Edit tour

Windows Analysis Report
POattach.html

Overview

General Information

Sample name:	POattach.html
Analysis ID:	1432115
MD5:	ba5c0f66f1111d3c7bb13d790f57c7f4
SHA1:	9553678cc693662628e59a08e74a8ae2ad9c26a8
SHA256:	92fb9e83082d89d00b1ccc01481d7c8a15a31895a91c0cde9761dc0295a5b034
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Found suspicious QR code URL

HTML file submission containing password form

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\POattach.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1992,i,4275330503968366977,14474711898625079558,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://739759078368945019535231516431401126273227452560306561161109/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,10206737139113049155,15613713108784648929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
POattach.html	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: POattach.html, type: SAMPLE
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Found suspicious QR code URL

Source: QR Code extractor	URL: http://739759078368945019535231516431401126273227452560306561161109
Source: QR Code extractor	URL: http://739759078368945019535231516431401126273227452560306561161109

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/Desktop/POattach.html

Matcher: Found strong image similarity, brand: MICROSOFT

Source: POattach.html	HTTP Parser: Number of links: 1
Source: file:///C:/Users/user/Desktop/POattach.html	HTTP Parser: Number of links: 1

Source: POattach.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: POattach.html	HTTP Parser: Total embedded image size: 31496
Source: file:///C:/Users/user/Desktop/POattach.html	HTTP Parser: Total embedded image size: 31496

Source: POattach.html	HTTP Parser: Title: Purchase Order does not match URL
Source: file:///C:/Users/user/Desktop/POattach.html	HTTP Parser: Title: Purchase Order does not match URL

Source: file:///C:/Users/user/Desktop/POattach.html

HTTP Parser: Has password / email / username input fields

Source: POattach.html

HTTP Parser: <input type="password" .../> found

Source: POattach.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/POattach.html	HTTP Parser: No favicon

Source: POattach.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/POattach.html	HTTP Parser: No <meta name="author".. found

Source: POattach.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/POattach.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49722 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49734 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 162.249.168.129 162.249.168.129
Source: Joe Sandbox View	IP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox View	IP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49722 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4nk1H1rD/invoce-background.jpg HTTP/1.1Host: i.postimg.ccConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4nk1H1rD/invoce-background.jpg HTTP/1.1Host: i.postimg.ccConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGJe2rrEGIjBAC3Sl0nJ4h2THKc6MXQJMPjcvZ2b6sbOMlO_dlr_YCxyCxMotFFGEecXYoVCzog4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-12; NID=513=CwpzJAcELjoc0qmC3Ca9Zg9c7lok9EErdHA3sNL2XHJ7EqqNOUpME1jygxo9EfFGuAgKkVOdEJtUVBKwWajhLJVAHdVfJrAQLWHTVpDRXhnp2Il95gMbTU_YCW-T4P085eAq5o10bDhZI0iuPF9hebuBfT9aMF3CuzCFXZ2gGx8
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGJe2rrEGIjBIUzmP8MjS68jsU5n7lalH86H45ODGAtFoirmRa8CbfH9TSmM6tQA67w0nt09hXd8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-12; NID=513=Qoej7ORltlsBqD4J2-S_Z_JJb014iCktlZmlMmjpKKvfCzZJIHEmA1Hde7u8pCJuCKHMc16yOTt0hXjhLr2bM6O3gJfhUU8-hqKz-lRZDwZJGhFyQKnX5WZ2h3gyadOBtJ9xX6yYRsBBPEoTWBsXi2YGIRRjcKTo5InTA9SSzZU
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fc+XcVUpVwGmnE5&MD=9K45Wntp HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fc+XcVUpVwGmnE5&MD=9K45Wntp HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: i.postimg.cc
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: POattach.html	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_82.3.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_82.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_82.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: POattach.html	String found in binary or memory: https://i.postimg.cc/4nk1H1rD/invoce-background.jpg
Source: POattach.html	String found in binary or memory: https://innertempleretreats.com/aredirect/next.php
Source: POattach.html	String found in binary or memory: https://mail.nifty.com/mailer/2nd/images/login/btn_01_on.gif
Source: POattach.html	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49734 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.winHTML@33/9@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\POattach.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1992,i,4275330503968366977,14474711898625079558,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://739759078368945019535231516431401126273227452560306561161109/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,10206737139113049155,15613713108784648929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1992,i,4275330503968366977,14474711898625079558,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,10206737139113049155,15613713108784648929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/POattach.html

HTTP Parser: file:///C:/Users/user/Desktop/POattach.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
POattach.html	0%	ReversingLabs
POattach.html	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
i.postimg.cc	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://i.postimg.cc/4nk1H1rD/invoce-background.jpg	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/POattach.html	0%	Avira URL Cloud	safe
https://innertempleretreats.com/aredirect/next.php	0%	Avira URL Cloud	safe
https://innertempleretreats.com/aredirect/next.php	2%	Virustotal		Browse
https://i.postimg.cc/4nk1H1rD/invoce-background.jpg	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
stackpath.bootstrapcdn.com	104.18.11.207	true	false		high
i.postimg.cc	162.249.168.129	true	false	1%, Virustotal, Browse	unknown
www.google.com	142.250.64.196	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://i.postimg.cc/4nk1H1rD/invoce-background.jpg	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGJe2rrEGIjBAC3Sl0nJ4h2THKc6MXQJMPjcvZ2b6sbOMlO_dlr_YCxyCxMotFFGEecXYoVCzog4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	false		high
https://www.google.com/async/newtab_promos	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGJe2rrEGIjBIUzmP8MjS68jsU5n7lalH86H45ODGAtFoirmRa8CbfH9TSmM6tQA67w0nt09hXd8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
file:///C:/Users/user/Desktop/POattach.html	true	Avira URL Cloud: safe	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_82.3.dr	false		high
https://mail.nifty.com/mailer/2nd/images/login/btn_01_on.gif	POattach.html	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_82.3.dr	false		high
https://innertempleretreats.com/aredirect/next.php	POattach.html	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	chromecache_82.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.249.168.129	i.postimg.cc	United States	26548	PUREVOLTAGE-INCUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.250.64.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432115
Start date and time:	2024-04-26 14:15:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	POattach.html
Detection:	MAL
Classification:	mal60.phis.winHTML@33/9@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.189.131, 142.250.217.238, 173.194.216.84, 142.250.64.170, 34.104.35.123, 72.21.81.240, 192.229.211.108, 172.217.165.202, 142.250.217.234, 142.251.35.234, 142.250.64.202, 172.217.3.74, 172.217.2.202, 192.178.50.74, 142.250.217.202, 172.217.15.202, 192.178.50.42, 142.250.217.170, 142.250.189.138, 142.250.64.234, 142.250.64.138, 172.217.3.67, 142.250.64.206
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

QR Codes

Source	URL
Screenshot	http://739759078368945019535231516431401126273227452560306561161109

