941 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.143090010 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.247111082 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.248272896 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.248320103 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.248347998 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.248394966 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.249694109 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.249707937 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.249974012 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.250282049 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.250381947 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.353492022 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.353545904 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.353585958 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.353620052 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.353769064 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.353777885 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.354003906 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.354096889 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.457606077 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 23:45:09.457779884 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 23:45:09.564920902 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.564953089 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.564961910 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.564975023 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.565004110 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.565023899 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:09.565037966 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.565051079 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.565119982 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:09.565124989 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.565148115 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.565171957 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:09.565196037 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:09.580667019 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:09.580698967 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:09.580710888 CEST	49712	443	192.168.2.17	40.68.123.157
Apr 18, 2024 23:45:09.580718040 CEST	443	49712	40.68.123.157	192.168.2.17
Apr 18, 2024 23:45:11.855540991 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:11.855643988 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:11.855700016 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:12.929042101 CEST	49711	443	192.168.2.17	64.233.177.104
Apr 18, 2024 23:45:12.929086924 CEST	443	49711	64.233.177.104	192.168.2.17
Apr 18, 2024 23:45:14.342509031 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 23:45:14.646042109 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 23:45:15.250092983 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 23:45:16.463994026 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 23:45:16.643176079 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:16.643258095 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:16.643369913 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:16.644948959 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:16.644994974 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:16.861886024 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:16.862055063 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:16.865871906 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:16.865891933 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:16.866302967 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:16.910087109 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:16.918466091 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:16.964127064 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.064683914 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.064766884 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.064933062 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.065083027 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.065119982 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.065143108 CEST	49717	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.065154076 CEST	443	49717	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.214231968 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.214288950 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.214411020 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.214797020 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.214814901 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.426997900 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.427171946 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.428803921 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.428814888 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.429045916 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.430490971 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.476109982 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.634246111 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.634320974 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.634373903 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.635807991 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.635843039 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.635857105 CEST	49718	443	192.168.2.17	23.63.206.91
Apr 18, 2024 23:45:17.635864973 CEST	443	49718	23.63.206.91	192.168.2.17
Apr 18, 2024 23:45:17.807929039 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:17.807971001 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:17.808062077 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:17.808268070 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:17.808284044 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.182992935 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.183099031 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.201102018 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.201149940 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.201415062 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.201936960 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.201998949 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.202027082 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.402510881 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.402555943 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.402695894 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.434577942 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.434617043 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.499198914 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.499232054 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.499258041 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.499340057 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.499344110 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.499596119 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.499597073 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.499722958 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.499764919 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.499795914 CEST	49719	443	192.168.2.17	40.126.28.19
Apr 18, 2024 23:45:18.499811888 CEST	443	49719	40.126.28.19	192.168.2.17
Apr 18, 2024 23:45:18.503402948 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 23:45:18.656732082 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:18.656833887 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:18.656969070 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:18.660008907 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:18.660046101 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:18.770963907 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.771075964 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.775466919 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.775511980 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.775873899 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.804007053 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 23:45:18.819103003 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.823451996 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.867036104 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 23:45:18.868118048 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.942822933 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.942869902 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.942908049 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.942915916 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.942948103 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.942985058 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.943011999 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.943026066 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.943037987 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.943053007 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.943191051 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.943438053 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.957967997 CEST	49720	443	192.168.2.17	13.107.5.88
Apr 18, 2024 23:45:18.957993984 CEST	443	49720	13.107.5.88	192.168.2.17
Apr 18, 2024 23:45:18.984591007 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:18.984694004 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:18.985394001 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:18.985485077 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.083223104 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.083285093 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:19.083704948 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:19.083785057 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.085714102 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.085758924 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:19.321760893 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:19.321788073 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:19.321845055 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.321877956 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:19.321896076 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.321942091 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:19.321943045 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.321981907 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.325438023 CEST	49721	443	192.168.2.17	13.107.21.200
Apr 18, 2024 23:45:19.325464964 CEST	443	49721	13.107.21.200	192.168.2.17
Apr 18, 2024 23:45:19.405996084 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 23:45:20.614984989 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 23:45:23.021017075 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 23:45:23.675040960 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 23:45:27.833014011 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 23:45:33.284137964 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 23:45:37.448028088 CEST	49680	443	192.168.2.17	20.189.173.13

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 23:44:56.769990921 CEST	63805	53	192.168.2.17	1.1.1.1
Apr 18, 2024 23:44:56.770128012 CEST	49836	53	192.168.2.17	1.1.1.1
Apr 18, 2024 23:44:56.880650043 CEST	53	61893	1.1.1.1	192.168.2.17
Apr 18, 2024 23:44:56.896717072 CEST	53	49836	1.1.1.1	192.168.2.17
Apr 18, 2024 23:44:56.898232937 CEST	53	58558	1.1.1.1	192.168.2.17
Apr 18, 2024 23:44:56.909090042 CEST	53	63805	1.1.1.1	192.168.2.17
Apr 18, 2024 23:44:57.500890017 CEST	53	49333	1.1.1.1	192.168.2.17
Apr 18, 2024 23:44:58.071114063 CEST	56793	53	192.168.2.17	1.1.1.1
Apr 18, 2024 23:44:58.071311951 CEST	50431	53	192.168.2.17	1.1.1.1
Apr 18, 2024 23:44:58.176381111 CEST	53	56793	1.1.1.1	192.168.2.17
Apr 18, 2024 23:44:58.183212996 CEST	53	50431	1.1.1.1	192.168.2.17
Apr 18, 2024 23:45:01.497420073 CEST	55742	53	192.168.2.17	1.1.1.1
Apr 18, 2024 23:45:01.497622013 CEST	61751	53	192.168.2.17	1.1.1.1
Apr 18, 2024 23:45:01.602060080 CEST	53	61751	1.1.1.1	192.168.2.17
Apr 18, 2024 23:45:01.602844954 CEST	53	55742	1.1.1.1	192.168.2.17
Apr 18, 2024 23:45:14.512185097 CEST	53	53113	1.1.1.1	192.168.2.17
Apr 18, 2024 23:45:33.374912977 CEST	53	64178	1.1.1.1	192.168.2.17

