Edit tour

Windows Analysis Report
https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19

Overview

General Information

Sample URL:	https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6M
Analysis ID:	1430698
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Phishing site detected (based on shot match)

Detected hidden input values containing email addresses (often used in phishing pages)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2188,i,7996867401450965032,6276271718091418309,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on shot match)

Source: https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls

Matcher: Template: captcha matched

Source: https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls

HTTP Parser: dave.kessner@jameshardie.com

Source: https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.16.68.112:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.16.68.112:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49738 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.68.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167

Source: global traffic	HTTP traffic detected: GET /click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19 HTTP/1.1Host: link.support.kim4md.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls HTTP/1.1Host: kkl.nucleusemail.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: kkl.nucleusemail.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0NlsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpoQzhVcnphZHFzK2RacE9aOHpOV0E9PSIsInZhbHVlIjoiSHJ2S01aaUlaTkl2R0VRODJSamw3T2JvRWx3c0VEaUdHOUlQd2xLb1lIYThPRy8zdmtqeGVjd0pEbi9GOStsQUlGc0I4RVF4RHVKSEVpeW1LcXhRTFBEajlqR3J6cEZqNklucFNUQ0JhVnAvY3AvcVU4SVIrVytHODZJMWYwYnEiLCJtYWMiOiI0ZjRlMjhlYjc3YWRlNDQ1YmUzMzY1MWZlM2I4OGNmMjdhMDdlNTE3NjJiNDAzMTRhNjE1ZGFjYTNiZDYxOTdiIiwidGFnIjoiIn0%3D; nsession=eyJpdiI6IjhUOHBmR0E5a25GR3BEZjhncHpnRVE9PSIsInZhbHVlIjoiWXhzWHZrcVk2endDT2pQdHpiQ3laTDBUZXF1azJPeE1WYmlSc3dpTUw4K2FVZ2lpcm5odE9SYmZRa2dldkdyWDlJMlZzV0ZiekFnamlKdW42QURnM0VYVTlsZ3Yya09Gc05RZVF5WjdRU0tEcldJYW5xNktDRnIzUkwxdXQxRVIiLCJtYWMiOiIwYmNjZGI4ZTVmZDBlMzI5NWY5MTAzZTAzYTg2NzY0YzQxNTUzZjJiZmRlNGRiOWYxM2E5YWNjMzQyMGEyMWI5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: kkl.nucleusemail.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0NlsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpoQzhVcnphZHFzK2RacE9aOHpOV0E9PSIsInZhbHVlIjoiSHJ2S01aaUlaTkl2R0VRODJSamw3T2JvRWx3c0VEaUdHOUlQd2xLb1lIYThPRy8zdmtqeGVjd0pEbi9GOStsQUlGc0I4RVF4RHVKSEVpeW1LcXhRTFBEajlqR3J6cEZqNklucFNUQ0JhVnAvY3AvcVU4SVIrVytHODZJMWYwYnEiLCJtYWMiOiI0ZjRlMjhlYjc3YWRlNDQ1YmUzMzY1MWZlM2I4OGNmMjdhMDdlNTE3NjJiNDAzMTRhNjE1ZGFjYTNiZDYxOTdiIiwidGFnIjoiIn0%3D; nsession=eyJpdiI6IjhUOHBmR0E5a25GR3BEZjhncHpnRVE9PSIsInZhbHVlIjoiWXhzWHZrcVk2endDT2pQdHpiQ3laTDBUZXF1azJPeE1WYmlSc3dpTUw4K2FVZ2lpcm5odE9SYmZRa2dldkdyWDlJMlZzV0ZiekFnamlKdW42QURnM0VYVTlsZ3Yya09Gc05RZVF5WjdRU0tEcldJYW5xNktDRnIzUkwxdXQxRVIiLCJtYWMiOiIwYmNjZGI4ZTVmZDBlMzI5NWY5MTAzZTAzYTg2NzY0YzQxNTUzZjJiZmRlNGRiOWYxM2E5YWNjMzQyMGEyMWI5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: link.support.kim4md.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=vHoV25rZnWhfUezoSx3h99sJK4FrE1M5gME0qJfnml0eGr8%2FfZcf%2FUBiy2DIsjGccDQGkD4rBQUPVynh1CtpJHUx7jyQBUrWhctjWqArn1GXB%2BWOMSAoryhWsfnUCt%2FagwpUDZefyg%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 482Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 01:00:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, privateLocation: https://kkl.nucleusemail.com/nucleus_favicon.icoCF-Cache-Status: BYPASSSet-Cookie: XSRF-TOKEN=eyJpdiI6ImJkYkVOVit2cEhDUkNMbU1DWnlJWXc9PSIsInZhbHVlIjoidXBUblRndkFZZEF3VGYxRWpEcDFoVVJ5VjVFZzVMUkFwSmxrQWovUDBVdDlLeUpNUm90UFpYcVN4Ty8xdURzWTEzSUNmaTZ6bDhNNUtON0FCV0lUQUpCZnFBcmU5SnBiVitQUWdXeGY4ZHdUTk42MlloUzVaM0hjaC9vY2FReDUiLCJtYWMiOiI5MmQwZDAzZDk0ZTAyNmNkMDZjZDJmNzg2NzAzZDMxNGFkNGI2YWQ0OGE2MzA4ZjJhMDNjMGE5Y2RlNzgzYzZlIiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 03:00:52 GMT; Max-Age=7200; path=/Set-Cookie: nsession=eyJpdiI6IlQwMGNlTlNoUUJWTXk1V3RyVnZmT0E9PSIsInZhbHVlIjoiZGZldXhuNGJVU0tPT0xMcFFCZWVXRXpjQWJ4b0U3SFhYckk3elZpbEQ5MmhuZEpJQW5mUDRqZVVtUnJxeDJNaVU4c3dIazExbzJKOURLRkY4Ync3RkhselFqSURBWVVNWjRTcWdVend1b01OU1FKZU5DRE9TUUhRQ1diK1hLVzYiLCJtYWMiOiI0ZDkwZGYwODFjMzU1YmFmMzJjYWU3ZGYwYzQ1ODc3YTNkZTFiYjQ1ZGEwNDM1NTM4M2U5NzIwYjdmMzE4MDgzIiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 03:00:52 GMT; Max-Age=7200; path=/; httponly

Source: chromecache_43.2.dr

String found in binary or memory: https://kkl.nucleusemail.com/nucleus_favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.16.68.112:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.16.68.112:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49738 version: TLS 1.2