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.249.168.129	http://www.noahsarkademy.com	Get hash	malicious	Unknown	Browse
	https://cw91z3.fh99.fdske.com/ec/gAAAAABmFI7-U75wZdk4Jb365_DTJqKG3bSWfxdeSUjKOGzC1y6cTw11NTNId5ZX_vUEirXQMOioH9lREiens6j45wgrBwPNUg0uSDQmqtCKabvqmsO9d-jSFqKsV-M0M0FDb5u8aYCVKX5ifFJMqRSVDyLIOq4SxxILM4A2xp-o9rwoX4s-XvuDADU_TNcyVbra--hPXo71icLx1OlYaHQwLc3irmvEF5DXnSsrdixQcsYhoJOmaUwxwafMfg6diethBd0AkdPtF0e1B48pjpY2p_oC321MdbAoks8RsEV-HKtGs2YtfbsD6cP5oBf4m1oGU3Rh-RiP1bC18-RBmMJtE7QKxfyXq8wZ46KdWIP58MhnYBgqHmafN7CQoT0E_tmQRciG4oza07UOcacbqa0srkxsA5wf2DOmMdHgqp_4eFLTl4AjE7ir9dFj3ERp6KtGptj0wHPYaUffnCuAL4KV97Mv9pCAa57wfaOzAjidEwoPIlj-nDA=#resort@sbm.mc	Get hash	malicious	HTMLPhisher	Browse
	(No subject) (2).eml	Get hash	malicious	HTMLPhisher	Browse
	https://mgg-pdf-1i4.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://6786iuojhgytuikji.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse
	https://8e1fd3fcd03b297a.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse
	https://hunterranchgolf-pdf.pages.dev/IP:	Get hash	malicious	HTMLPhisher	Browse
	https://somanyroadsllc-pdf.pages.dev/IP:	Get hash	malicious	HTMLPhisher	Browse
	https://bryzekcpa-pdf.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://farrellsmyth-pdf.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
104.18.11.207	http://googlle.com	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0
	https://city-of-goodyear.webnode.page/	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css
	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.woff2?v=4.3.0
	http://185.67.82.114	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js
	SecuriteInfo.com.Exploit.Siggen3.17149.4489.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.3543.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.3543.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.24514.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.12724.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.8245.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
239.255.255.250	http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse
	https://exploredrinks.com	Get hash	malicious	Unknown	Browse
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse
	https://survey.zohopublic.eu/zs/GzDXvp	Get hash	malicious	HTMLPhisher	Browse
	https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN	Get hash	malicious	Unknown	Browse
	https://deebmpapst.ordineproposal.top/	Get hash	malicious	Unknown	Browse
	https://notariaherreratoquero.es	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
stackpath.bootstrapcdn.com	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	104.18.11.207
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	104.18.11.207
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	104.18.10.207
	https://uporniacomnuvidx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.18.10.207
	https://purexxfilmsjoybear.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.18.10.207
	https://jpmanysexcomvistsxx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.18.10.207
	https://pub-02d879d6055b4f31b3db7cbbb1499011.r2.dev/%60%60~~~%5D%5D%5D%5D%5D.html#theunis@khk.co.za	Get hash	malicious	HTMLPhisher	Browse	104.18.10.207
	https://storage.googleapis.com/sjajsskdkasdk0038.appspot.com/65743.html	Get hash	malicious	HTMLPhisher	Browse	104.18.10.207
	https://getpornoliwbstfenx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.18.11.207
	https://homeindiansexoldrd.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.18.10.207
i.postimg.cc	http://www.noahsarkademy.com	Get hash	malicious	Unknown	Browse	162.249.168.129
	https://pub-32bf4e9c1a1344aa8c0925c562b60fd3.r2.dev/index2.html	Get hash	malicious	HTMLPhisher	Browse	108.181.3.133
	https://cw91z3.fh99.fdske.com/ec/gAAAAABmFI7-U75wZdk4Jb365_DTJqKG3bSWfxdeSUjKOGzC1y6cTw11NTNId5ZX_vUEirXQMOioH9lREiens6j45wgrBwPNUg0uSDQmqtCKabvqmsO9d-jSFqKsV-M0M0FDb5u8aYCVKX5ifFJMqRSVDyLIOq4SxxILM4A2xp-o9rwoX4s-XvuDADU_TNcyVbra--hPXo71icLx1OlYaHQwLc3irmvEF5DXnSsrdixQcsYhoJOmaUwxwafMfg6diethBd0AkdPtF0e1B48pjpY2p_oC321MdbAoks8RsEV-HKtGs2YtfbsD6cP5oBf4m1oGU3Rh-RiP1bC18-RBmMJtE7QKxfyXq8wZ46KdWIP58MhnYBgqHmafN7CQoT0E_tmQRciG4oza07UOcacbqa0srkxsA5wf2DOmMdHgqp_4eFLTl4AjE7ir9dFj3ERp6KtGptj0wHPYaUffnCuAL4KV97Mv9pCAa57wfaOzAjidEwoPIlj-nDA=#resort@sbm.mc	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129
	(No subject) (2).eml	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129
	https://mgg-pdf-1i4.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129
	https://6786iuojhgytuikji.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129
	https://8e1fd3fcd03b297a.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129
	https://hunterranchgolf-pdf.pages.dev/IP:	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129
	https://somanyroadsllc-pdf.pages.dev/IP:	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129
	https://bryzekcpa-pdf.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PUREVOLTAGE-INCUS	http://www.noahsarkademy.com	Get hash	malicious	Unknown	Browse	162.249.168.129
	https://shiny-haze-e3f9.oriental-chef-hrg9939.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	169.197.85.95
	2M1NS61GG8.exe	Get hash	malicious	LummaC, DarkTortilla, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	169.197.85.95
	notepad.txt	Get hash	malicious	HTMLPhisher	Browse	169.197.85.95
	https://groun-93ed.ehajdranrsuw.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	169.197.85.95
	https://emaut-27ef.orlvrbliillroeo.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	169.197.85.95
	https://imgern-ee14.earyllofeprir.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	169.197.85.95
	https://yesterwebring.neocities.org	Get hash	malicious	Phisher	Browse	169.197.85.95
	https://cw91z3.fh99.fdske.com/ec/gAAAAABmFI7-U75wZdk4Jb365_DTJqKG3bSWfxdeSUjKOGzC1y6cTw11NTNId5ZX_vUEirXQMOioH9lREiens6j45wgrBwPNUg0uSDQmqtCKabvqmsO9d-jSFqKsV-M0M0FDb5u8aYCVKX5ifFJMqRSVDyLIOq4SxxILM4A2xp-o9rwoX4s-XvuDADU_TNcyVbra--hPXo71icLx1OlYaHQwLc3irmvEF5DXnSsrdixQcsYhoJOmaUwxwafMfg6diethBd0AkdPtF0e1B48pjpY2p_oC321MdbAoks8RsEV-HKtGs2YtfbsD6cP5oBf4m1oGU3Rh-RiP1bC18-RBmMJtE7QKxfyXq8wZ46KdWIP58MhnYBgqHmafN7CQoT0E_tmQRciG4oza07UOcacbqa0srkxsA5wf2DOmMdHgqp_4eFLTl4AjE7ir9dFj3ERp6KtGptj0wHPYaUffnCuAL4KV97Mv9pCAa57wfaOzAjidEwoPIlj-nDA=#resort@sbm.mc	Get hash	malicious	HTMLPhisher	Browse	162.249.168.129
	http://sellugsk.live	Get hash	malicious	Unknown	Browse	169.197.85.95
CLOUDFLARENETUS	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	104.18.32.137
	Invoice.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	JHqNlw9U8c.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	172.67.19.24
	file.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.5.15
	PONO6188.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	Payment details.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Docs.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	PO#50124.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://deebmpapst.ordineproposal.top/	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://springtail-lute-g4wp.squarespace.com/	Get hash	malicious	Unknown	Browse	173.222.162.64
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	173.222.162.64
	SWIFT.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	173.222.162.64
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://markssmith.icu/23d80j2d/qwd13d8jqd/index.html?13813e8=0101%2048076%2044139&13813e8=https://playgames5.net	Get hash	malicious	TechSupportScam	Browse	173.222.162.64
	https://iij110.z27.web.core.windows.net/werrx01USAHTML/?bcda=1-855-399-1052	Get hash	malicious	TechSupportScam	Browse	173.222.162.64
	https://microsoft-microsoft-microsoft-microsoft-microsoft.glowlaundry.com/?office=bWhhc2Vscm90aEBuZXhwb2ludC5jb20	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	173.222.162.64
28a2c9bd18a11de089ef85a160da29e4	http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!	Get hash	malicious	Unknown	Browse	40.68.123.157 23.193.120.112
	file.exe	Get hash	malicious	Unknown	Browse	40.68.123.157 23.193.120.112
	file.exe	Get hash	malicious	Unknown	Browse	40.68.123.157 23.193.120.112
	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 23.193.120.112
	https://exploredrinks.com	Get hash	malicious	Unknown	Browse	40.68.123.157 23.193.120.112
	JHqNlw9U8c.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	40.68.123.157 23.193.120.112
	https://survey.zohopublic.eu/zs/GzDXvp	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 23.193.120.112
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	40.68.123.157 23.193.120.112
	https://ipfs.io/ipfs/QmTvMGRn6QMQAMwSucv8UUTX3cyS4DrLuUTMvDui8TsJNN	Get hash	malicious	Unknown	Browse	40.68.123.157 23.193.120.112
	https://deebmpapst.ordineproposal.top/	Get hash	malicious	Unknown	Browse	40.68.123.157 23.193.120.112