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 23:44:56.769990921 CEST	192.168.2.17	1.1.1.1	0x167d	Standard query (0)	engagetexting.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:44:56.770128012 CEST	192.168.2.17	1.1.1.1	0x7010	Standard query (0)	engagetexting.com	65	IN (0x0001)	false
Apr 18, 2024 23:44:58.071114063 CEST	192.168.2.17	1.1.1.1	0x5e67	Standard query (0)	engagetexting.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:44:58.071311951 CEST	192.168.2.17	1.1.1.1	0x489	Standard query (0)	engagetexting.com	65	IN (0x0001)	false
Apr 18, 2024 23:45:01.497420073 CEST	192.168.2.17	1.1.1.1	0xdc08	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:45:01.497622013 CEST	192.168.2.17	1.1.1.1	0x57c8	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 23:44:56.896717072 CEST	1.1.1.1	192.168.2.17	0x7010	No error (0)	engagetexting.com		65	IN (0x0001)	false
Apr 18, 2024 23:44:56.909090042 CEST	1.1.1.1	192.168.2.17	0x167d	No error (0)	engagetexting.com	172.67.128.18	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:44:56.909090042 CEST	1.1.1.1	192.168.2.17	0x167d	No error (0)	engagetexting.com	104.21.0.142	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:44:58.176381111 CEST	1.1.1.1	192.168.2.17	0x5e67	No error (0)	engagetexting.com	104.21.0.142	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:44:58.176381111 CEST	1.1.1.1	192.168.2.17	0x5e67	No error (0)	engagetexting.com	172.67.128.18	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:44:58.183212996 CEST	1.1.1.1	192.168.2.17	0x489	No error (0)	engagetexting.com		65	IN (0x0001)	false
Apr 18, 2024 23:45:01.602060080 CEST	1.1.1.1	192.168.2.17	0x57c8	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 18, 2024 23:45:01.602844954 CEST	1.1.1.1	192.168.2.17	0xdc08	No error (0)	www.google.com	64.233.177.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:45:01.602844954 CEST	1.1.1.1	192.168.2.17	0xdc08	No error (0)	www.google.com	64.233.177.147	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:45:01.602844954 CEST	1.1.1.1	192.168.2.17	0xdc08	No error (0)	www.google.com	64.233.177.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:45:01.602844954 CEST	1.1.1.1	192.168.2.17	0xdc08	No error (0)	www.google.com	64.233.177.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:45:01.602844954 CEST	1.1.1.1	192.168.2.17	0xdc08	No error (0)	www.google.com	64.233.177.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 23:45:01.602844954 CEST	1.1.1.1	192.168.2.17	0xdc08	No error (0)	www.google.com	64.233.177.105	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

engagetexting.com

https:

slscr.update.microsoft.com

fs.microsoft.com

evoke-windowsservices-tas.msedge.net

www.bing.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49708	172.67.128.18	443	6176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:44:57 UTC	690	OUT	GET /kwik-kar-donation-request-form HTTP/1.1 Host: engagetexting.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:44:57 UTC	601	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:44:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yU0kVzlKBlyTGq3ItH2qk0KJSO7m4Zu1xsHhGdec0h6hyP3kwQrsfC22YPDk6kKz4sQD8g2VneqmszWeN7zLFFGKpqPAQC0KNz5VQOy7l8p4Rc1sjD%2BK%2F3qEZGyWo3BHySBOLA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8767d6ce381069f2-ATL alt-svc: h3=":443"; ma=86400
2024-04-18 21:44:57 UTC	45	IN	Data Raw: 32 37 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 32 3e 34 30 34 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a Data Ascii: 27<center><h2>404 Not found</h2></center>
2024-04-18 21:44:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49707	172.67.128.18	443	6176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:44:57 UTC	620	OUT	GET /favicon.ico HTTP/1.1 Host: engagetexting.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://engagetexting.com/kwik-kar-donation-request-form Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:44:58 UTC	666	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:44:58 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: MISS Last-Modified: Thu, 18 Apr 2024 21:44:58 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QXq1SYfEmA1ew9E3TLcWAYJw0tka9PLE8ILjOslncsRZLBDGLVqB5Veyz%2BNADOTU0jFYEN4RPRCETSaraXar6formy9g%2B2avKfYM%2FV8VbRJOC1HhjOOTHueVzTe285HiB%2FrjiQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8767d6d0ce38452c-ATL alt-svc: h3=":443"; ma=86400
2024-04-18 21:44:58 UTC	703	IN	Data Raw: 37 64 31 35 0d 0a 00 00 01 00 05 00 10 10 00 00 01 00 20 00 68 04 00 00 56 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 be 04 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 46 0e 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 ee 1e 00 00 40 40 00 00 01 00 20 00 28 42 00 00 96 44 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff Data Ascii: 7d15 hV F00 %@@ (BD(
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: 94 00 00 00 00 00 00 00 00 00 00 05 04 21 1a dd e8 24 1c ed ff 24 1c ed ff 24 1c ed ff 0e 0a 5c 5e 00 00 00 00 46 2d 0c 5c b4 74 20 ff b3 73 1f ff 1c 12 05 22 61 3f 11 82 b4 74 20 ff a6 6b 1d e6 03 02 00 04 00 00 00 00 00 00 00 00 16 11 94 98 24 1c ed ff 24 1c ed ff 23 1b e8 f8 02 02 11 10 00 00 00 00 82 54 17 b0 b4 74 20 ff 98 62 1b d0 00 00 00 00 29 1a 07 34 b4 74 20 ff b4 74 20 ff 31 20 08 3e 00 00 00 00 00 00 00 00 0a 08 45 44 24 1c ed ff 24 1c ed ff 1a 14 ad b2 00 00 00 00 0d 08 02 0e b0 71 1f f8 b4 74 20 ff 60 3e 11 82 00 00 00 00 02 01 00 02 a4 69 1d e2 b4 74 20 ff 6d 46 13 92 33 33 33 00 33 33 33 00 33 33 38 04 4e 48 e9 c2 4f 49 f0 cc 3f 3c 86 52 33 33 33 00 66 54 3c 42 c3 8f 4c cc c3 8f 4c cc 57 4a 39 2e 33 33 33 00 33 33 33 00 8f 6e 43 7e c3 8f Data Ascii: !$$$\^F-\t s"a?t k$$#Tt b)4t t 1 >ED$$qt `>it mF333333338NHOI?<R333fT<BLLWJ9.333333nC~
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: 12 0e 77 74 00 00 00 02 00 00 00 02 1e 13 05 24 b3 73 1f ff b4 74 20 ff b4 73 20 ff b4 73 20 ff b4 73 20 ff 5e 3c 10 78 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 00 11 0d 76 74 24 1b ed ff 24 1c ed ff 23 1b ec ff 0a 07 42 3e 00 00 00 02 16 11 92 92 23 1c ec ff 24 1c ec ff 23 1b ec ff 06 04 27 20 00 00 00 02 00 00 00 00 5a 3a 10 76 b4 73 20 ff b3 74 20 ff b4 73 20 ff b4 73 20 ff b3 73 20 ff 99 63 1b cc 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 05 04 26 20 23 1b ec ff 23 1c ec ff 23 1c ec ff 15 10 8d 8c 00 00 02 02 21 19 d9 e0 23 1c ec ff 23 1c ec ff 1e 17 c6 ca 00 00 00 00 00 00 00 00 00 00 00 00 96 60 1a ca b3 74 20 ff b3 74 20 ff b3 73 20 ff b3 74 20 ff b3 73 20 ff b3 74 20 ff 20 14 05 22 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 1d 17 c5 Data Ascii: wt$st s s s ^<xvt$$#B>#$#' Z:vs t s s s c& ###!##`t t s t s t "
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: fe fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 0f 8f 1f 00 8f 0f 0f 00 87 0e 0f 00 87 1e 0f 00 c6 1e 07 00 c2 1c 07 00 c2 3c 07 00 e0 3c 43 00 e0 38 43 00 e0 78 63 00 f0 78 e1 00 f0 70 e1 00 f0 f0 f1 00 f8 f1 f0 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: <<C8Cxcxp( @
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff 4b 30 0d 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 02 11 0a 23 1b e7 f0 24 1c ed ff 24 1c ed ff 24 1c ed ff 23 1b e9 f4 03 02 14 0c 00 00 00 00 00 00 00 00 00 00 00 00 06 04 28 1e 24 1c ed fc 24 1c ed ff 24 1c ed ff 24 1c ed ff 21 19 db e0 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 6e 47 13 90 b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff 88 57 18 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 14 aa a6 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 0d 0a 58 50 00 00 00 00 00 00 00 00 00 00 00 00 11 0d 71 6a 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 16 11 91 8c 00 00 00 00 00 00 00 00 00 00 00 00 03 02 00 04 a6 6b 1d e2 b4 Data Ascii: t t t t K0\#$$$#($$$$!nGt t t t t W$$$$XPqj$$$$k