Source: classification engine

Classification label: sus20.phis.win@17/6@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2188,i,7996867401450965032,6276271718091418309,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2188,i,7996867401450965032,6276271718091418309,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://kkl.nucleusemail.com/nucleus_favicon.ico	0%	Avira URL Cloud	safe
https://kkl.nucleusemail.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	0%	Avira URL Cloud	safe
https://kkl.nucleusemail.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
kkl.nucleusemail.com	104.21.21.175	true	false	unknown
ga.dyspatchit.net	35.169.94.3	true	false	unknown
www.google.com	142.250.141.103	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
link.support.kim4md.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://kkl.nucleusemail.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=vHoV25rZnWhfUezoSx3h99sJK4FrE1M5gME0qJfnml0eGr8%2FfZcf%2FUBiy2DIsjGccDQGkD4rBQUPVynh1CtpJHUx7jyQBUrWhctjWqArn1GXB%2BWOMSAoryhWsfnUCt%2FagwpUDZefyg%3D%3D	false		high
https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls	true		unknown
https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19	false		unknown
https://kkl.nucleusemail.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://kkl.nucleusemail.com/nucleus_favicon.ico	chromecache_43.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.169.94.3	ga.dyspatchit.net	United States	14618	AMAZON-AESUS	false
142.250.141.103	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.21.175	kkl.nucleusemail.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.8
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430698
Start date and time:	2024-04-24 02:59:53 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.phis.win@17/6@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.2.94, 142.251.2.102, 142.251.2.113, 142.251.2.100, 142.251.2.138, 142.251.2.101, 142.251.2.139, 142.251.2.84, 34.104.35.123, 52.165.165.26, 192.229.211.108, 72.21.81.240, 52.165.164.15, 142.250.101.94
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1238)
Category:	downloaded
Size (bytes):	1239
Entropy (8bit):	5.068464054671174
Encrypted:	false
SSDEEP:	24:ch63Cf5W8QPIHRZ3hwVFS39bYGwNef1yTZsNUkQ1sZmSuLqNWRco5Jcn5IKM6cuY:C6SQnw/x+SR8ZZkQbp1RZ5JwiKMm7Zc
MD5:	9E8F56E8E1806253BA01A95CFC3D392C
SHA1:	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
SHA-256:	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
SHA-512:	63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
Malicious:	false
Reputation:	low
URL:	https://kkl.nucleusemail.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Preview:	!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href")\|\|""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	438
Entropy (8bit):	4.811327509189041
Encrypted:	false
SSDEEP:	6:hxuJL/UGSY68MRJV9HevKbLM6QkV1YxvKbLMdHAEdB86aKevKbLMhD6pvKbLMbmz:hYc8Mx9qb5WEdqSqFKHmoQb
MD5:	C41C1E83CAA02887C3465C3A3D4443DC
SHA1:	5C614F1A58B8AB5C0EA8CDC24DA2D22265D38669
SHA-256:	6B11B2CDDF2C44F7B950269A09336A5D073CA6E532B07F130EF381CB5C48C73C
SHA-512:	3FD0E9277D50F73D794182197BBD26D698F684CE34C995657B6CA115F44B0982D70FBDF006BE4F020D97286CDCE91A9EB57043B057F2DB1C46F096DF013A0024
Malicious:	false
Reputation:	low
URL:	https://kkl.nucleusemail.com/favicon.ico
Preview:	<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8" />. <meta http-equiv="refresh" content="0;url='https://kkl.nucleusemail.com/nucleus_favicon.ico'" />.. <title>Redirecting to https://kkl.nucleusemail.com/nucleus_favicon.ico</title>. </head>. <body>. Redirecting to <a href="https://kkl.nucleusemail.com/nucleus_favicon.ico">https://kkl.nucleusemail.com/nucleus_favicon.ico</a>.. </body>.</html>

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5207
Entropy (8bit):	4.963471121947108
Encrypted:	false
SSDEEP:	96:kJPKziT2BWXotlPt0ptZ6spfirGJcizfx4:Ar2BWXmt0XZ6PGJcizfx4
MD5:	3D985E80A3E2D0DB5A6558DF31D38295
SHA1:	C5E14766771B9AB7EA26D72933E0E6DA3A0F30B6
SHA-256:	ADECF650FF5C0121A45DC44812804ECD043DC548EBE520019141B6815D2135B0
SHA-512:	9C634D8FF0FFBF1359A78D524151E7611E935294047B9BDB922690C26DF152A31E170807EA7E15FA9FCF9A9D7688368A6AEBFD196D57B74283AAFFF30C844293
Malicious:	false
Reputation:	low
URL:	https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls
Preview:	<html lang="en">.<head>. <title>Unsubscribe</title>.. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta charset="utf-8">.. <style>. * {. -webkit-box-sizing: border-box;. -moz-box-sizing: border-box;. box-sizing: border-box;. }.. html {. font-size: 16px;. line-height: 1.5;. height: 100%;. }.. body {. -moz-osx-font-smoothing: grayscale;. -webkit-font-smoothing: antialiased;. background-color: #F7F8FA;. color: #4B4B60;. font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";. font-weight: 400;. font-size: .875rem;. margin: 0;. padding: 0;. width: 100%;. }.. h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4 {. font-weight: 600;. line-height: 1.2;. margin: 0 0 8px;. text-rendering: optimizeLegibility;. }.. h1, .h1 {. font-size: 1.5rem;. }.. h2, .h2 {. font-weight:

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 03:00:41.757082939 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:00:41.757086039 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:00:42.007083893 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:00:48.114145994 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.114187002 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.114253044 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.118297100 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.118307114 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.118314981 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.118357897 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.118434906 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.118617058 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.118633986 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.561517000 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.561847925 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.561888933 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.562365055 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.562561035 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.562582970 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.563441038 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.563507080 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.563802004 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.563872099 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.564918995 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.565049887 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.566167116 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.566241026 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.566310883 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.566328049 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.620086908 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.620116949 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.620363951 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.659596920 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.726018906 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:48.726073980 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:48.726140022 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:48.727412939 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:48.727436066 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:48.996386051 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.996500969 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:48.996561050 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.996931076 CEST	49716	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:00:48.996953964 CEST	443	49716	35.169.94.3	192.168.2.6
Apr 24, 2024 03:00:49.157335997 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:49.157401085 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:49.157491922 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:49.157717943 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:49.157733917 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:49.394731045 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:49.394845009 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:49.399540901 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:49.399560928 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:49.399857998 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:49.401875019 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:49.401951075 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:49.401962996 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:49.402100086 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:49.444119930 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:49.500735998 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:49.501048088 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:49.501076937 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:49.502521038 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:49.502587080 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:49.520531893 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:49.520735025 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:49.521095991 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:49.521114111 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:49.569356918 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:49.621921062 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:49.621994972 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:49.622041941 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:49.624543905 CEST	49717	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:49.624568939 CEST	443	49717	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:50.106317997 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.106445074 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.106487036 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.106502056 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.106527090 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.106561899 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.106568098 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.106683016 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.106734991 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.119342089 CEST	49720	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.119366884 CEST	443	49720	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.276853085 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:00:50.276952028 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:00:50.277038097 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:00:50.277816057 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:00:50.277851105 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:00:50.339617014 CEST	49722	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.339668989 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.339756966 CEST	49722	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.359843016 CEST	49722	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.359872103 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.638555050 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:00:50.671786070 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:00:50.671814919 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:00:50.673054934 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:00:50.673151016 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:00:50.676155090 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:00:50.676220894 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:00:50.687401056 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.688827991 CEST	49722	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.688851118 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.689258099 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.690011024 CEST	49722	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.690085888 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.690283060 CEST	49722	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:50.725680113 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:00:50.725697041 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:00:50.736112118 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:50.772011995 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:00:51.027668953 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.027751923 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.027873039 CEST	49722	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:51.028692007 CEST	49722	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:51.028717995 CEST	443	49722	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.366018057 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:00:51.366034031 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:00:51.506145954 CEST	49723	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:51.506191015 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.506392956 CEST	49723	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:51.506815910 CEST	49723	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:51.506829023 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.514290094 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:51.514322996 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:51.514414072 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:51.517805099 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:51.517822027 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:51.610963106 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:00:51.834587097 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.835005045 CEST	49723	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:51.835021019 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.835372925 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.837054014 CEST	49723	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:51.837126017 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.837843895 CEST	49723	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:51.870537043 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:51.870613098 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:51.880111933 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:51.893887043 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:51.893908024 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:51.894175053 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:51.942467928 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.105307102 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.148123026 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.282207966 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.284461021 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.284478903 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.284490108 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.284611940 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.284636974 CEST	443	49724	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.284682989 CEST	49724	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.372195959 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:52.372370005 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:52.372454882 CEST	49723	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:52.379813910 CEST	49723	443	192.168.2.6	104.21.21.175
Apr 24, 2024 03:00:52.379843950 CEST	443	49723	104.21.21.175	192.168.2.6
Apr 24, 2024 03:00:52.410290003 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.410314083 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.410408974 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.411256075 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.411267996 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.532963991 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:52.533018112 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:52.535382986 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:52.535872936 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:52.535888910 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:52.759697914 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.759772062 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.762300968 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.762319088 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.762562990 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.765232086 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:52.812119961 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:52.895908117 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:52.896245003 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:52.896274090 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:52.898415089 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:52.898514032 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.015669107 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.015928030 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.016665936 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.016683102 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.044471025 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 24, 2024 03:00:53.044584036 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:00:53.068252087 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.134057045 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:53.177608967 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:53.177628040 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:53.178050041 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:53.178062916 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:53.178227901 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:53.178261995 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:53.178297043 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:53.178430080 CEST	49725	443	192.168.2.6	96.16.68.112
Apr 24, 2024 03:00:53.178448915 CEST	443	49725	96.16.68.112	192.168.2.6
Apr 24, 2024 03:00:53.289021969 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.289213896 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.291351080 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.311583042 CEST	49726	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.311604977 CEST	443	49726	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.329583883 CEST	49727	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.329627037 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.329680920 CEST	49727	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.330878019 CEST	49727	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.330893993 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.683280945 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.683752060 CEST	49727	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.683768034 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.684108973 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.684849024 CEST	49727	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.684900045 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:53.685066938 CEST	49727	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:53.728118896 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:54.091722012 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:54.091914892 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:54.091988087 CEST	49727	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:54.092526913 CEST	49727	443	192.168.2.6	35.190.80.1