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (771)
Category:	downloaded
Size (bytes):	776
Entropy (8bit):	5.147793957765601
Encrypted:	false
SSDEEP:	24:eBC3BHslgT9lCuABuoB7HHHHHHHYqmffffffo:eA3KlgZ01BuSEqmffffffo
MD5:	57DA7E99E5AE2817102B95018D381B22
SHA1:	C16358FA9660814759D606A93A746DAFAE101F08
SHA-256:	5D14ED1B429A9BBAA00F6D022F00CCB47FCCD21B76E2E21E11C34E2A66C3C119
SHA-512:	24AA0FC54C646CF8C8BC6B5F2F01723AE3DE853C2E02BAEC89E824C2974FDB1C43C3B46869BD20E00479E345866A6BC351166905239DD5EF294406BC071EACC6
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["star trek discovery mirrors","reddit outages","laguardia airport","washington commanders nfl draft picks","blizzard blizzcon","amazon ring refunds","aries daily horoscope today","pikesville high school principal ai"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x656, components 3
Category:	dropped
Size (bytes):	25062
Entropy (8bit):	7.721988384978091
Encrypted:	false
SSDEEP:	768:tEuGxt8VNlBijhYDAgzxnKAZTjrc/6CrKT26vF0RRs:tEuGX8VNlsjhYxc8TCWT26t0Ts
MD5:	3925D979AA4FBB0CDA622E0399410206
SHA1:	65B08E675411AC540EF56C0096C8AB415231B0DD
SHA-256:	4DCDCDA6574CBD484F47266B5572A8689BB2B5F06FE1F8218F1B6A0578845014
SHA-512:	5C6071C61B9B6D5AB650590761F974F53411E79BF8A8CA6429FD385AC17B0A2A6B9D79A3DCDAFFB3A638CA1F87258842384E8D44847B4BA9B11D700EF59DBEBD
Malicious:	false
Reputation:	low
Preview:	......JFIF.....x.x...................................+......+&.%#%.&D5//5DNB>BN_UU_wqw................................+......+&.%#%.&D5//5DNB>BN_UU_wqw.............."................................................P.....;};.<.`...V.....RS.. ..DR...I.A..Mk.I./ik4.k.EM"b...U....:.c.?H.e~?.j..g..V".....".U......4^...ZQ3.......Y.]<.Z.V..{...uz...dk..>....t.....:}+'N.27.5....N:Y._..g.......1.2....:v...jg\|..+My8."../ .d......-2.......9.....r.Wc............^~U.tZ...~.3........O.zS..[vi.^uz....L...gy./.0.......Q ..2wr.......DJQM./...VfU.%_k.D..O$+.....EK..Ah.H.$......'K...%zz#./Mw...z:[>x......^.......k./ZB.^.L&....V.nit.c.......^........,9.:..i..tO..=.S.<.....7.......X.^.s.nr..[tkl.\|....g~.$m....kR4.J..h....`......8.......oF3.#...i........1z-Y.Y.tX..L&S.4.......rc...kd..D...............>...=..+4....:.H..i...,.s.S.[..&...Uf.g.Oc.\|...e.....y.W..xR&/]:f..........k<..om..X...2.I.-5.>sVr...-.9G.[L.D.g....Le~............z,UjE6........0.KJ..y....z]....Zz

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:	768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x656, components 3
Category:	downloaded
Size (bytes):	25062
Entropy (8bit):	7.721988384978091
Encrypted:	false
SSDEEP:	768:tEuGxt8VNlBijhYDAgzxnKAZTjrc/6CrKT26vF0RRs:tEuGX8VNlsjhYxc8TCWT26t0Ts
MD5:	3925D979AA4FBB0CDA622E0399410206
SHA1:	65B08E675411AC540EF56C0096C8AB415231B0DD
SHA-256:	4DCDCDA6574CBD484F47266B5572A8689BB2B5F06FE1F8218F1B6A0578845014
SHA-512:	5C6071C61B9B6D5AB650590761F974F53411E79BF8A8CA6429FD385AC17B0A2A6B9D79A3DCDAFFB3A638CA1F87258842384E8D44847B4BA9B11D700EF59DBEBD
Malicious:	false
Reputation:	low
URL:	https://i.postimg.cc/4nk1H1rD/invoce-background.jpg
Preview:	......JFIF.....x.x...................................+......+&.%#%.&D5//5DNB>BN_UU_wqw................................+......+&.%#%.&D5//5DNB>BN_UU_wqw.............."................................................P.....;};.<.`...V.....RS.. ..DR...I.A..Mk.I./ik4.k.EM"b...U....:.c.?H.e~?.j..g..V".....".U......4^...ZQ3.......Y.]<.Z.V..{...uz...dk..>....t.....:}+'N.27.5....N:Y._..g.......1.2....:v...jg\|..+My8."../ .d......-2.......9.....r.Wc............^~U.tZ...~.3........O.zS..[vi.^uz....L...gy./.0.......Q ..2wr.......DJQM./...VfU.%_k.D..O$+.....EK..Ah.H.$......'K...%zz#./Mw...z:[>x......^.......k./ZB.^.L&....V.nit.c.......^........,9.:..i..tO..=.S.<.....7.......X.^.s.nr..[tkl.\|....g~.$m....kR4.J..h....`......8.......oF3.#...i........1z-Y.Y.tX..L&S.4.......rc...kd..D...............>...=..+4....:.H..i...,.s.S.[..&...Uf.g.Oc.\|...e.....y.W..xR&/]:f..........k<..om..X...2.I.-5.>sVr...-.9G.[L.D.g....Le~............z,UjE6........0.KJ..y....z]....Zz

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Static File Info

General

File type:	HTML document, Unicode text, UTF-8 text, with very long lines (17659), with CRLF line terminators
Entropy (8bit):	6.150142956464395
TrID:	HyperText Markup Language (12001/1) 20.69% HyperText Markup Language (12001/1) 20.69% HyperText Markup Language (11501/1) 19.83% HyperText Markup Language (11501/1) 19.83% HyperText Markup Language (11001/1) 18.97%
File name:	POattach.html
File size:	47'898 bytes
MD5:	ba5c0f66f1111d3c7bb13d790f57c7f4
SHA1:	9553678cc693662628e59a08e74a8ae2ad9c26a8
SHA256:	92fb9e83082d89d00b1ccc01481d7c8a15a31895a91c0cde9761dc0295a5b034
SHA512:	86c09cb43012e9d54c28e3bad55acf7b7f78d0af8e0ad168c0a40f44e49a5f47419fb49af4d6f221f24de2022344eed9f15d696626012542b00b1425ad53bdd5
SSDEEP:	768:9YXY/Gzink/1Yx/8OYhpvZRQkCdOgxJCitbnD4pNOxxWWWWWWJWCzqKgCS853v7X:9YoC0kNYqOGpv4dvxJCi9n4wxxWWWWWU
TLSH:	8C23AF3418C2BA0613B28694F2A2B8C7EF62D02F5311D56D794E7147CF69D62EFA3274
File Content Preview:	<html xmlns="http://www.w3.org/1999/xhtml">.. <head>.. <script type="text/javascript">function showDiv() { document.getElementById('welcomeDiv').style.display = "block"; document.getElementById('hide_this').style.display = "none";}</script>..