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: ff 16 11 92 90 00 00 00 00 00 00 00 00 00 00 00 00 03 02 00 02 a6 6b 1d e0 b4 74 20 ff b4 74 20 ff b4 74 20 ff b3 73 1f ff 1e 13 05 1c 00 00 00 00 03 02 00 02 a5 6a 1d dc b4 74 20 ff b4 74 20 ff b4 74 20 ff b0 71 1f f2 0d 08 02 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 0b 63 5a 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 0a 07 42 3c 00 00 00 00 00 00 00 00 00 00 00 00 32 20 09 38 b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff 98 62 1b ca 00 00 00 00 00 00 00 00 00 00 00 00 6f 47 13 8e b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff 45 2c 0c 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 02 17 0e 23 1b e9 f6 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 21 19 Data Ascii: kt t t sjt t t qcZ$$$$$$$B<2 8t t t t boGt t t t E,R#$$$$$!
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff ff ff ff ff Data Ascii:
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: ff ff 02 ff ff ff 02 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 ff ff ff 02 ff ff ff 00 fe fe fe 02 ff ff ff 00 ff ff ff 00 fe fe fe 02 fe fe fe 00 ff ff ff 00 fe fe fe 02 ff ff ff 00 fe fe fe 00 ff ff ff 00 ff ff ff 00 fe fe fe 00 Data Ascii:
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: ec ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 13 0f 82 74 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 02 06 05 2d 20 24 1c ed fc 23 1c ed ff 24 1c ec ff 23 1b ec ff 24 1b ec ff 23 1c ed ff 23 1b ec ff 12 0e 76 66 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 01 01 00 02 9e 65 1c c4 b4 74 20 ff b4 74 20 ff b3 73 20 ff b4 74 20 ff b4 74 20 ff b3 73 20 ff b4 74 20 ff 61 3e 11 74 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 02 1d 17 c3 b8 23 1c ed ff 24 1c ed ff 24 1c ed ff 23 1c ec ff 23 1c ed ff 24 1c ed ff 1e 18 cb c4 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 02 12 0e 7b 6c 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 Data Ascii: $$$t- $#$#$##vfet t s t t s t a>t#$$##${l####
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: a0 00 00 00 02 00 00 00 02 00 00 00 02 0e 0b 5d 4c 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 1b ec fc 06 04 28 18 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 1f 14 05 1c b4 73 20 fa b4 73 20 ff b3 73 20 ff b4 73 20 ff b3 73 20 ff b3 73 20 ff b4 73 20 ff b4 73 20 ff b3 73 20 ff b3 73 20 ff b3 73 20 ff b4 74 20 ff 9d 65 1c c4 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 11 0d 74 68 24 1b ec ff 24 1b ec ff 24 1b ec ff 24 1c ec ff 24 1b ec ff 24 1b ed ff 23 1b e7 ec 02 01 0e 06 00 00 00 00 00 00 00 00 19 13 a6 9c 24 1b ec ff 24 1b ec ff 24 1b ec ff 24 1b ed ff 24 1b ec ff 24 1b ec ff 1e 17 c6 be 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ]L#######(s s s s s s s s s s s t eth$$$$$$#$$$$$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49710	104.21.0.142	443	6176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:44:58 UTC	352	OUT	GET /favicon.ico HTTP/1.1 Host: engagetexting.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 21:44:58 UTC	669	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 21:44:58 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 0 Last-Modified: Thu, 18 Apr 2024 21:44:58 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bus%2Bf2W4eCljAiEHNn4eJFa6ZnETjyNCcOjtm4jnpDYSvlFRzxzWTPnw5DD5wnop57BooXyyZGAVBFzxJECtuO4LbaOb2L8nEsUVWaTJ3Pzck9i5xo5zzc36B%2BSiA7H5zLwegQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8767d6d638776787-ATL alt-svc: h3=":443"; ma=86400
2024-04-18 21:44:58 UTC	700	IN	Data Raw: 37 64 31 32 0d 0a 00 00 01 00 05 00 10 10 00 00 01 00 20 00 68 04 00 00 56 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 be 04 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 46 0e 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 ee 1e 00 00 40 40 00 00 01 00 20 00 28 42 00 00 96 44 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff Data Ascii: 7d12 hV F00 %@@ (BD(
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: 6d 46 13 94 00 00 00 00 00 00 00 00 00 00 05 04 21 1a dd e8 24 1c ed ff 24 1c ed ff 24 1c ed ff 0e 0a 5c 5e 00 00 00 00 46 2d 0c 5c b4 74 20 ff b3 73 1f ff 1c 12 05 22 61 3f 11 82 b4 74 20 ff a6 6b 1d e6 03 02 00 04 00 00 00 00 00 00 00 00 16 11 94 98 24 1c ed ff 24 1c ed ff 23 1b e8 f8 02 02 11 10 00 00 00 00 82 54 17 b0 b4 74 20 ff 98 62 1b d0 00 00 00 00 29 1a 07 34 b4 74 20 ff b4 74 20 ff 31 20 08 3e 00 00 00 00 00 00 00 00 0a 08 45 44 24 1c ed ff 24 1c ed ff 1a 14 ad b2 00 00 00 00 0d 08 02 0e b0 71 1f f8 b4 74 20 ff 60 3e 11 82 00 00 00 00 02 01 00 02 a4 69 1d e2 b4 74 20 ff 6d 46 13 92 33 33 33 00 33 33 33 00 33 33 38 04 4e 48 e9 c2 4f 49 f0 cc 3f 3c 86 52 33 33 33 00 66 54 3c 42 c3 8f 4c cc c3 8f 4c cc 57 4a 39 2e 33 33 33 00 33 33 33 00 8f 6e 43 Data Ascii: mF!$$$\^F-\t s"a?t k$$#Tt b)4t t 1 >ED$$qt `>it mF333333338NHOI?<R333fT<BLLWJ9.333333nC