Apr 24, 2024 03:00:54.092549086 CEST	443	49727	35.190.80.1	192.168.2.6
Apr 24, 2024 03:00:56.565947056 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:56.565987110 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:56.566077948 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:56.566674948 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:56.566689968 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:57.219780922 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:57.220015049 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:57.225359917 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:57.225375891 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:57.226310015 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:57.228081942 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:57.228081942 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:57.228110075 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:57.228333950 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:57.276122093 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:57.443872929 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:57.443989038 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:00:57.444065094 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:57.444401026 CEST	49728	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:00:57.444439888 CEST	443	49728	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:00.630848885 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:00.630916119 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:00.631165981 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:01:01.025779963 CEST	49721	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:01:01.025820017 CEST	443	49721	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:04.285640955 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:01:04.285890102 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 24, 2024 03:01:04.445363045 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 24, 2024 03:01:04.445544958 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 24, 2024 03:01:08.673377037 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:08.673418045 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:08.673505068 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:08.674395084 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:08.674410105 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:08.788544893 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:01:08.788646936 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:01:08.788733006 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:01:09.201383114 CEST	49715	443	192.168.2.6	35.169.94.3
Apr 24, 2024 03:01:09.201415062 CEST	443	49715	35.169.94.3	192.168.2.6
Apr 24, 2024 03:01:09.341171980 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:09.341253996 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:09.349663019 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:09.349675894 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:09.349948883 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:09.354141951 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:09.354192019 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:09.354202032 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:09.354343891 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:09.400121927 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:09.573282957 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:09.573389053 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:09.573456049 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:09.573865891 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:09.573885918 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.054358006 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.054399014 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.054563999 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.056106091 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.056121111 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.754724026 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.754807949 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.760236025 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.760253906 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.760516882 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.762761116 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.762871027 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.762876987 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.763055086 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.808113098 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.981678009 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.981767893 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:27.981844902 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.982081890 CEST	49734	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:27.982100964 CEST	443	49734	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:50.163677931 CEST	49737	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:01:50.163722038 CEST	443	49737	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:50.163800001 CEST	49737	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:01:50.164151907 CEST	49737	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:01:50.164167881 CEST	443	49737	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:50.202831984 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:50.202874899 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:50.202939034 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:50.203737020 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:50.203747034 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:50.523380041 CEST	443	49737	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:50.523780107 CEST	49737	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:01:50.523813009 CEST	443	49737	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:50.524158001 CEST	443	49737	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:50.524701118 CEST	49737	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:01:50.524764061 CEST	443	49737	142.250.141.103	192.168.2.6
Apr 24, 2024 03:01:50.568181992 CEST	49737	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:01:50.868069887 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:50.868146896 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:50.871406078 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:50.871417046 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:50.871666908 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:50.876749992 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:50.876907110 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:50.876912117 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:50.877312899 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:50.920120001 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:51.095890999 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:51.096012115 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:01:51.096276045 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:51.096534967 CEST	49738	443	192.168.2.6	20.7.2.167
Apr 24, 2024 03:01:51.096544981 CEST	443	49738	20.7.2.167	192.168.2.6
Apr 24, 2024 03:02:00.518404961 CEST	443	49737	142.250.141.103	192.168.2.6
Apr 24, 2024 03:02:00.518579006 CEST	443	49737	142.250.141.103	192.168.2.6
Apr 24, 2024 03:02:00.518644094 CEST	49737	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:02:01.149161100 CEST	49737	443	192.168.2.6	142.250.141.103
Apr 24, 2024 03:02:01.149192095 CEST	443	49737	142.250.141.103	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 03:00:46.637630939 CEST	53	58437	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:46.674520016 CEST	53	61643	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:47.686732054 CEST	53	53709	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:47.831311941 CEST	55648	53	192.168.2.6	1.1.1.1
Apr 24, 2024 03:00:47.831482887 CEST	63223	53	192.168.2.6	1.1.1.1
Apr 24, 2024 03:00:48.113188982 CEST	53	63223	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:48.113293886 CEST	53	55648	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:48.999660015 CEST	58138	53	192.168.2.6	1.1.1.1
Apr 24, 2024 03:00:48.999814034 CEST	57358	53	192.168.2.6	1.1.1.1
Apr 24, 2024 03:00:49.156431913 CEST	53	58138	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:49.156677008 CEST	53	57358	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:50.102404118 CEST	57364	53	192.168.2.6	1.1.1.1
Apr 24, 2024 03:00:50.102864027 CEST	62356	53	192.168.2.6	1.1.1.1
Apr 24, 2024 03:00:50.255971909 CEST	53	57364	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:50.256345034 CEST	53	62356	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:52.377114058 CEST	50741	53	192.168.2.6	1.1.1.1
Apr 24, 2024 03:00:52.377391100 CEST	54050	53	192.168.2.6	1.1.1.1
Apr 24, 2024 03:00:52.531909943 CEST	53	50741	1.1.1.1	192.168.2.6
Apr 24, 2024 03:00:52.532166958 CEST	53	54050	1.1.1.1	192.168.2.6
Apr 24, 2024 03:01:04.817837000 CEST	53	58508	1.1.1.1	192.168.2.6
Apr 24, 2024 03:01:23.600630045 CEST	53	59275	1.1.1.1	192.168.2.6
Apr 24, 2024 03:01:46.133774042 CEST	53	58373	1.1.1.1	192.168.2.6
Apr 24, 2024 03:01:46.777924061 CEST	53	57383	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 03:00:47.831311941 CEST	192.168.2.6	1.1.1.1	0xeb8	Standard query (0)	link.support.kim4md.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:47.831482887 CEST	192.168.2.6	1.1.1.1	0xa19a	Standard query (0)	link.support.kim4md.com	65	IN (0x0001)	false
Apr 24, 2024 03:00:48.999660015 CEST	192.168.2.6	1.1.1.1	0x8000	Standard query (0)	kkl.nucleusemail.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:48.999814034 CEST	192.168.2.6	1.1.1.1	0xe897	Standard query (0)	kkl.nucleusemail.com	65	IN (0x0001)	false
Apr 24, 2024 03:00:50.102404118 CEST	192.168.2.6	1.1.1.1	0x3af2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:50.102864027 CEST	192.168.2.6	1.1.1.1	0x2ab8	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 03:00:52.377114058 CEST	192.168.2.6	1.1.1.1	0xf48	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:52.377391100 CEST	192.168.2.6	1.1.1.1	0x698c	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 03:00:48.113188982 CEST	1.1.1.1	192.168.2.6	0xa19a	No error (0)	link.support.kim4md.com	link.dyspatchit.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 03:00:48.113293886 CEST	1.1.1.1	192.168.2.6	0xeb8	No error (0)	link.support.kim4md.com	link.dyspatchit.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 03:00:48.113293886 CEST	1.1.1.1	192.168.2.6	0xeb8	No error (0)	link.dyspatchit.net	ga.dyspatchit.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 03:00:48.113293886 CEST	1.1.1.1	192.168.2.6	0xeb8	No error (0)	ga.dyspatchit.net		35.169.94.3	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:49.156431913 CEST	1.1.1.1	192.168.2.6	0x8000	No error (0)	kkl.nucleusemail.com		104.21.21.175	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:49.156431913 CEST	1.1.1.1	192.168.2.6	0x8000	No error (0)	kkl.nucleusemail.com		172.67.199.169	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:49.156677008 CEST	1.1.1.1	192.168.2.6	0xe897	No error (0)	kkl.nucleusemail.com			65	IN (0x0001)	false
Apr 24, 2024 03:00:50.255971909 CEST	1.1.1.1	192.168.2.6	0x3af2	No error (0)	www.google.com		142.250.141.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:50.255971909 CEST	1.1.1.1	192.168.2.6	0x3af2	No error (0)	www.google.com		142.250.141.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:50.255971909 CEST	1.1.1.1	192.168.2.6	0x3af2	No error (0)	www.google.com		142.250.141.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:50.255971909 CEST	1.1.1.1	192.168.2.6	0x3af2	No error (0)	www.google.com		142.250.141.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:50.255971909 CEST	1.1.1.1	192.168.2.6	0x3af2	No error (0)	www.google.com		142.250.141.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:50.255971909 CEST	1.1.1.1	192.168.2.6	0x3af2	No error (0)	www.google.com		142.250.141.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:00:50.256345034 CEST	1.1.1.1	192.168.2.6	0x2ab8	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 03:00:52.531909943 CEST	1.1.1.1	192.168.2.6	0xf48	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:01:02.605232000 CEST	1.1.1.1	192.168.2.6	0x7143	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 03:01:02.605232000 CEST	1.1.1.1	192.168.2.6	0x7143	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:01:16.520590067 CEST	1.1.1.1	192.168.2.6	0x4f21	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:01:16.520590067 CEST	1.1.1.1	192.168.2.6	0x4f21	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:01:38.780997992 CEST	1.1.1.1	192.168.2.6	0xd22	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:01:38.780997992 CEST	1.1.1.1	192.168.2.6	0xd22	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:01:59.162441969 CEST	1.1.1.1	192.168.2.6	0xf6d1	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 03:01:59.162441969 CEST	1.1.1.1	192.168.2.6	0xf6d1	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