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 14:16:10.260401011 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:10.260411024 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:10.572882891 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:19.885421038 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:19.947932005 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:20.197909117 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:21.301470995 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.301527977 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.301595926 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.302212000 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.302236080 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.302983999 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.302992105 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.303055048 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.303352118 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.303370953 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.575546026 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.576126099 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.576143980 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.578147888 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.578253031 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.581650019 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.581734896 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.582259893 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.582266092 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.642529011 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.642939091 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.642957926 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.644407988 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.644468069 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.645435095 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.645512104 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.645576954 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.645585060 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.648714066 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.705982924 CEST	443	49698	173.222.162.64	192.168.2.6
Apr 26, 2024 14:16:21.706093073 CEST	49698	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:21.749268055 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.879631996 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.879807949 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.879895926 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.879897118 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.879940033 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880007982 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.880031109 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880207062 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880271912 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.880280018 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880352020 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880412102 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.880418062 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880738020 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880819082 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.880821943 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880844116 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.880906105 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.880944014 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.883074045 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.883131027 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.883136034 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.883261919 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.883344889 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.883347034 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.883368015 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.883426905 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.883766890 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.883930922 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.883999109 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.884004116 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.884759903 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.884839058 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.884844065 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.884924889 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.884989023 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.885001898 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.885087013 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.885170937 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.885176897 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.886171103 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.886265039 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.886270046 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.886360884 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.886428118 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.886431932 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.888164997 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.888252020 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.888252974 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.888274908 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.888360977 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.888365984 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.889015913 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.889084101 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.889089108 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.889164925 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.889218092 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.889223099 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.889435053 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:21.889506102 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:21.947894096 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.947953939 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.948014975 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.948036909 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.948110104 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.958477020 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.958497047 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.958537102 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.980504990 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.980565071 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.980581999 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.980632067 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:21.995260000 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.995280027 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:21.995342970 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.123301029 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.123322010 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.123394012 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.123430967 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.125231028 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.125441074 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.125474930 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.125497103 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.156816006 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.156848907 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.157114029 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.157505035 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.157521009 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.179007053 CEST	49704	443	192.168.2.6	104.18.11.207
Apr 26, 2024 14:16:22.179032087 CEST	443	49704	104.18.11.207	192.168.2.6
Apr 26, 2024 14:16:22.193681955 CEST	49702	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.193692923 CEST	443	49702	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.468264103 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.468285084 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.468456030 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.468969107 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.469055891 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.469130039 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.470900059 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.470938921 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.471350908 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.471362114 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.553652048 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.553754091 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.553839922 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.554043055 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.554080963 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.560209036 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.560432911 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.560451984 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.561302900 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.561367989 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.562414885 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.562479973 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.562577009 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.562586069 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.697918892 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.823563099 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.824208021 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.824260950 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.827367067 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.827461958 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.827783108 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.827869892 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.827925920 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.859999895 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.860299110 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.860315084 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.861721992 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.861876011 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.862237930 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.862237930 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.862310886 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.872126102 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.877861977 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.878190041 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.878236055 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.879312038 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.879398108 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.879687071 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.879759073 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.879789114 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.920156956 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.946321964 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.946350098 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.946393013 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:22.946417093 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:22.960284948 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.960424900 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.960529089 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.960549116 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.965853930 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:22.966012001 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.966089964 CEST	49707	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:22.966108084 CEST	443	49707	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.069849968 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.069863081 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.149458885 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.149579048 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.196352959 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.208836079 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.208852053 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.208925962 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.208967924 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.209047079 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.219798088 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.219808102 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.219906092 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.242192984 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.242199898 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.242263079 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.253442049 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.253448009 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.253528118 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.371203899 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.371211052 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.371306896 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.386333942 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.386342049 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.386415005 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.386436939 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.386465073 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.386528015 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.390615940 CEST	49710	443	192.168.2.6	162.249.168.129
Apr 26, 2024 14:16:23.390652895 CEST	443	49710	162.249.168.129	192.168.2.6
Apr 26, 2024 14:16:23.427589893 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.427711964 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.427762985 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.427925110 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.427988052 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.438401937 CEST	49709	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.438445091 CEST	443	49709	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.510636091 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.510657072 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.510833025 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.513288021 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.513299942 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.530054092 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.530129910 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.530147076 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.530195951 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.530337095 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.550899982 CEST	49708	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.550915003 CEST	443	49708	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.842417955 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.912950039 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.912965059 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.913295984 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.915113926 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.915160894 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:23.915535927 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:23.956160069 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:24.199665070 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:24.199718952 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:24.199775934 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:24.199789047 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:24.199820995 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:24.199904919 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:24.199915886 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:24.199928045 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:24.199976921 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:25.324763060 CEST	49712	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:25.324794054 CEST	443	49712	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:25.329217911 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:25.329292059 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:25.329377890 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:25.329758883 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:25.329786062 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:26.297694921 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:26.399594069 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:26.864630938 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:26.864689112 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:26.865089893 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:26.866262913 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:26.866333961 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:26.866926908 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:26.908114910 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:27.126435995 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:27.126475096 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:27.126513004 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:27.126545906 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:27.126584053 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:27.126607895 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:27.126640081 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:27.126669884 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:30.359019995 CEST	49713	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:16:30.359088898 CEST	443	49713	142.250.64.196	192.168.2.6
Apr 26, 2024 14:16:30.904165030 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:30.904284000 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:30.904360056 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:30.907109022 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:30.907155991 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.158835888 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:31.158859015 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:31.159090996 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:31.160706997 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:31.160717964 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:31.185751915 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.185831070 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.188277006 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.188317060 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.188812017 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.291105032 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.402298927 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.448131084 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.528598070 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.528749943 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.528826952 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.530368090 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.530411959 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.530440092 CEST	49715	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.530455112 CEST	443	49715	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.581048965 CEST	49718	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.581078053 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.581155062 CEST	49718	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.582102060 CEST	49718	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.582115889 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.844655037 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.844722986 CEST	49718	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.847640991 CEST	49718	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.847651005 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.848150015 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.849867105 CEST	49718	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:31.892132044 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:31.893785954 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:31.893853903 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:31.897438049 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:31.897447109 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:31.897922039 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.040036917 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:32.107161999 CEST	49698	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:32.108782053 CEST	49698	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:32.110481977 CEST	49722	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:32.110502005 CEST	443	49722	173.222.162.64	192.168.2.6
Apr 26, 2024 14:16:32.110651016 CEST	49722	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:32.111078978 CEST	49722	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:32.111093998 CEST	443	49722	173.222.162.64	192.168.2.6
Apr 26, 2024 14:16:32.305475950 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:32.317316055 CEST	443	49698	173.222.162.64	192.168.2.6
Apr 26, 2024 14:16:32.318905115 CEST	443	49698	173.222.162.64	192.168.2.6
Apr 26, 2024 14:16:32.348125935 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.496592045 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:32.496819019 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:32.496874094 CEST	49718	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:32.498697042 CEST	49718	443	192.168.2.6	23.193.120.112
Apr 26, 2024 14:16:32.498708963 CEST	443	49718	23.193.120.112	192.168.2.6
Apr 26, 2024 14:16:32.541239977 CEST	443	49722	173.222.162.64	192.168.2.6
Apr 26, 2024 14:16:32.541317940 CEST	49722	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:16:32.783633947 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783649921 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783658028 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783680916 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783693075 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783705950 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783731937 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:32.783740997 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783750057 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783756018 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783777952 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:32.783783913 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783806086 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:32.783809900 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783853054 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:32.783855915 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783868074 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:32.783905983 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:33.117583036 CEST	49716	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:16:33.117602110 CEST	443	49716	40.68.123.157	192.168.2.6
Apr 26, 2024 14:16:51.747189999 CEST	443	49722	173.222.162.64	192.168.2.6
Apr 26, 2024 14:16:51.747279882 CEST	49722	443	192.168.2.6	173.222.162.64
Apr 26, 2024 14:17:12.337574005 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:12.337646961 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:12.337734938 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:12.340595961 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:12.340646982 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.079195023 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.079272985 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.090549946 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.090569973 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.091036081 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.114006042 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.160118103 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.783699989 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.783761978 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.783807993 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.783842087 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.783868074 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.783898115 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.783916950 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.783958912 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.784019947 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.784024000 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.784061909 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.784066916 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.784166098 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.784526110 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.793190002 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.793216944 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:13.793231010 CEST	49734	443	192.168.2.6	40.68.123.157
Apr 26, 2024 14:17:13.793237925 CEST	443	49734	40.68.123.157	192.168.2.6
Apr 26, 2024 14:17:25.273977995 CEST	49736	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:17:25.274081945 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:17:25.274677038 CEST	49736	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:17:25.275258064 CEST	49736	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:17:25.275305986 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:17:25.686330080 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:17:25.686676979 CEST	49736	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:17:25.686739922 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:17:25.687094927 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:17:25.687561989 CEST	49736	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:17:25.687635899 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:17:25.727489948 CEST	49736	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:17:35.673947096 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:17:35.674022913 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:17:35.674083948 CEST	49736	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:17:37.260431051 CEST	49736	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:17:37.260502100 CEST	443	49736	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:25.337841988 CEST	49740	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:18:25.337872028 CEST	443	49740	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:25.337999105 CEST	49740	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:18:25.338237047 CEST	49740	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:18:25.338248968 CEST	443	49740	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:25.743992090 CEST	443	49740	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:25.744313002 CEST	49740	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:18:25.744333982 CEST	443	49740	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:25.744996071 CEST	443	49740	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:25.745280981 CEST	49740	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:18:25.745369911 CEST	443	49740	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:25.790131092 CEST	49740	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:18:35.750529051 CEST	443	49740	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:35.750742912 CEST	443	49740	142.250.64.196	192.168.2.6
Apr 26, 2024 14:18:35.750801086 CEST	49740	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:18:37.262248993 CEST	49740	443	192.168.2.6	142.250.64.196
Apr 26, 2024 14:18:37.262273073 CEST	443	49740	142.250.64.196	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 14:16:21.156598091 CEST	61558	53	192.168.2.6	1.1.1.1
Apr 26, 2024 14:16:21.156795979 CEST	52152	53	192.168.2.6	1.1.1.1
Apr 26, 2024 14:16:21.157672882 CEST	56851	53	192.168.2.6	1.1.1.1
Apr 26, 2024 14:16:21.157819033 CEST	60697	53	192.168.2.6	1.1.1.1
Apr 26, 2024 14:16:21.282897949 CEST	53	53668	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:21.298651934 CEST	53	55832	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:21.298732996 CEST	53	61558	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:21.300096989 CEST	53	60697	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:21.300944090 CEST	53	52152	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:21.301291943 CEST	53	52454	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:21.302242994 CEST	53	56851	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:22.031013966 CEST	57934	53	192.168.2.6	1.1.1.1
Apr 26, 2024 14:16:22.031495094 CEST	52557	53	192.168.2.6	1.1.1.1
Apr 26, 2024 14:16:22.155808926 CEST	53	57934	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:22.156327963 CEST	53	52557	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:22.427645922 CEST	63041	53	192.168.2.6	1.1.1.1
Apr 26, 2024 14:16:22.428114891 CEST	64240	53	192.168.2.6	1.1.1.1
Apr 26, 2024 14:16:22.531596899 CEST	53	64513	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:22.553076029 CEST	53	63041	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:22.553114891 CEST	53	64240	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:33.258991003 CEST	53	52327	1.1.1.1	192.168.2.6
Apr 26, 2024 14:16:42.586656094 CEST	53	49868	1.1.1.1	192.168.2.6
Apr 26, 2024 14:17:02.916449070 CEST	53	58183	1.1.1.1	192.168.2.6
Apr 26, 2024 14:17:20.576453924 CEST	53	56540	1.1.1.1	192.168.2.6
Apr 26, 2024 14:17:27.643407106 CEST	53	61064	1.1.1.1	192.168.2.6
Apr 26, 2024 14:17:48.462599993 CEST	53	57757	1.1.1.1	192.168.2.6
Apr 26, 2024 14:18:34.072546959 CEST	53	51362	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 14:16:21.156598091 CEST	192.168.2.6	1.1.1.1	0xe04b	Standard query (0)	i.postimg.cc	A (IP address)	IN (0x0001)	false
Apr 26, 2024 14:16:21.156795979 CEST	192.168.2.6	1.1.1.1	0xa52a	Standard query (0)	i.postimg.cc	65	IN (0x0001)	false
Apr 26, 2024 14:16:21.157672882 CEST	192.168.2.6	1.1.1.1	0xb246	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 14:16:21.157819033 CEST	192.168.2.6	1.1.1.1	0x456	Standard query (0)	stackpath.bootstrapcdn.com	65	IN (0x0001)	false
Apr 26, 2024 14:16:22.031013966 CEST	192.168.2.6	1.1.1.1	0x2360	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 14:16:22.031495094 CEST	192.168.2.6	1.1.1.1	0x651e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 14:16:22.427645922 CEST	192.168.2.6	1.1.1.1	0x646	Standard query (0)	i.postimg.cc	A (IP address)	IN (0x0001)	false
Apr 26, 2024 14:16:22.428114891 CEST	192.168.2.6	1.1.1.1	0x85b8	Standard query (0)	i.postimg.cc	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 14:16:21.298732996 CEST	1.1.1.1	192.168.2.6	0xe04b	No error (0)	i.postimg.cc	162.249.168.129	A (IP address)	IN (0x0001)	false
Apr 26, 2024 14:16:21.300096989 CEST	1.1.1.1	192.168.2.6	0x456	No error (0)	stackpath.bootstrapcdn.com		65	IN (0x0001)	false
Apr 26, 2024 14:16:21.302242994 CEST	1.1.1.1	192.168.2.6	0xb246	No error (0)	stackpath.bootstrapcdn.com	104.18.11.207	A (IP address)	IN (0x0001)	false
Apr 26, 2024 14:16:21.302242994 CEST	1.1.1.1	192.168.2.6	0xb246	No error (0)	stackpath.bootstrapcdn.com	104.18.10.207	A (IP address)	IN (0x0001)	false
Apr 26, 2024 14:16:22.155808926 CEST	1.1.1.1	192.168.2.6	0x2360	No error (0)	www.google.com	142.250.64.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 14:16:22.156327963 CEST	1.1.1.1	192.168.2.6	0x651e	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 26, 2024 14:16:22.553076029 CEST	1.1.1.1	192.168.2.6	0x646	No error (0)	i.postimg.cc	162.249.168.129	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