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: 1b ed ff 12 0e 77 74 00 00 00 02 00 00 00 02 1e 13 05 24 b3 73 1f ff b4 74 20 ff b4 73 20 ff b4 73 20 ff b4 73 20 ff 5e 3c 10 78 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 00 11 0d 76 74 24 1b ed ff 24 1c ed ff 23 1b ec ff 0a 07 42 3e 00 00 00 02 16 11 92 92 23 1c ec ff 24 1c ec ff 23 1b ec ff 06 04 27 20 00 00 00 02 00 00 00 00 5a 3a 10 76 b4 73 20 ff b3 74 20 ff b4 73 20 ff b4 73 20 ff b3 73 20 ff 99 63 1b cc 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 05 04 26 20 23 1b ec ff 23 1c ec ff 23 1c ec ff 15 10 8d 8c 00 00 02 02 21 19 d9 e0 23 1c ec ff 23 1c ec ff 1e 17 c6 ca 00 00 00 00 00 00 00 00 00 00 00 00 96 60 1a ca b3 74 20 ff b3 74 20 ff b3 73 20 ff b3 74 20 ff b3 73 20 ff b3 74 20 ff 20 14 05 22 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 Data Ascii: wt$st s s s ^<xvt$$#B>#$#' Z:vs t s s s c& ###!##`t t s t s t "
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 fe fe fe 02 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 0f 8f 1f 00 8f 0f 0f 00 87 0e 0f 00 87 1e 0f 00 c6 1e 07 00 c2 1c 07 00 c2 3c 07 00 e0 3c 43 00 e0 38 43 00 e0 78 63 00 f0 78 e1 00 f0 70 e1 00 f0 f0 f1 00 f8 f1 f0 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: <<C8Cxcxp( @
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: 3c b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff 4b 30 0d 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 02 11 0a 23 1b e7 f0 24 1c ed ff 24 1c ed ff 24 1c ed ff 23 1b e9 f4 03 02 14 0c 00 00 00 00 00 00 00 00 00 00 00 00 06 04 28 1e 24 1c ed fc 24 1c ed ff 24 1c ed ff 24 1c ed ff 21 19 db e0 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 6e 47 13 90 b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff 88 57 18 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 14 aa a6 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 0d 0a 58 50 00 00 00 00 00 00 00 00 00 00 00 00 11 0d 71 6a 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 16 11 91 8c 00 00 00 00 00 00 00 00 00 00 00 00 03 02 00 04 a6 6b Data Ascii: <t t t t t K0\#$$$#($$$$!nGt t t t t W$$$$XPqj$$$$k
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: 24 1c ed ff 16 11 92 90 00 00 00 00 00 00 00 00 00 00 00 00 03 02 00 02 a6 6b 1d e0 b4 74 20 ff b4 74 20 ff b4 74 20 ff b3 73 1f ff 1e 13 05 1c 00 00 00 00 03 02 00 02 a5 6a 1d dc b4 74 20 ff b4 74 20 ff b4 74 20 ff b0 71 1f f2 0d 08 02 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 0b 63 5a 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 0a 07 42 3c 00 00 00 00 00 00 00 00 00 00 00 00 32 20 09 38 b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff 98 62 1b ca 00 00 00 00 00 00 00 00 00 00 00 00 6f 47 13 8e b4 74 20 ff b4 74 20 ff b4 74 20 ff b4 74 20 ff 45 2c 0c 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 02 17 0e 23 1b e9 f6 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 24 1c ed Data Ascii: $kt t t sjt t t qcZ$$$$$$$B<2 8t t t t boGt t t t E,R#$$$$$
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff ff Data Ascii:
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: ff 02 ff ff ff 02 ff ff ff 02 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 fe fe fe 00 ff ff ff 02 ff ff ff 00 fe fe fe 02 ff ff ff 00 ff ff ff 00 fe fe fe 02 fe fe fe 00 ff ff ff 00 fe fe fe 02 ff ff ff 00 fe fe fe 00 ff ff ff 00 ff ff ff 00 fe Data Ascii:
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: ff 24 1b ec ff 24 1c ed ff 24 1c ed ff 24 1c ed ff 13 0f 82 74 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 02 06 05 2d 20 24 1c ed fc 23 1c ed ff 24 1c ec ff 23 1b ec ff 24 1b ec ff 23 1c ed ff 23 1b ec ff 12 0e 76 66 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 01 01 00 02 9e 65 1c c4 b4 74 20 ff b4 74 20 ff b3 73 20 ff b4 74 20 ff b4 74 20 ff b3 73 20 ff b4 74 20 ff 61 3e 11 74 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 02 1d 17 c3 b8 23 1c ed ff 24 1c ed ff 24 1c ed ff 23 1c ec ff 23 1c ed ff 24 1c ed ff 1e 18 cb c4 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 02 12 0e 7b 6c 23 1c ed ff 23 1c ed ff 23 1c Data Ascii: $$$$t- $#$#$##vfet t s t t s t a>t#$$##${l###