link.support.kim4md.com

kkl.nucleusemail.com

https:

fs.microsoft.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49716	35.169.94.3	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:48 UTC	851	OUT	GET /click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19 HTTP/1.1 Host: link.support.kim4md.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 01:00:48 UTC	311	IN	HTTP/1.1 302 Found Date: Wed, 24 Apr 2024 01:00:48 GMT Server: Apache/2.4.56 (Unix) OpenSSL/3.0.2 PHP/7.3.33 X-Powered-By: PHP/7.3.33 Location: https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49717	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:49 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 75 35 4a 6d 33 4d 69 74 70 45 4f 72 67 2b 4d 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 35 39 33 65 31 39 32 35 63 64 34 35 64 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: u5Jm3MitpEOrg+MH.1Context: 9593e1925cd45d8
2024-04-24 01:00:49 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 01:00:49 UTC	1075	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 32 0d 0a 4d 53 2d 43 56 3a 20 75 35 4a 6d 33 4d 69 74 70 45 4f 72 67 2b 4d 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 35 39 33 65 31 39 32 35 63 64 34 35 64 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 53 33 31 50 71 73 70 59 44 30 63 53 37 55 31 5a 53 53 6f 6d 61 79 76 4f 38 38 73 73 34 44 30 41 65 6e 76 4e 6d 76 74 7a 2b 54 44 67 2b 48 57 77 39 33 5a 6a 66 36 33 5a 5a 70 4c 37 57 79 74 6b 63 70 65 50 61 76 5a 52 64 5a 79 4d 32 46 6a 61 67 72 6e 45 69 50 6f 4a 36 48 32 31 70 56 2b 67 52 39 4e 50 53 5a 72 2b 45 4d 66 61 2b Data Ascii: ATH 2 CON\DEVICE 1052MS-CV: u5Jm3MitpEOrg+MH.2Context: 9593e1925cd45d8<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZS31PqspYD0cS7U1ZSSomayvO88ss4D0AenvNmvtz+TDg+HWw93Zjf63ZZpL7WytkcpePavZRdZyM2FjagrnEiPoJ6H21pV+gR9NPSZr+EMfa+
2024-04-24 01:00:49 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 75 35 4a 6d 33 4d 69 74 70 45 4f 72 67 2b 4d 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 35 39 33 65 31 39 32 35 63 64 34 35 64 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: u5Jm3MitpEOrg+MH.3Context: 9593e1925cd45d8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 01:00:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 01:00:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 50 35 63 7a 31 57 6b 68 76 45 6d 34 71 5a 64 56 59 44 6f 6f 37 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: P5cz1WkhvEm4qZdVYDoo7Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49720	104.21.21.175	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:49 UTC	715	OUT	GET /amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls HTTP/1.1 Host: kkl.nucleusemail.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 01:00:50 UTC	1160	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 01:00:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6IlpoQzhVcnphZHFzK2RacE9aOHpOV0E9PSIsInZhbHVlIjoiSHJ2S01aaUlaTkl2R0VRODJSamw3T2JvRWx3c0VEaUdHOUlQd2xLb1lIYThPRy8zdmtqeGVjd0pEbi9GOStsQUlGc0I4RVF4RHVKSEVpeW1LcXhRTFBEajlqR3J6cEZqNklucFNUQ0JhVnAvY3AvcVU4SVIrVytHODZJMWYwYnEiLCJtYWMiOiI0ZjRlMjhlYjc3YWRlNDQ1YmUzMzY1MWZlM2I4OGNmMjdhMDdlNTE3NjJiNDAzMTRhNjE1ZGFjYTNiZDYxOTdiIiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 03:00:49 GMT; Max-Age=7200; path=/ Set-Cookie: nsession=eyJpdiI6IjhUOHBmR0E5a25GR3BEZjhncHpnRVE9PSIsInZhbHVlIjoiWXhzWHZrcVk2endDT2pQdHpiQ3laTDBUZXF1azJPeE1WYmlSc3dpTUw4K2FVZ2lpcm5odE9SYmZRa2dldkdyWDlJMlZzV0ZiekFnamlKdW42QURnM0VYVTlsZ3Yya09Gc05RZVF5WjdRU0tEcldJYW5xNktDRnIzUkwxdXQxRVIiLCJtYWMiOiIwYmNjZGI4ZTVmZDBlMzI5NWY5MTAzZTAzYTg2NzY0YzQxNTUzZjJiZmRlNGRiOWYxM2E5YWNjMzQyMGEyMWI5IiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 03:00:49 GMT; Max-Age=7200; path=/; httponly X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC
2024-04-24 01:00:50 UTC	419	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 6c 72 58 42 79 64 63 53 77 46 32 79 57 48 42 25 32 42 37 31 57 36 72 46 7a 64 73 76 4e 6f 53 4d 49 53 68 65 6d 61 78 78 42 61 70 49 73 49 77 66 50 4a 49 43 68 74 66 6e 38 43 32 33 63 65 33 73 54 7a 63 55 31 68 73 43 39 42 25 32 46 54 4b 6b 49 73 59 67 56 74 31 62 46 47 53 6b 6c 6f 50 70 4e 45 6d 75 50 55 71 70 47 76 6a 63 6f 74 44 45 53 45 4f 25 32 42 69 71 67 6c 65 50 31 67 70 59 37 67 4d 72 4a 25 32 42 51 65 61 49 50 72 4d 32 6b 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lrXBydcSwF2yWHB%2B71W6rFzdsvNoSMIShemaxxBapIsIwfPJIChtfn8C23ce3sTzcU1hsC9B%2FTKkIsYgVt1bFGSkloPpNEmuPUqpGvjcotDESEO%2BiqgleP1gpY7gMrJ%2BQeaIPrM2kg%3D%3D"}],"group":"cf-nel","max
2024-04-24 01:00:50 UTC	1369	IN	Data Raw: 31 34 35 37 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 73 75 62 73 63 72 69 62 65 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 Data Ascii: 1457<html lang="en"><head> <title>Unsubscribe</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta charset="utf-8"> <style> * { -webkit-box-sizing: border-box; -moz-box-sizing: border-box;
2024-04-24 01:00:50 UTC	1369	IN	Data Raw: 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 3b 0a 20 20 7d 0a 0a 20 20 2e 66 6c 79 2d 70 61 6e 65 6c 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 3b 0a 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0a 20 20 7d 0a 0a 20 20 2e 66 6c 79 2d 70 61 6e 65 6c 3a 6c 61 73 74 2d 63 68 69 6c 64 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 2e 66 6c 79 2d 70 61 6e 65 6c 20 3e 20 2a 3a 66 69 72 73 74 2d 63 68 69 6c 64 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 Data Ascii: padding: 0; position: relative; line-height: 1.5; } .fly-panel:after { content: ""; display: table; clear: both; } .fly-panel:last-child { margin-bottom: 0; } .fly-panel > *:first-child { border-top-left-radius
2024-04-24 01:00:50 UTC	1369	IN	Data Raw: 20 62 6f 78 2d 73 68 61 64 6f 77 20 30 2e 31 73 20 65 61 73 65 3b 0a 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 2e 66 6c 79 2d 62 74 6e 20 3e 20 2e 66 6c 79 2d 69 63 6f 6e 20 7b 0a 20 20 20 20 74 6f 70 3a 20 2d 31 70 78 3b 0a 20 20 7d 0a 0a 20 20 2e 66 6c 79 2d 62 74 6e 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 63 37 63 37 64 34 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 41 31 41 32 42 32 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 2e 66 6c 79 2d 62 74 6e 3a 61 63 74 69 76 65 20 7b 0a Data Ascii: box-shadow 0.1s ease; vertical-align: middle; white-space: nowrap; } .fly-btn > .fly-icon { top: -1px; } .fly-btn:hover { background-color: #c7c7d4; border-color: #A1A2B2; text-decoration: none; } .fly-btn:active {