stackpath.bootstrapcdn.com

i.postimg.cc

www.google.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49704	104.18.11.207	443	6280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:21 UTC	525	OUT	GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1 Host: stackpath.bootstrapcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 12:16:21 UTC	946	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 12:16:21 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: W/"67176c242e1bdc20603c878dee836df3" Last-Modified: Mon, 25 Jan 2021 22:04:06 GMT CDN-CachedAt: 09/03/2022 05:38:18 CDN-ProxyVer: 1.02 CDN-RequestPullCode: 200 CDN-RequestPullSuccess: True CDN-EdgeStorageId: 976 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-Status: 200 CDN-RequestId: c481a00ec7a45a9e7242eaefa5b2f00b CDN-Cache: HIT CF-Cache-Status: HIT Age: 5067133 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 87a680e83ffa2251-MIA alt-svc: h3=":443"; ma=86400
2024-04-26 12:16:21 UTC	423	IN	Data Raw: 37 63 30 32 0d 0a 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 31 2e 33 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 Data Ascii: 7c02/! Bootstrap v4.1.3 (https://getbootstrap.com/) * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */!function(
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 65 72 79 22 2c 22 70 6f 70 70 65 72 2e 6a 73 22 5d 2c 65 29 3a 65 28 74 2e 62 6f 6f 74 73 74 72 61 70 3d 7b 7d 2c 74 2e 6a 51 75 65 72 79 2c 74 2e 50 6f 70 70 65 72 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 68 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3b 69 2e 65 6e 75 6d 65 72 61 62 6c 65 3d 69 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 69 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 2c 22 76 61 6c 75 65 22 69 6e 20 69 26 26 28 69 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 69 2e 6b 65 79 2c 69 Data Ascii: ery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 6e 2c 55 6e 2c 71 6e 2c 46 6e 3d 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 65 3d 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 3b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2c 6e 3d 21 31 3b 72 65 74 75 72 6e 20 69 28 74 68 69 73 29 2e 6f 6e 65 28 6c 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 3d 21 30 7d 29 2c 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 7c 7c 6c 2e 74 72 69 67 67 65 72 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 65 29 7d 2c 74 29 2c 74 68 69 73 7d 76 61 72 20 6c 3d 7b 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 3a 22 62 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 22 2c 67 65 74 55 49 44 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 3b 74 2b Data Ascii: n,Un,qn,Fn=function(i){var e="transitionend";function t(t){var e=this,n=!1;return i(this).one(l.TRANSITION_END,function(){n=!0}),setTimeout(function(){n\|\|l.triggerTransitionEnd(e)},t),this}var l={TRANSITION_END:"bsTransitionEnd",getUID:function(t){for(;t+
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 67 75 6d 65 6e 74 73 29 7d 7d 2c 6c 7d 28 65 29 2c 4b 6e 3d 28 6e 3d 22 61 6c 65 72 74 22 2c 61 3d 22 2e 22 2b 28 6f 3d 22 62 73 2e 61 6c 65 72 74 22 29 2c 63 3d 28 72 3d 65 29 2e 66 6e 5b 6e 5d 2c 75 3d 7b 43 4c 4f 53 45 3a 22 63 6c 6f 73 65 22 2b 61 2c 43 4c 4f 53 45 44 3a 22 63 6c 6f 73 65 64 22 2b 61 2c 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 6b 22 2b 61 2b 22 2e 64 61 74 61 2d 61 70 69 22 7d 2c 66 3d 22 61 6c 65 72 74 22 2c 64 3d 22 66 61 64 65 22 2c 67 3d 22 73 68 6f 77 22 2c 5f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 74 7d 76 61 72 20 74 3d 69 2e 70 72 6f 74 6f 74 79 70 65 3b 72 65 74 75 72 6e 20 74 2e 63 6c 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 74 Data Ascii: guments)}},l}(e),Kn=(n="alert",a="."+(o="bs.alert"),c=(r=e).fn[n],u={CLOSE:"close"+a,CLOSED:"closed"+a,CLICK_DATA_API:"click"+a+".data-api"},f="alert",d="fade",g="show",_=function(){function i(t){this._element=t}var t=i.prototype;return t.close=function(t
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 20 5f 29 29 2c 72 2e 66 6e 5b 6e 5d 3d 5f 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 72 2e 66 6e 5b 6e 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 5f 2c 72 2e 66 6e 5b 6e 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 66 6e 5b 6e 5d 3d 63 2c 5f 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 2c 5f 29 2c 4d 6e 3d 28 70 3d 22 62 75 74 74 6f 6e 22 2c 79 3d 22 2e 22 2b 28 76 3d 22 62 73 2e 62 75 74 74 6f 6e 22 29 2c 45 3d 22 2e 64 61 74 61 2d 61 70 69 22 2c 43 3d 28 6d 3d 65 29 2e 66 6e 5b 70 5d 2c 54 3d 22 61 63 74 69 76 65 22 2c 62 3d 22 62 74 6e 22 2c 49 3d 27 5b 64 61 74 61 2d 74 6f 67 67 6c 65 5e 3d 22 62 75 74 74 6f 6e 22 5d 27 2c 41 3d 27 5b 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 62 75 Data Ascii: _)),r.fn[n]=_._jQueryInterface,r.fn[n].Constructor=_,r.fn[n].noConflict=function(){return r.fn[n]=c,_._jQueryInterface},_),Mn=(p="button",y="."+(v="bs.button"),E=".data-api",C=(m=e).fn[p],T="active",b="btn",I='[data-toggle^="button"]',A='[data-toggle="bu
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 29 3b 76 61 72 20 65 3d 74 2e 74 61 72 67 65 74 3b 6d 28 65 29 2e 68 61 73 43 6c 61 73 73 28 62 29 7c 7c 28 65 3d 6d 28 65 29 2e 63 6c 6f 73 65 73 74 28 4e 29 29 2c 6b 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2e 63 61 6c 6c 28 6d 28 65 29 2c 22 74 6f 67 67 6c 65 22 29 7d 29 2e 6f 6e 28 4f 2e 46 4f 43 55 53 5f 42 4c 55 52 5f 44 41 54 41 5f 41 50 49 2c 49 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 6d 28 74 2e 74 61 72 67 65 74 29 2e 63 6c 6f 73 65 73 74 28 4e 29 5b 30 5d 3b 6d 28 65 29 2e 74 6f 67 67 6c 65 43 6c 61 73 73 28 53 2c 2f 5e 66 6f 63 75 73 28 69 6e 29 3f 24 2f 2e 74 65 73 74 28 74 2e 74 79 70 65 29 29 7d 29 2c 6d 2e 66 6e 5b 70 5d 3d 6b 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 6d 2e 66 6e 5b 70 5d 2e 43 6f 6e Data Ascii: );var e=t.target;m(e).hasClass(b)\|\|(e=m(e).closest(N)),k._jQueryInterface.call(m(e),"toggle")}).on(O.FOCUS_BLUR_DATA_API,I,function(t){var e=m(t.target).closest(N)[0];m(e).toggleClass(S,/^focus(in)?$/.test(t.type))}),m.fn[p]=k._jQueryInterface,m.fn[p].Con