2024-04-18 21:44:58 UTC	1369	IN	Data Raw: 19 13 a7 a0 00 00 00 02 00 00 00 02 00 00 00 02 0e 0b 5d 4c 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 1c ed ff 23 1b ec fc 06 04 28 18 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 1f 14 05 1c b4 73 20 fa b4 73 20 ff b3 73 20 ff b4 73 20 ff b3 73 20 ff b3 73 20 ff b4 73 20 ff b4 73 20 ff b3 73 20 ff b3 73 20 ff b3 73 20 ff b4 74 20 ff 9d 65 1c c4 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 11 0d 74 68 24 1b ec ff 24 1b ec ff 24 1b ec ff 24 1c ec ff 24 1b ec ff 24 1b ed ff 23 1b e7 ec 02 01 0e 06 00 00 00 00 00 00 00 00 19 13 a6 9c 24 1b ec ff 24 1b ec ff 24 1b ec ff 24 1b ed ff 24 1b ec ff 24 1b ec ff 1e 17 c6 be 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ]L#######(s s s s s s s s s s s t eth$$$$$$#$$$$$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.17	49712	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:45:09 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=G7CzpC2CSp7CX6b&MD=BEDmyme7 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-18 21:45:09 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: ba0f6b0b-49be-4f81-b575-51e473d94b08 MS-RequestId: 931ce8c8-05a9-41ab-b2e9-b85d1fad825f MS-CV: vpei7DzLrk+rj8o8.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 18 Apr 2024 21:45:08 GMT Connection: close Content-Length: 24490
2024-04-18 21:45:09 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-18 21:45:09 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.17	49717	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:45:16 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 21:45:17 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=206311 Date: Thu, 18 Apr 2024 21:45:17 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.17	49718	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:45:17 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 21:45:17 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=206296 Date: Thu, 18 Apr 2024 21:45:17 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-18 21:45:17 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.17	49719	40.126.28.19	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:45:18 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4788 Host: login.live.com
2024-04-18 21:45:18 UTC	4788	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-04-18 21:45:18 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 18 Apr 2024 21:44:18 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: 6aa726ac-c4d4-420f-bb9b-2044798173c9 PPServer: PPV: 30 H: SN1PEPF0002F1B0 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 18 Apr 2024 21:45:18 GMT Connection: close Content-Length: 11153
2024-04-18 21:45:18 UTC	11153	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.17	49720	13.107.5.88	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:45:18 UTC	537	OUT	GET /ab HTTP/1.1 Host: evoke-windowsservices-tas.msedge.net Cache-Control: no-store, no-cache X-PHOTOS-CALLERID: 9NMPJ99VJBWV X-EVOKE-RING: X-WINNEXT-RING: Public X-WINNEXT-TELEMETRYLEVEL: Basic X-WINNEXT-OSVERSION: 10.0.19045.0 X-WINNEXT-APPVERSION: 1.23082.131.0 X-WINNEXT-PLATFORM: Desktop X-WINNEXT-CANTAILOR: False X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd} X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI= If-None-Match: 2056388360_-1434155563 Accept-Encoding: gzip, deflate, br
2024-04-18 21:45:18 UTC	436	IN	HTTP/1.1 200 OK Content-Length: 7285 Content-Type: application/json; charset=utf-8 ETag: 544088396_1246051562 Strict-Transport-Security: max-age=2592000 X-Content-Type-Options: nosniff X-ExP-TrackingId: 9551dc7a-20ef-47bc-986d-4daad4381c24 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: A4696CD6EDA849BF9F6D50317D3842BF Ref B: ATL331000107049 Ref C: 2024-04-18T21:45:18Z Date: Thu, 18 Apr 2024 21:45:18 GMT Connection: close
2024-04-18 21:45:18 UTC	1024	IN	Data Raw: 7b 22 46 65 61 74 75 72 65 73 22 3a 5b 22 68 69 67 68 71 75 61 6c 69 74 79 63 61 70 74 75 72 65 63 22 2c 22 79 6f 61 6c 77 39 38 30 31 63 66 22 2c 22 79 6f 63 33 37 32 31 22 2c 22 61 61 74 65 73 31 32 31 22 2c 22 79 6f 63 61 6c 38 33 30 22 2c 22 65 6d 70 72 6f 37 30 32 22 2c 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 79 6f 79 70 70 31 31 37 22 2c 22 79 6f 79 70 70 35 36 31 22 2c 22 79 6f 70 68 6f 31 35 36 22 2c 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 79 6f 72 65 6d 37 38 32 22 2c 22 79 6f 72 65 6d 33 32 35 22 2c 22 79 6f 72 6f 6d 39 33 39 22 2c 22 79 6f 79 70 70 36 33 38 22 2c 22 79 6f 61 61 6f 77 63 34 36 63 66 22 2c 22 79 6f 35 35 36 22 2c 22 79 6f 61 61 6f 32 36 37 22 2c 22 79 6f 70 72 69 32 35 Data Ascii: {"Features":["highqualitycapturec","yoalw9801cf","yoc3721","aates121","yocal830","empro702","yonon248","contactsv2synconly","yoypp117","yoypp561","yopho156","ypromeless","yorem782","yorem325","yorom939","yoypp638","yoaaowc46cf","yo556","yoaao267","yopri25
2024-04-18 21:45:18 UTC	1024	IN	Data Raw: 2c 22 31 34 67 36 22 3a 22 61 61 74 65 73 31 32 31 22 2c 22 31 38 66 7a 22 3a 22 79 6f 63 61 6c 38 33 30 22 2c 22 31 68 6a 65 22 3a 22 65 6d 70 72 6f 37 30 32 22 2c 22 31 71 61 38 22 3a 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 31 77 6d 74 22 3a 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 32 69 77 6a 22 3a 22 79 6f 79 70 70 31 31 37 22 2c 22 32 6a 36 61 22 3a 22 79 6f 79 70 70 35 36 31 22 2c 22 32 6b 71 32 22 3a 22 79 6f 70 68 6f 31 35 36 22 2c 22 32 6c 61 64 22 3a 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 32 6f 63 64 22 3a 22 79 6f 72 65 6d 37 38 32 22 2c 22 32 72 65 6b 22 3a 22 79 6f 72 65 6d 33 32 35 22 2c 22 32 73 63 78 22 3a 22 79 6f 72 6f 6d 39 33 39 22 2c 22 32 74 70 33 22 3a 22 79 6f 79 70 70 36 33 38 22 2c 22 33 30 62 38 22 3a 22 Data Ascii: ,"14g6":"aates121","18fz":"yocal830","1hje":"empro702","1qa8":"yonon248","1wmt":"contactsv2synconly","2iwj":"yoypp117","2j6a":"yoypp561","2kq2":"yopho156","2lad":"ypromeless","2ocd":"yorem782","2rek":"yorem325","2scx":"yorom939","2tp3":"yoypp638","30b8":"