2024-04-24 01:00:50 UTC	1108	IN	Data Raw: 65 6d 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 32 35 72 65 6d 3b 0a 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 79 2d 70 61 6e 65 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 79 2d 70 61 6e 65 6c 2d 62 6f 64 79 22 3e 0a 0a 3c 68 31 3e 55 6e 73 75 62 73 63 72 69 62 65 3c 2f 68 31 3e 0a 0a 0a 3c 66 6f 72 6d 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 61 63 74 69 6f 6e 3d 22 22 3e 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 Data Ascii: em; border: 1px solid transparent; border-radius: .25rem; } </style></head><body><div class="container"> <div class="fly-panel"><div class="fly-panel-body"><h1>Unsubscribe</h1><form method="POST" action=""> <input type="hid
2024-04-24 01:00:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49722	104.21.21.175	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:50 UTC	1355	OUT	GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1 Host: kkl.nucleusemail.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6IlpoQzhVcnphZHFzK2RacE9aOHpOV0E9PSIsInZhbHVlIjoiSHJ2S01aaUlaTkl2R0VRODJSamw3T2JvRWx3c0VEaUdHOUlQd2xLb1lIYThPRy8zdmtqeGVjd0pEbi9GOStsQUlGc0I4RVF4RHVKSEVpeW1LcXhRTFBEajlqR3J6cEZqNklucFNUQ0JhVnAvY3AvcVU4SVIrVytHODZJMWYwYnEiLCJtYWMiOiI0ZjRlMjhlYjc3YWRlNDQ1YmUzMzY1MWZlM2I4OGNmMjdhMDdlNTE3NjJiNDAzMTRhNjE1ZGFjYTNiZDYxOTdiIiwidGFnIjoiIn0%3D; nsession=eyJpdiI6IjhUOHBmR0E5a25GR3BEZjhncHpnRVE9PSIsInZhbHVlIjoiWXhzWHZrcVk2endDT2pQdHpiQ3laTDBUZXF1azJPeE1WYmlSc3dpTUw4K2FVZ2lpcm5odE9SYmZRa2dldkdyWDlJMlZzV0ZiekFnamlKdW42QURnM0VYVTlsZ3Yya09Gc05RZVF5WjdRU0tEcldJYW5xNktDRnIzUkwxdXQxRVIiLCJtYWMiOiIwYmNjZGI4ZTVmZDBlMzI5NWY5MTAzZTAzYTg2NzY0YzQxNTUzZjJiZmRlNGRiOWYxM2E5YWNjMzQyMGEyMWI5IiwidGFnIjoiIn0%3D
2024-04-24 01:00:51 UTC	766	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 01:00:50 GMT Content-Type: application/javascript Content-Length: 1239 Connection: close Last-Modified: Fri, 19 Apr 2024 20:54:07 GMT ETag: "6622d9ef-4d7" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhdPeYkxjg%2FbZo6Jc9eK1Gj1O%2B0IAwBHVSwWt%2BV6UYorEseFYl67KahT9eA8hBU3zbOvURFs5AsmLE4dSCfg5yPoX6%2B3Fd4EXuCDuS7kgbIg104ni1FK%2F%2FzZXxcwdwu99hMO15kpEg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 879228a25fc57ba7-LAX X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 26 Apr 2024 01:00:50 GMT Cache-Control: max-age=172800 Cache-Control: public Accept-Ranges: bytes
2024-04-24 01:00:51 UTC	603	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 74 72 79 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 29 72 65 74 75 72 6e 3b 22 65 72 72 6f 72 22 69 6e 20 63 6f 6e 73 6f 6c 65 3f 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 65 29 3a 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 61 20 68 72 65 66 3d 22 27 2b 65 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2b 27 22 3e 3c 2f 61 3e 27 2c 64 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66 Data Ascii: !function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href
2024-04-24 01:00:51 UTC	636	IN	Data Raw: 69 6c 74 6f 3a 22 2b 6e 28 6f 2e 68 72 65 66 2c 61 2b 6c 2e 6c 65 6e 67 74 68 29 29 7d 63 61 74 63 68 28 69 29 7b 65 28 69 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 75 29 2c 63 3d 30 3b 63 3c 72 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 74 72 79 7b 76 61 72 20 6f 3d 72 5b 63 5d 2c 61 3d 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 69 3d 6f 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 66 29 3b 69 66 28 69 29 7b 76 61 72 20 6c 3d 6e 28 69 2c 30 29 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 6c 29 3b 61 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 64 2c 6f 29 7d 7d 63 61 74 63 68 28 68 29 7b 65 28 68 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 74 Data Ascii: ilto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49723	104.21.21.175	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:51 UTC	1364	OUT	GET /favicon.ico HTTP/1.1 Host: kkl.nucleusemail.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6IlpoQzhVcnphZHFzK2RacE9aOHpOV0E9PSIsInZhbHVlIjoiSHJ2S01aaUlaTkl2R0VRODJSamw3T2JvRWx3c0VEaUdHOUlQd2xLb1lIYThPRy8zdmtqeGVjd0pEbi9GOStsQUlGc0I4RVF4RHVKSEVpeW1LcXhRTFBEajlqR3J6cEZqNklucFNUQ0JhVnAvY3AvcVU4SVIrVytHODZJMWYwYnEiLCJtYWMiOiI0ZjRlMjhlYjc3YWRlNDQ1YmUzMzY1MWZlM2I4OGNmMjdhMDdlNTE3NjJiNDAzMTRhNjE1ZGFjYTNiZDYxOTdiIiwidGFnIjoiIn0%3D; nsession=eyJpdiI6IjhUOHBmR0E5a25GR3BEZjhncHpnRVE9PSIsInZhbHVlIjoiWXhzWHZrcVk2endDT2pQdHpiQ3laTDBUZXF1azJPeE1WYmlSc3dpTUw4K2FVZ2lpcm5odE9SYmZRa2dldkdyWDlJMlZzV0ZiekFnamlKdW42QURnM0VYVTlsZ3Yya09Gc05RZVF5WjdRU0tEcldJYW5xNktDRnIzUkwxdXQxRVIiLCJtYWMiOiIwYmNjZGI4ZTVmZDBlMzI5NWY5MTAzZTAzYTg2NzY0YzQxNTUzZjJiZmRlNGRiOWYxM2E5YWNjMzQyMGEyMWI5IiwidGFnIjoiIn0%3D
2024-04-24 01:00:52 UTC	1131	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 01:00:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Location: https://kkl.nucleusemail.com/nucleus_favicon.ico CF-Cache-Status: BYPASS Set-Cookie: XSRF-TOKEN=eyJpdiI6ImJkYkVOVit2cEhDUkNMbU1DWnlJWXc9PSIsInZhbHVlIjoidXBUblRndkFZZEF3VGYxRWpEcDFoVVJ5VjVFZzVMUkFwSmxrQWovUDBVdDlLeUpNUm90UFpYcVN4Ty8xdURzWTEzSUNmaTZ6bDhNNUtON0FCV0lUQUpCZnFBcmU5SnBiVitQUWdXeGY4ZHdUTk42MlloUzVaM0hjaC9vY2FReDUiLCJtYWMiOiI5MmQwZDAzZDk0ZTAyNmNkMDZjZDJmNzg2NzAzZDMxNGFkNGI2YWQ0OGE2MzA4ZjJhMDNjMGE5Y2RlNzgzYzZlIiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 03:00:52 GMT; Max-Age=7200; path=/ Set-Cookie: nsession=eyJpdiI6IlQwMGNlTlNoUUJWTXk1V3RyVnZmT0E9PSIsInZhbHVlIjoiZGZldXhuNGJVU0tPT0xMcFFCZWVXRXpjQWJ4b0U3SFhYckk3elZpbEQ5MmhuZEpJQW5mUDRqZVVtUnJxeDJNaVU4c3dIazExbzJKOURLRkY4Ync3RkhselFqSURBWVVNWjRTcWdVend1b01OU1FKZU5DRE9TUUhRQ1diK1hLVzYiLCJtYWMiOiI0ZDkwZGYwODFjMzU1YmFmMzJjYWU3ZGYwYzQ1ODc3YTNkZTFiYjQ1ZGEwNDM1NTM4M2U5NzIwYjdmMzE4MDgzIiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 03:00:52 GMT; Max-Age=7200; path=/; httponly