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 6c 65 63 74 6f 72 28 6e 74 29 2c 74 68 69 73 2e 5f 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 28 29 7d 76 61 72 20 74 3d 6f 2e 70 72 6f 74 6f 74 79 70 65 3b 72 65 74 75 72 6e 20 74 2e 6e 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 7c 7c 74 68 69 73 2e 5f 73 6c 69 64 65 28 71 29 7d 2c 74 2e 6e 65 78 74 57 68 65 6e 56 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 21 64 6f 63 75 6d 65 6e 74 2e 68 69 64 64 65 6e 26 26 50 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 69 73 28 22 3a 76 69 73 69 62 6c 65 22 29 26 26 22 68 69 64 64 65 6e 22 21 3d 3d 50 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 63 73 73 28 22 76 69 73 69 62 69 6c 69 74 79 22 29 26 26 74 68 69 73 2e 6e 65 78 74 28 29 7d 2c 74 2e Data Ascii: lector(nt),this._addEventListeners()}var t=o.prototype;return t.next=function(){this._isSliding\|\|this._slide(q)},t.nextWhenVisible=function(){!document.hidden&&P(this._element).is(":visible")&&"hidden"!==P(this._element).css("visibility")&&this.next()},t.
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 74 3d 6c 28 7b 7d 2c 57 2c 74 29 2c 46 6e 2e 74 79 70 65 43 68 65 63 6b 43 6f 6e 66 69 67 28 6a 2c 74 2c 55 29 2c 74 7d 2c 74 2e 5f 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 6b 65 79 62 6f 61 72 64 26 26 50 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 28 51 2e 4b 45 59 44 4f 57 4e 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 5f 6b 65 79 64 6f 77 6e 28 74 29 7d 29 2c 22 68 6f 76 65 72 22 3d 3d 3d 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 70 61 75 73 65 26 26 28 50 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 6f 6e 28 51 2e 4d 4f 55 53 45 45 4e 54 45 52 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 Data Ascii: t=l({},W,t),Fn.typeCheckConfig(j,t,U),t},t._addEventListeners=function(){var e=this;this._config.keyboard&&P(this._element).on(Q.KEYDOWN,function(t){return e._keydown(t)}),"hover"===this._config.pause&&(P(this._element).on(Q.MOUSEENTER,function(t){return
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 28 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 29 7b 76 61 72 20 65 3d 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 24 29 29 3b 50 28 65 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 56 29 3b 76 61 72 20 6e 3d 74 68 69 73 2e 5f 69 6e 64 69 63 61 74 6f 72 73 45 6c 65 6d 65 6e 74 2e 63 68 69 6c 64 72 65 6e 5b 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 28 74 29 5d 3b 6e 26 26 50 28 6e 29 2e 61 64 64 43 6c 61 73 73 28 56 29 7d 7d 2c 74 2e 5f 73 6c 69 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 2c 69 2c 72 2c 6f 3d 74 68 69 73 2c 73 3d 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 71 75 65 72 Data Ascii: (this._indicatorsElement){var e=[].slice.call(this._indicatorsElement.querySelectorAll($));P(e).removeClass(V);var n=this._indicatorsElement.children[this._getItemIndex(t)];n&&P(n).addClass(V)}},t._slide=function(t,e){var n,i,r,o=this,s=this._element.quer
2024-04-26 12:16:21 UTC	1369	IN	Data Raw: 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 6e 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 74 5b 6e 5d 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 27 4e 6f 20 6d 65 74 68 6f 64 20 6e 61 6d 65 64 20 22 27 2b 6e 2b 27 22 27 29 3b 74 5b 6e 5d 28 29 7d 65 6c 73 65 20 65 2e 69 6e 74 65 72 76 61 6c 26 26 28 74 2e 70 61 75 73 65 28 29 2c 74 2e 63 79 63 6c 65 28 29 29 7d 29 7d 2c 6f 2e 5f 64 61 74 61 41 70 69 43 6c 69 63 6b 48 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 46 6e 2e 67 65 74 53 65 6c 65 63 74 6f 72 46 72 6f 6d 45 6c 65 6d 65 6e 74 28 74 68 69 73 29 3b 69 66 28 65 29 7b 76 61 72 20 6e 3d 50 28 65 29 5b 30 5d 3b 69 66 28 6e 26 26 50 28 6e 29 2e 68 61 73 43 6c 61 73 73 28 42 29 Data Ascii: ing"==typeof n){if("undefined"==typeof t[n])throw new TypeError('No method named "'+n+'"');t[n]()}else e.interval&&(t.pause(),t.cycle())})},o._dataApiClickHandler=function(t){var e=Fn.getSelectorFromElement(this);if(e){var n=P(e)[0];if(n&&P(n).hasClass(B)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49702	162.249.168.129	443	6280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:21 UTC	566	OUT	GET /4nk1H1rD/invoce-background.jpg HTTP/1.1 Host: i.postimg.cc Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 12:16:21 UTC	380	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 12:16:21 GMT Content-Type: image/jpeg Content-Length: 25062 Connection: close Last-Modified: Wed, 03 Apr 2024 18:09:37 GMT Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Cache-Control: public Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Accept-Ranges: bytes
2024-04-26 12:16:21 UTC	3716	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 78 00 78 00 00 ff db 00 84 00 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 01 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 ff c2 00 11 08 02 90 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 ff da 00 08 01 01 00 00 00 00 f9 50 00 00 00 00 00 3b 7d 3b 05 3c 9e 60 cf 9a 80 b7 56 80 00 00 00 8a 52 53 a4 d2 b3 20 09 99 44 52 d3 9c cd eb 49 d2 41 15 Data Ascii: JFIFxx++&.%#%.&D5//5DNB>BN_UU_wqw++&.%#%.&D5//5DNB>BN_UU_wqw"P;};<`VRS DRIA
2024-04-26 12:16:21 UTC	4096	IN	Data Raw: 7e 1c df b3 d4 d4 0c fc 7e 6c 32 76 fb fa c7 9d e1 5b 7c 6f 4a f5 2b 58 b5 ba 70 e3 e8 f7 ba 48 00 09 71 79 18 77 7b 56 0c fc 5e 5e be 6e 9f 76 5e 64 ea 00 00 00 00 00 c3 20 2b 84 5a de 90 00 65 1e 94 67 19 f3 6f b7 07 cb 74 f5 54 02 1e ae 90 d3 ae 59 73 26 26 22 f1 13 12 bd 6b 3b da d6 00 01 9e 14 d3 a8 11 cd 4b 53 4e ad 6d e6 4e a0 00 00 00 00 0c 32 02 b8 45 ad e9 00 06 51 e9 53 9e 38 fc af 47 bb 83 e3 63 2e 2c 2a be a2 7d 5f 6e 21 e8 fa 97 8e 2e 2a 66 be 73 d5 85 77 9a 52 27 5c e2 9d 7e b4 80 03 2f 37 0c 7b 3d 5b 86 7e 57 0e ae af 5f ab 4f 32 75 00 00 00 00 00 61 90 15 c2 2d 6f 48 00 32 8f 4a b8 57 0e 2e be 9c f8 29 15 e7 a4 6b b8 5d 07 67 59 87 3d 33 ac d5 d3 4a eb 13 4c 9a cc e5 d3 da 00 05 38 e9 9f 47 6c 85 38 b0 b4 6f df d3 7f 32 75 00 00 00 00 00 Data Ascii: ~~l2v[\|oJ+XpHqyw{V^^nv^d +ZegotTYs&&"k;KSNmN2EQS8Gc.,}_n!.fswR'\~/7{=[~W_O2ua-oH2JW.)k]gY=3JL8Gl8o2u