2024-04-18 21:45:18 UTC	1024	IN	Data Raw: 32 36 34 22 2c 22 35 39 30 71 22 3a 22 34 61 33 30 64 34 35 35 22 2c 22 35 39 67 67 22 3a 22 32 69 32 68 65 31 31 38 22 2c 22 35 39 67 6a 22 3a 22 34 64 65 35 67 35 34 32 22 2c 22 35 39 76 7a 22 3a 22 62 65 63 34 34 37 35 37 22 2c 22 35 61 39 73 22 3a 22 39 38 34 65 39 37 37 34 22 2c 22 35 61 74 6b 22 3a 22 35 35 35 64 37 39 37 38 22 2c 22 35 62 61 74 22 3a 22 65 6a 66 34 36 37 39 35 22 2c 22 35 63 70 66 22 3a 22 34 39 62 34 67 31 33 33 22 2c 22 35 63 72 73 22 3a 22 33 62 66 39 67 38 35 35 22 2c 22 35 64 77 37 22 3a 22 69 34 37 62 65 31 37 38 22 2c 22 35 65 74 36 22 3a 22 32 34 38 66 61 31 38 36 22 2c 22 35 66 6c 32 22 3a 22 68 35 31 66 30 33 34 32 22 2c 22 35 66 79 6f 22 3a 22 68 64 65 31 67 32 36 37 22 2c 22 35 66 79 71 22 3a 22 34 6a 6a 66 62 37 36 38 Data Ascii: 264","590q":"4a30d455","59gg":"2i2he118","59gj":"4de5g542","59vz":"bec44757","5a9s":"984e9774","5atk":"555d7978","5bat":"ejf46795","5cpf":"49b4g133","5crs":"3bf9g855","5dw7":"i47be178","5et6":"248fa186","5fl2":"h51f0342","5fyo":"hde1g267","5fyq":"4jjfb768
2024-04-18 21:45:18 UTC	1024	IN	Data Raw: 7d 7d 2c 7b 22 49 64 22 3a 22 59 6f 75 72 50 68 6f 6e 65 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 41 41 4f 57 43 34 36 22 3a 36 34 30 30 2c 22 41 41 4f 57 43 34 37 22 3a 37 34 30 30 2c 22 41 41 4f 57 43 36 31 22 3a 31 36 30 30 2c 22 41 41 4f 57 43 36 32 22 3a 32 36 30 30 2c 22 41 41 4f 57 43 36 33 22 3a 33 36 30 30 2c 22 41 69 72 70 6c 61 6e 65 4d 6f 64 65 53 74 61 74 75 73 22 3a 74 72 75 65 2c 22 41 75 74 6f 48 79 64 72 61 74 65 64 49 6d 61 67 65 73 43 6f 75 6e 74 22 3a 30 2c 22 43 61 6c 6c 69 6e 67 41 6c 74 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 45 76 65 6e 74 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 45 78 69 74 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 4f 53 53 65 72 76 69 63 69 6e 67 46 69 Data Ascii: }},{"Id":"YourPhone","Parameters":{"AAOWC46":6400,"AAOWC47":7400,"AAOWC61":1600,"AAOWC62":2600,"AAOWC63":3600,"AirplaneModeStatus":true,"AutoHydratedImagesCount":0,"CallingAltBluetoothPairingEvent":true,"CallingExitConfirmation":true,"CallingOSServicingFi
2024-04-18 21:45:18 UTC	1024	IN	Data Raw: 3a 74 72 75 65 2c 22 49 73 41 75 74 68 56 32 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 4d 65 64 69 61 50 61 63 6b 43 68 65 63 6b 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 68 61 74 46 69 6c 74 65 72 54 6f 67 67 6c 65 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 73 65 6e 74 56 32 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 76 65 72 73 61 74 69 6f 6e 56 69 65 77 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 48 69 64 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 4d 75 74 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 50 69 6e 6e 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 53 65 61 72 63 68 22 3a 74 72 75 65 2c 22 Data Ascii: :true,"IsAuthV2Enabled":true,"MediaPackCheck":true,"MessagingChatFilterToggle":true,"MessagingConsentV2":true,"MessagingConversationView":true,"MessagingEnableHiding":true,"MessagingEnableMuting":true,"MessagingEnablePinning":true,"MessagingSearch":true,"
2024-04-18 21:45:18 UTC	1024	IN	Data Raw: 69 6e 67 54 6f 70 30 31 31 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 32 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 35 22 3a 74 72 75 65 2c 22 52 6f 6d 65 44 69 73 61 62 6c 65 64 22 3a 34 34 31 35 30 33 2c 22 53 65 63 75 72 65 43 6f 6e 74 65 6e 74 22 3a 74 72 75 65 2c 22 53 68 65 6c 6c 45 78 74 65 6e 64 65 64 4c 65 66 74 50 61 6e 65 22 3a 74 72 75 65 2c 22 54 65 73 74 46 65 61 74 75 72 65 32 22 3a 66 61 6c 73 65 2c 22 55 6e 69 76 65 72 73 61 6c 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 22 3a 74 72 75 65 2c 22 57 68 61 74 73 4e 65 77 43 4e 22 3a 74 72 75 65 2c 22 59 50 50 43 61 74 61 73 74 72 6f 70 68 69 63 45 72 72 6f 72 41 75 74 6f 52 65 73 65 74 22 3a 74 72 75 65 2c 22 59 50 50 43 6f 6e 73 65 63 75 74 69 76 Data Ascii: ingTop011":true,"RemotingTop012":true,"RemotingTop015":true,"RomeDisabled":441503,"SecureContent":true,"ShellExtendedLeftPane":true,"TestFeature2":false,"UniversalBluetoothPairing":true,"WhatsNewCN":true,"YPPCatastrophicErrorAutoReset":true,"YPPConsecutiv