2024-04-24 01:00:52 UTC	419	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 76 48 6f 56 32 35 72 5a 6e 57 68 66 55 65 7a 6f 53 78 33 68 39 39 73 4a 4b 34 46 72 45 31 4d 35 67 4d 45 30 71 4a 66 6e 6d 6c 30 65 47 72 38 25 32 46 66 5a 63 66 25 32 46 55 42 69 79 32 44 49 73 6a 47 63 63 44 51 47 6b 44 34 72 42 51 55 50 56 79 6e 68 31 43 74 70 4a 48 55 78 37 6a 79 51 42 55 72 57 68 63 74 6a 57 71 41 72 6e 31 47 58 42 25 32 42 57 4f 4d 53 41 6f 72 79 68 57 73 66 6e 55 43 74 25 32 46 61 67 77 70 55 44 5a 65 66 79 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHoV25rZnWhfUezoSx3h99sJK4FrE1M5gME0qJfnml0eGr8%2FfZcf%2FUBiy2DIsjGccDQGkD4rBQUPVynh1CtpJHUx7jyQBUrWhctjWqArn1GXB%2BWOMSAoryhWsfnUCt%2FagwpUDZefyg%3D%3D"}],"group":"cf-nel","max
2024-04-24 01:00:52 UTC	445	IN	Data Raw: 31 62 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 6b 6b 6c 2e 6e 75 63 6c 65 75 73 65 6d 61 69 6c 2e 63 6f 6d 2f 6e 75 63 6c 65 75 73 5f 66 61 76 69 63 6f 6e 2e 69 63 6f 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 6b 6b 6c 2e 6e 75 63 6c 65 75 73 65 6d 61 69 6c 2e 63 6f 6d 2f 6e 75 63 6c 65 75 73 5f 66 61 76 69 63 6f 6e 2e 69 63 Data Ascii: 1b6<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://kkl.nucleusemail.com/nucleus_favicon.ico'" /> <title>Redirecting to https://kkl.nucleusemail.com/nucleus_favicon.ic
2024-04-24 01:00:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49724	96.16.68.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:52 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 01:00:52 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/253E) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=21761 Date: Wed, 24 Apr 2024 01:00:52 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49725	96.16.68.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:52 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 01:00:53 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=21665 Date: Wed, 24 Apr 2024 01:00:53 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 01:00:53 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49726	35.190.80.1	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:53 UTC	553	OUT	OPTIONS /report/v4?s=vHoV25rZnWhfUezoSx3h99sJK4FrE1M5gME0qJfnml0eGr8%2FfZcf%2FUBiy2DIsjGccDQGkD4rBQUPVynh1CtpJHUx7jyQBUrWhctjWqArn1GXB%2BWOMSAoryhWsfnUCt%2FagwpUDZefyg%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://kkl.nucleusemail.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 01:00:53 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Wed, 24 Apr 2024 01:00:53 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49727	35.190.80.1	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:53 UTC	490	OUT	POST /report/v4?s=vHoV25rZnWhfUezoSx3h99sJK4FrE1M5gME0qJfnml0eGr8%2FfZcf%2FUBiy2DIsjGccDQGkD4rBQUPVynh1CtpJHUx7jyQBUrWhctjWqArn1GXB%2BWOMSAoryhWsfnUCt%2FagwpUDZefyg%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 482 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 01:00:53 UTC	482	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 37 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 6b 6c 2e 6e 75 63 6c 65 75 73 65 6d 61 69 6c 2e 63 6f 6d 2f 61 6d 70 6c 69 66 79 2f 73 75 62 73 63 72 69 70 74 69 6f 6e 73 2f 75 6e 73 75 62 73 63 72 69 62 65 3f 68 69 64 73 3d 6e 63 77 4b 36 69 6d 46 7a 30 4e 6c 73 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 32 31 2e 31 37 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 Data Ascii: [{"age":0,"body":{"elapsed_time":870,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://kkl.nucleusemail.com/amplify/subscriptions/unsubscribe?hids=ncwK6imFz0Nls","sampling_fraction":1.0,"server_ip":"104.21.21.175","status_code
2024-04-24 01:00:54 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Wed, 24 Apr 2024 01:00:53 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49728	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:00:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 4a 71 2b 32 62 62 31 79 55 53 34 4d 65 4e 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 38 61 64 31 32 36 38 66 31 62 33 63 34 31 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: wJq+2bb1yUS4MeN/.1Context: 18ad1268f1b3c413
2024-04-24 01:00:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 01:00:57 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 77 4a 71 2b 32 62 62 31 79 55 53 34 4d 65 4e 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 38 61 64 31 32 36 38 66 31 62 33 63 34 31 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 53 33 31 50 71 73 70 59 44 30 63 53 37 55 31 5a 53 53 6f 6d 61 79 76 4f 38 38 73 73 34 44 30 41 65 6e 76 4e 6d 76 74 7a 2b 54 44 67 2b 48 57 77 39 33 5a 6a 66 36 33 5a 5a 70 4c 37 57 79 74 6b 63 70 65 50 61 76 5a 52 64 5a 79 4d 32 46 6a 61 67 72 6e 45 69 50 6f 4a 36 48 32 31 70 56 2b 67 52 39 4e 50 53 5a 72 2b 45 4d 66 61 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: wJq+2bb1yUS4MeN/.2Context: 18ad1268f1b3c413<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZS31PqspYD0cS7U1ZSSomayvO88ss4D0AenvNmvtz+TDg+HWw93Zjf63ZZpL7WytkcpePavZRdZyM2FjagrnEiPoJ6H21pV+gR9NPSZr+EMfa
2024-04-24 01:00:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 77 4a 71 2b 32 62 62 31 79 55 53 34 4d 65 4e 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 38 61 64 31 32 36 38 66 31 62 33 63 34 31 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: wJq+2bb1yUS4MeN/.3Context: 18ad1268f1b3c413<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 01:00:57 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 01:00:57 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 34 33 4e 35 42 4b 73 4f 30 36 45 36 6d 74 45 71 63 6d 57 77 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: n43N5BKsO06E6mtEqcmWwA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49733	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:01:09 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 44 73 56 64 6f 31 45 79 30 57 59 6e 66 78 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 64 63 30 39 63 39 62 35 64 62 66 62 35 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: UDsVdo1Ey0WYnfxS.1Context: 93dc09c9b5dbfb57