2024-04-26 12:16:21 UTC	4096	IN	Data Raw: 0b b4 41 a0 4d 20 b3 40 ca 52 94 a5 29 4a 52 94 a5 25 17 01 11 88 48 43 34 0c a5 29 4a 52 94 a5 29 4a 59 c8 32 94 a5 29 4a 52 94 a5 29 4a 45 4e 85 27 06 85 35 49 32 94 a5 29 4a 52 94 a5 29 4a 59 24 19 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 93 84 04 19 4a 44 94 c2 10 2d a4 4a 52 24 a4 a0 b6 10 13 92 98 16 c3 45 b0 d0 12 94 a5 29 4a 52 94 a5 29 4a 44 91 08 43 5c 00 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a4 68 a2 05 b0 d8 48 54 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 91 38 04 00 88 43 5e bd 7a f5 eb d6 50 53 f2 11 af 5e bd 7a b5 eb d6 5b 28 08 28 08 d7 af 5e bd 7a f5 eb d7 af 5e bd 7a f5 eb d7 af 5e bd 7a f5 eb d7 af Data Ascii: AM @R)JR%HC4)JR)JY2)JR)JEN'5I2)JR)JY$JR)JR)JR)JR)JR)JRJD-JR$E)JR)JDC\)JR)JR)JR)JRhHT)JR)JR)JR)JR)JR)JR)JR)JR8C^zPS^z[((^z^z^z
2024-04-26 12:16:21 UTC	4096	IN	Data Raw: 9c 86 d0 5a 26 dc db f3 1b 51 6b cc 2d 83 2b b7 e4 45 b3 46 73 94 a5 29 4a 52 94 a5 29 4a 52 70 1b 73 6c d3 41 52 94 a5 25 17 59 16 fa 8d bb 4d 25 40 9a 76 9b fe 51 a5 7a 0d 1f 84 d5 a7 b9 ca 6a 93 4a a2 a9 3a e9 bc 65 e0 a7 d4 a3 6a 19 f5 3d 57 2b 17 66 f7 bb b9 9b 84 ae 45 4e bc 6e ba cd e2 6f 4d e1 be 17 a2 e9 77 62 f3 a8 5d 2e ec 5d 9b d1 79 d6 ab b1 76 6f 59 b9 0b 94 a5 29 4a 52 94 a5 29 49 4b 72 eb ad 57 ac 5d 05 ca 52 94 94 b7 6e 8d f2 6f 4d eb 37 48 5a 4a a9 da 6f f9 46 95 e8 34 7e 13 56 9e e7 29 aa 4d 2a 88 c3 ed 9b 56 1a 01 f0 45 a2 50 65 e8 7a ae d0 2d b9 0d 98 b3 62 dc 0c 10 f3 66 d8 db 2e d0 5a 9b 53 6a dd aa 58 5d aa 6d 4d b8 b7 36 c6 d4 da 8b 61 6e 6d 45 a9 b5 61 80 31 8c 63 18 c6 31 8c 63 18 71 2e b1 ca 6d 6d ed c0 c6 31 8c 2d 2f b1 c8 2d Data Ascii: Z&Qk-+EFs)JR)JRpslAR%YM%@vQzjJ:ej=W+fENnoMwb].]yvoY)JR)IKrW]RnoM7HZJoF4~V)M*VEPez-bf.ZSjX]mM6anmEa1c1cq.mm1-/-
2024-04-26 12:16:22 UTC	4096	IN	Data Raw: 49 a6 34 95 73 a9 2a 92 29 e7 2a a1 d4 91 2a 8d 0d a1 92 24 32 49 ea 68 36 c9 12 4c 71 43 a8 d2 29 b8 ae 2b 8a e7 22 b9 d4 fc 89 a4 21 08 42 cf 41 b2 4a e4 aa 49 a2 75 27 c9 24 c5 4a 1d 4c 92 25 52 7c 8d 34 d9 44 23 a9 34 89 54 91 3a 8d 25 51 14 15 44 21 08 42 22 21 08 42 16 68 5f 6b 51 08 42 12 11 12 24 48 d8 56 12 28 52 b5 22 44 8a b1 16 f4 2a 8a 89 91 b1 1e 08 d8 8a 28 53 24 21 21 22 a7 52 10 84 24 21 08 42 12 c9 31 08 a2 12 6c ad 68 3d 7c 93 4c 91 27 72 54 27 51 b6 ab 53 45 f0 a6 24 98 93 22 96 c4 5b d8 52 42 48 e9 6d 15 f2 46 9b 11 a9 11 22 a3 89 5f 24 5a 22 47 81 2f 07 51 54 3a 8e 83 44 89 0c 68 91 22 43 7f d2 6a 49 b7 42 4c 91 24 49 3d 6a 35 1d 7e 0a 8c 63 18 c6 8a 7c f5 44 9b 64 9e cc 6f 62 bb 64 d6 c7 06 be 07 17 e0 69 2f 89 c9 0d ba 92 25 5a 8e Data Ascii: I4s)$2Ih6LqC)+"!BAJIu'$JL%R\|4D#4T:%QD!B"!Bh_kQB$HV(R"D(S$!!"R$!B1lh=\|L'rT'QSE$"[RBHmF"_$Z"G/QT:Dh"CjIBL$I=j5~c\|Ddobdi/%Z
2024-04-26 12:16:22 UTC	4096	IN	Data Raw: 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 62 d9 98 d6 66 35 99 8b 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 62 d9 98 d6 66 35 99 8a de a9 92 69 54 d0 d7 ed 7b 8d 16 5a 2f 9f b8 ed 2a 26 44 89 12 36 23 c1 1e 08 f0 47 82 3c 11 22 44 89 12 24 78 23 c1 1e 08 f0 44 89 1e 08 f0 44 89 1e 08 f0 44 89 1e 08 f0 44 89 1e 08 f0 44 89 12 24 78 23 c1 1e 08 f0 47 82 3c 11 e0 8f 04 78 23 c1 1e 08 f0 47 82 3c 11 e0 8f 04 78 23 c1 1e 08 f0 47 82 3c 11 22 44 89 12 24 48 f0 44 8f 04 78 23 c1 1e 08 f0 47 82 3c 11 22 44 89 12 29 d4 51 3b 4d 7e d7 b8 d1 65 a2 f9 fb 8e dc a8 85 0d 1b 23 74 46 4e 9d Data Ascii: f5fcYf5fcYf5fcYf5fcYf5fcYf5fcYf5fcYf5fbf5fcYf5fcYf5fbf5iT{Z/*&D6#G<"D$x#DDDDD$x#G<x#G<x#G<"D$HDx#G<"D)Q;M~e#tFN
2024-04-26 12:16:22 UTC	866	IN	Data Raw: a6 a2 49 24 dd 35 15 15 3d c5 59 ea 4f cb 8e a6 15 51 11 51 31 a2 22 63 88 fa dc 56 5d c1 7d 91 64 70 df c5 1f 9b 97 83 b4 4c 78 f1 cd 9e f1 ff 00 03 d1 f5 38 ef bb f4 dd cb 1c bb 33 cf b3 7f 3f 56 76 4d 4d 4f ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 56 f5 3d c5 4d 4f be 7a 24 d4 7b d3 24 f5 6d 13 d1 99 9f e0 66 8c 4f 91 24 93 ee cf c4 9f 9a 00 03 db 14 00 00 0f 8b 33 97 26 4c 99 32 64 c9 93 26 4c 99 32 64 c9 93 26 4c 99 32 64 c9 93 26 4c 99 32 64 c9 93 26 4c 99 32 64 c9 93 2c 4f c5 40 8a a8 11 55 00 54 00 04 55 55 55 55 55 54 00 22 aa 80 bf 1a 6e 2d 3c 8e c6 2e 68 ba 66 a2 5d fc 22 5d dd dd dd dd de 64 9a 89 77 79 9a 89 8f 8b 34 00 45 01 56 22 60 00 00 00 00 00 0a aa aa 00 00 28 00 47 c6 27 fc 4d 13 d9 24 9a 24 92 49 24 d1 24 93 f1 67 c2 df 39 Data Ascii: I$5=YOQQ1"cV]}dpLx83?VvMMOV=MOz${$mfO$3&L2d&L2d&L2d&L2d&L2d,O@UTUUUUUT"n-<.hf]"]dwy4EV"`(G'M$$I$$g9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49707	142.250.64.196	443	6280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:22 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 12:16:22 UTC	1703	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 12:16:22 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-gb7dDTS5YcH2yOXfETk-4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-26 12:16:22 UTC	783	IN	Data Raw: 33 30 38 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 74 61 72 20 74 72 65 6b 20 64 69 73 63 6f 76 65 72 79 20 6d 69 72 72 6f 72 73 22 2c 22 72 65 64 64 69 74 20 6f 75 74 61 67 65 73 22 2c 22 6c 61 67 75 61 72 64 69 61 20 61 69 72 70 6f 72 74 22 2c 22 77 61 73 68 69 6e 67 74 6f 6e 20 63 6f 6d 6d 61 6e 64 65 72 73 20 6e 66 6c 20 64 72 61 66 74 20 70 69 63 6b 73 22 2c 22 62 6c 69 7a 7a 61 72 64 20 62 6c 69 7a 7a 63 6f 6e 22 2c 22 61 6d 61 7a 6f 6e 20 72 69 6e 67 20 72 65 66 75 6e 64 73 22 2c 22 61 72 69 65 73 20 64 61 69 6c 79 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 22 2c 22 70 69 6b 65 73 76 69 6c 6c 65 20 68 69 67 68 20 73 63 68 6f 6f 6c 20 70 72 69 6e 63 69 70 61 6c 20 61 69 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c Data Ascii: 308)]}'["",["star trek discovery mirrors","reddit outages","laguardia airport","washington commanders nfl draft picks","blizzard blizzcon","amazon ring refunds","aries daily horoscope today","pikesville high school principal ai"],["","","","","","","",