2024-04-18 21:45:18 UTC	1024	IN	Data Raw: 79 6f 35 35 36 3a 33 30 39 38 36 35 35 36 3b 79 6f 61 61 6f 32 36 37 3a 33 30 34 33 34 36 37 32 3b 79 6f 70 72 69 32 35 37 3a 33 30 34 36 34 34 33 33 3b 79 6f 31 37 39 3a 33 30 34 34 35 33 31 30 3b 79 6f 69 73 61 38 36 31 3a 33 30 35 32 35 38 36 38 3b 79 6f 72 65 6d 31 34 31 3a 33 30 34 38 36 33 35 33 3b 79 6f 79 70 70 36 35 32 3a 33 30 35 31 35 34 38 33 3b 79 6f 35 32 35 3a 33 30 35 35 33 39 38 35 3b 79 6f 36 30 36 3a 33 30 35 32 37 38 35 30 3b 79 6f 6e 6f 74 36 33 33 3a 33 30 36 32 36 30 37 38 3b 79 6f 79 70 70 38 35 39 3a 33 30 36 38 37 38 35 39 3b 79 6f 69 6e 64 36 36 35 3a 33 30 35 39 35 31 36 33 3b 79 6f 64 63 67 38 33 30 3a 33 30 37 31 32 39 34 39 3b 6f 6e 6c 79 5f 74 6f 61 73 74 63 6f 6e 74 65 78 74 6d 65 6e 75 3a 33 30 36 34 38 30 38 31 3b 61 6a Data Ascii: yo556:30986556;yoaao267:30434672;yopri257:30464433;yo179:30445310;yoisa861:30525868;yorem141:30486353;yoypp652:30515483;yo525:30553985;yo606:30527850;yonot633:30626078;yoypp859:30687859;yoind665:30595163;yodcg830:30712949;only_toastcontextmenu:30648081;aj
2024-04-18 21:45:18 UTC	117	IN	Data Raw: 38 33 38 35 30 33 3b 35 30 63 37 39 31 30 36 3a 33 30 38 33 38 36 31 39 3b 6a 61 35 63 34 32 34 39 3a 33 31 30 30 36 32 34 34 3b 68 33 65 64 34 31 36 31 3a 33 30 38 39 31 37 38 34 3b 61 62 69 30 67 38 31 37 3a 33 30 39 35 32 38 37 35 3b 61 35 34 66 61 35 37 34 3a 33 30 39 39 33 33 34 39 3b 64 69 66 32 32 32 31 39 3a 33 30 39 36 30 34 30 32 3b 22 7d Data Ascii: 838503;50c79106:30838619;ja5c4249:31006244;h3ed4161:30891784;abi0g817:30952875;a54fa574:30993349;dif22219:30960402;"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.17	49721	13.107.21.200	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 21:45:19 UTC	2568	OUT	GET /client/config?cc=CH&setlang=en-CH HTTP/1.1 X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-UserAgeClass: Unknown X-BM-Market: CH X-BM-DateFormat: dd/MM/yyyy X-Device-OSSKU: 48 X-BM-DTZ: 120 X-DeviceID: 01000A41090080B6 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAVVEwqwOMzjCT8WbqC9LEB7w9OPvHSF2qBhl/GWhkEx3UDpua46xwrPKs3tkpkllE8gY4R3BUkatlP7BF8qi62Hvn79p67Rf%2BEwwaWDrCdNhJYvQYnx8QpL72SjWu3IhhWqi9AAGdLvPH1JoTO%2BkWP6H7ArOaxun/P/W%2B87gByDSuzHjOnHiceaLfxf7%2BILTGEKf0OsgIZZ4HS9xHcwFjgNJB6Dq6nXdxE9%2BdLuh1IHha/cBIrmoeioYEOC9EF%2BXeUhRGVMqPE1DN8Zw7VMMCUxhKp6EQT0et87vv/cfjMjEFyS3iXpZorHxQ2JmoxzS9H8UMe%2B4pAnvAoda6HbDRlADZgAACMMr7iWU69aNqAFRxyC7HS4eCql5rmVKLv7qETZ6WjnADIbrmhZog16qO6l/SQqKTWpLz8CIOaE9UkGCsRQ7feWia00NAey09irpFPxqEyIHFV9q4gp8ACu7/o0BncghX0I0Ce%2BsCXJeEHaxq3nWrxr2SuGSk20Af94aHCU6euVllr9XPHtOe5W8cRDDwumdLRo4b5O5ULiGyV0JS%2Blmx1lYABXpeysYU1h2q/mbQJs51KCYrmV0oGkIcyTy7Fxo%2BYTZKmrNVmZimcFkl7bLim9cNj1SyUNjX%2Bf8KfDDhuRamqRVjdyQCcnTzAZFRa6ioe1P%2BQt25xZmyt6ChmR8Jg3LbdEkKSOK1QI4lJKmubylSMtv5eZ/UGHl7wvVRz9GyGkuLlxmJ550STzujj8vFzIEEZWqGa0Ad22in9s6yBzHMOYW9p8C8J5v6F35hSQvnR6K/Z1wztYO%2Brq%2BMSX7dBUPXn8umndMPJniOOKsbMflRCvjlSTWYcvlJRsS2VRstIMl1aPF9DAzh/JIrrbJFz5GAeEshaywEbEfA2NN4YnXKe57AuDMirCkFS/oyEEXYeEf2AE%3D%26p%3D X-Agent-DeviceId: 01000A41090080B6 X-BM-CBT: 1713476716 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 X-Device-isOptin: false Accept-language: en-GB, en, en-US X-Device-Touch: false X-Device-ClientSession: 1EC6349DA18F4AF18A86D976BB1056D8 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI Host: www.bing.com Connection: Keep-Alive Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
2024-04-18 21:45:19 UTC	1463	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 2215 Content-Type: application/json; charset=utf-8 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _EDGE_S=SID=13FE796667EB60621C326D0366C261E1&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 13-May-2025 21:45:19 GMT; path=/; HttpOnly Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Tue, 13-May-2025 21:45:19 GMT; path=/; secure; SameSite=None Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None Set-Cookie: _SS=SID=13FE796667EB60621C326D0366C261E1; domain=.bing.com; path=/; secure; SameSite=None X-EventID: 6621946f57fd48a58237a34aacaa5772 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: FFD48EA03A4047F0B38F8FFFAA10AD71 Ref B: ATL331000101031 Ref C: 2024-04-18T21:45:19Z Date: Thu, 18 Apr 2024 21:45:18 GMT Connection: close
2024-04-18 21:45:19 UTC	2204	IN	Data Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65 Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value
2024-04-18 21:45:19 UTC	11	IN	Data Raw: 75 72 65 22 3a 22 22 7d 7d 7d 7d Data Ascii: ure":""}}}}

Target ID:	0
Start time:	23:44:55
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://engagetexting.com/kwik-kar-donation-request-form
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	23:44:55
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,18330707211503608032,9976634146919191405,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://engagetexting.com/kwik-kar-donation-request-form

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6092, Parent PID: 4576

General

Chronological Activities

Analysis Process: chrome.exePID: 6176, Parent PID: 6092

General

Chronological Activities

Windows Analysis Report
https://engagetexting.com/kwik-kar-donation-request-form