2024-04-24 01:01:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 01:01:09 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 55 44 73 56 64 6f 31 45 79 30 57 59 6e 66 78 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 64 63 30 39 63 39 62 35 64 62 66 62 35 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 53 33 31 50 71 73 70 59 44 30 63 53 37 55 31 5a 53 53 6f 6d 61 79 76 4f 38 38 73 73 34 44 30 41 65 6e 76 4e 6d 76 74 7a 2b 54 44 67 2b 48 57 77 39 33 5a 6a 66 36 33 5a 5a 70 4c 37 57 79 74 6b 63 70 65 50 61 76 5a 52 64 5a 79 4d 32 46 6a 61 67 72 6e 45 69 50 6f 4a 36 48 32 31 70 56 2b 67 52 39 4e 50 53 5a 72 2b 45 4d 66 61 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: UDsVdo1Ey0WYnfxS.2Context: 93dc09c9b5dbfb57<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZS31PqspYD0cS7U1ZSSomayvO88ss4D0AenvNmvtz+TDg+HWw93Zjf63ZZpL7WytkcpePavZRdZyM2FjagrnEiPoJ6H21pV+gR9NPSZr+EMfa
2024-04-24 01:01:09 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 44 73 56 64 6f 31 45 79 30 57 59 6e 66 78 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 64 63 30 39 63 39 62 35 64 62 66 62 35 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: UDsVdo1Ey0WYnfxS.3Context: 93dc09c9b5dbfb57<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 01:01:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 01:01:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 45 36 79 53 36 78 7a 69 58 6b 71 6c 4f 36 49 55 37 39 4b 38 48 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: E6yS6xziXkqlO6IU79K8Hw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49734	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:01:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 56 45 4a 56 55 53 70 55 6b 57 7a 61 4a 59 46 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 65 30 38 30 38 36 34 64 37 36 64 32 39 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: DVEJVUSpUkWzaJYF.1Context: 72e080864d76d291
2024-04-24 01:01:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 01:01:27 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 44 56 45 4a 56 55 53 70 55 6b 57 7a 61 4a 59 46 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 65 30 38 30 38 36 34 64 37 36 64 32 39 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 53 33 31 50 71 73 70 59 44 30 63 53 37 55 31 5a 53 53 6f 6d 61 79 76 4f 38 38 73 73 34 44 30 41 65 6e 76 4e 6d 76 74 7a 2b 54 44 67 2b 48 57 77 39 33 5a 6a 66 36 33 5a 5a 70 4c 37 57 79 74 6b 63 70 65 50 61 76 5a 52 64 5a 79 4d 32 46 6a 61 67 72 6e 45 69 50 6f 4a 36 48 32 31 70 56 2b 67 52 39 4e 50 53 5a 72 2b 45 4d 66 61 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: DVEJVUSpUkWzaJYF.2Context: 72e080864d76d291<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZS31PqspYD0cS7U1ZSSomayvO88ss4D0AenvNmvtz+TDg+HWw93Zjf63ZZpL7WytkcpePavZRdZyM2FjagrnEiPoJ6H21pV+gR9NPSZr+EMfa
2024-04-24 01:01:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 56 45 4a 56 55 53 70 55 6b 57 7a 61 4a 59 46 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 65 30 38 30 38 36 34 64 37 36 64 32 39 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: DVEJVUSpUkWzaJYF.3Context: 72e080864d76d291<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 01:01:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 01:01:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 69 48 57 64 39 6c 48 36 6b 2b 46 42 51 50 4b 32 6c 67 74 48 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: niHWd9lH6k+FBQPK2lgtHA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49738	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 01:01:50 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2b 34 6d 66 2f 67 4f 65 4b 45 36 38 67 77 71 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 30 32 38 63 31 62 34 65 32 64 65 62 64 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: +4mf/gOeKE68gwqI.1Context: ad028c1b4e2debd3
2024-04-24 01:01:50 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 01:01:50 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 2b 34 6d 66 2f 67 4f 65 4b 45 36 38 67 77 71 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 30 32 38 63 31 62 34 65 32 64 65 62 64 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 53 33 31 50 71 73 70 59 44 30 63 53 37 55 31 5a 53 53 6f 6d 61 79 76 4f 38 38 73 73 34 44 30 41 65 6e 76 4e 6d 76 74 7a 2b 54 44 67 2b 48 57 77 39 33 5a 6a 66 36 33 5a 5a 70 4c 37 57 79 74 6b 63 70 65 50 61 76 5a 52 64 5a 79 4d 32 46 6a 61 67 72 6e 45 69 50 6f 4a 36 48 32 31 70 56 2b 67 52 39 4e 50 53 5a 72 2b 45 4d 66 61 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: +4mf/gOeKE68gwqI.2Context: ad028c1b4e2debd3<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZS31PqspYD0cS7U1ZSSomayvO88ss4D0AenvNmvtz+TDg+HWw93Zjf63ZZpL7WytkcpePavZRdZyM2FjagrnEiPoJ6H21pV+gR9NPSZr+EMfa
2024-04-24 01:01:50 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2b 34 6d 66 2f 67 4f 65 4b 45 36 38 67 77 71 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 30 32 38 63 31 62 34 65 32 64 65 62 64 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: +4mf/gOeKE68gwqI.3Context: ad028c1b4e2debd3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 01:01:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 01:01:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 59 33 4f 33 7a 44 65 4a 55 79 59 52 64 48 65 45 50 4e 73 71 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: nY3O3zDeJUyYRdHeEPNsqQ.0Payload parsing failed.

Target ID:	0
Start time:	03:00:41
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	03:00:43
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2188,i,7996867401450965032,6276271718091418309,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	03:00:46
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7152, Parent PID: 5940

General

Chronological Activities

Analysis Process: chrome.exePID: 6524, Parent PID: 7152

General

Chronological Activities

Analysis Process: chrome.exePID: 6684, Parent PID: 5940

General

Chronological Activities

Disassembly

Windows Analysis Report
https://link.support.kim4md.com/click/e7820/Hc3VwcG9ydF9raW1GT1VSbWRfY29tMjQwNDIwLG5jbDlxcnNYLGh0dHBzOi8va2tsLm51Y2xldXNlbWFpbC5jb20vYW1wbGlmeS9zdWJzY3JpcHRpb25zL3Vuc3Vic2NyaWJl/qP2hpZHM9bmN3SzZpbUZ6ME5scw/s8g08d74e19