2024-04-26 12:16:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49709	142.250.64.196	443	6280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:22 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 12:16:23 UTC	1843	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGJe2rrEGIjBAC3Sl0nJ4h2THKc6MXQJMPjcvZ2b6sbOMlO_dlr_YCxyCxMotFFGEecXYoVCzog4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIl7ausQYQm-X7pwESBGaBmNw Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 12:16:23 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-12; expires=Sun, 26-May-2024 12:16:23 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=CwpzJAcELjoc0qmC3Ca9Zg9c7lok9EErdHA3sNL2XHJ7EqqNOUpME1jygxo9EfFGuAgKkVOdEJtUVBKwWajhLJVAHdVfJrAQLWHTVpDRXhnp2Il95gMbTU_YCW-T4P085eAq5o10bDhZI0iuPF9hebuBfT9aMF3CuzCFXZ2gGx8; expires=Sat, 26-Oct-2024 12:16:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 12:16:23 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49708	142.250.64.196	443	6280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:22 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 12:16:23 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGJe2rrEGIjBIUzmP8MjS68jsU5n7lalH86H45ODGAtFoirmRa8CbfH9TSmM6tQA67w0nt09hXd8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIl7ausQYQq92xxwESBGaBmNw Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 12:16:23 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-12; expires=Sun, 26-May-2024 12:16:23 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=Qoej7ORltlsBqD4J2-S_Z_JJb014iCktlZmlMmjpKKvfCzZJIHEmA1Hde7u8pCJuCKHMc16yOTt0hXjhLr2bM6O3gJfhUU8-hqKz-lRZDwZJGhFyQKnX5WZ2h3gyadOBtJ9xX6yYRsBBPEoTWBsXi2YGIRRjcKTo5InTA9SSzZU; expires=Sat, 26-Oct-2024 12:16:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 12:16:23 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49710	162.249.168.129	443	6280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:22 UTC	366	OUT	GET /4nk1H1rD/invoce-background.jpg HTTP/1.1 Host: i.postimg.cc Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 12:16:23 UTC	380	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 12:16:23 GMT Content-Type: image/jpeg Content-Length: 25062 Connection: close Last-Modified: Wed, 03 Apr 2024 18:09:37 GMT Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Cache-Control: public Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Accept-Ranges: bytes
2024-04-26 12:16:23 UTC	3716	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 78 00 78 00 00 ff db 00 84 00 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 01 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 ff c2 00 11 08 02 90 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 ff da 00 08 01 01 00 00 00 00 f9 50 00 00 00 00 00 3b 7d 3b 05 3c 9e 60 cf 9a 80 b7 56 80 00 00 00 8a 52 53 a4 d2 b3 20 09 99 44 52 d3 9c cd eb 49 d2 41 15 Data Ascii: JFIFxx++&.%#%.&D5//5DNB>BN_UU_wqw++&.%#%.&D5//5DNB>BN_UU_wqw"P;};<`VRS DRIA
2024-04-26 12:16:23 UTC	4096	IN	Data Raw: 7e 1c df b3 d4 d4 0c fc 7e 6c 32 76 fb fa c7 9d e1 5b 7c 6f 4a f5 2b 58 b5 ba 70 e3 e8 f7 ba 48 00 09 71 79 18 77 7b 56 0c fc 5e 5e be 6e 9f 76 5e 64 ea 00 00 00 00 00 c3 20 2b 84 5a de 90 00 65 1e 94 67 19 f3 6f b7 07 cb 74 f5 54 02 1e ae 90 d3 ae 59 73 26 26 22 f1 13 12 bd 6b 3b da d6 00 01 9e 14 d3 a8 11 cd 4b 53 4e ad 6d e6 4e a0 00 00 00 00 0c 32 02 b8 45 ad e9 00 06 51 e9 53 9e 38 fc af 47 bb 83 e3 63 2e 2c 2a be a2 7d 5f 6e 21 e8 fa 97 8e 2e 2a 66 be 73 d5 85 77 9a 52 27 5c e2 9d 7e b4 80 03 2f 37 0c 7b 3d 5b 86 7e 57 0e ae af 5f ab 4f 32 75 00 00 00 00 00 61 90 15 c2 2d 6f 48 00 32 8f 4a b8 57 0e 2e be 9c f8 29 15 e7 a4 6b b8 5d 07 67 59 87 3d 33 ac d5 d3 4a eb 13 4c 9a cc e5 d3 da 00 05 38 e9 9f 47 6c 85 38 b0 b4 6f df d3 7f 32 75 00 00 00 00 00 Data Ascii: ~~l2v[\|oJ+XpHqyw{V^^nv^d +ZegotTYs&&"k;KSNmN2EQS8Gc.,}_n!.fswR'\~/7{=[~W_O2ua-oH2JW.)k]gY=3JL8Gl8o2u
2024-04-26 12:16:23 UTC	4096	IN	Data Raw: 0b b4 41 a0 4d 20 b3 40 ca 52 94 a5 29 4a 52 94 a5 25 17 01 11 88 48 43 34 0c a5 29 4a 52 94 a5 29 4a 59 c8 32 94 a5 29 4a 52 94 a5 29 4a 45 4e 85 27 06 85 35 49 32 94 a5 29 4a 52 94 a5 29 4a 59 24 19 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 93 84 04 19 4a 44 94 c2 10 2d a4 4a 52 24 a4 a0 b6 10 13 92 98 16 c3 45 b0 d0 12 94 a5 29 4a 52 94 a5 29 4a 44 91 08 43 5c 00 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a4 68 a2 05 b0 d8 48 54 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 91 38 04 00 88 43 5e bd 7a f5 eb d6 50 53 f2 11 af 5e bd 7a b5 eb d6 5b 28 08 28 08 d7 af 5e bd 7a f5 eb d7 af 5e bd 7a f5 eb d7 af 5e bd 7a f5 eb d7 af Data Ascii: AM @R)JR%HC4)JR)JY2)JR)JEN'5I2)JR)JY$JR)JR)JR)JR)JR)JRJD-JR$E)JR)JDC\)JR)JR)JR)JRhHT)JR)JR)JR)JR)JR)JR)JR)JR8C^zPS^z[((^z^z^z
2024-04-26 12:16:23 UTC	4096	IN	Data Raw: 9c 86 d0 5a 26 dc db f3 1b 51 6b cc 2d 83 2b b7 e4 45 b3 46 73 94 a5 29 4a 52 94 a5 29 4a 52 70 1b 73 6c d3 41 52 94 a5 25 17 59 16 fa 8d bb 4d 25 40 9a 76 9b fe 51 a5 7a 0d 1f 84 d5 a7 b9 ca 6a 93 4a a2 a9 3a e9 bc 65 e0 a7 d4 a3 6a 19 f5 3d 57 2b 17 66 f7 bb b9 9b 84 ae 45 4e bc 6e ba cd e2 6f 4d e1 be 17 a2 e9 77 62 f3 a8 5d 2e ec 5d 9b d1 79 d6 ab b1 76 6f 59 b9 0b 94 a5 29 4a 52 94 a5 29 49 4b 72 eb ad 57 ac 5d 05 ca 52 94 94 b7 6e 8d f2 6f 4d eb 37 48 5a 4a a9 da 6f f9 46 95 e8 34 7e 13 56 9e e7 29 aa 4d 2a 88 c3 ed 9b 56 1a 01 f0 45 a2 50 65 e8 7a ae d0 2d b9 0d 98 b3 62 dc 0c 10 f3 66 d8 db 2e d0 5a 9b 53 6a dd aa 58 5d aa 6d 4d b8 b7 36 c6 d4 da 8b 61 6e 6d 45 a9 b5 61 80 31 8c 63 18 c6 31 8c 63 18 71 2e b1 ca 6d 6d ed c0 c6 31 8c 2d 2f b1 c8 2d Data Ascii: Z&Qk-+EFs)JR)JRpslAR%YM%@vQzjJ:ej=W+fENnoMwb].]yvoY)JR)IKrW]RnoM7HZJoF4~V)M*VEPez-bf.ZSjX]mM6anmEa1c1cq.mm1-/-
2024-04-26 12:16:23 UTC	4096	IN	Data Raw: 49 a6 34 95 73 a9 2a 92 29 e7 2a a1 d4 91 2a 8d 0d a1 92 24 32 49 ea 68 36 c9 12 4c 71 43 a8 d2 29 b8 ae 2b 8a e7 22 b9 d4 fc 89 a4 21 08 42 cf 41 b2 4a e4 aa 49 a2 75 27 c9 24 c5 4a 1d 4c 92 25 52 7c 8d 34 d9 44 23 a9 34 89 54 91 3a 8d 25 51 14 15 44 21 08 42 22 21 08 42 16 68 5f 6b 51 08 42 12 11 12 24 48 d8 56 12 28 52 b5 22 44 8a b1 16 f4 2a 8a 89 91 b1 1e 08 d8 8a 28 53 24 21 21 22 a7 52 10 84 24 21 08 42 12 c9 31 08 a2 12 6c ad 68 3d 7c 93 4c 91 27 72 54 27 51 b6 ab 53 45 f0 a6 24 98 93 22 96 c4 5b d8 52 42 48 e9 6d 15 f2 46 9b 11 a9 11 22 a3 89 5f 24 5a 22 47 81 2f 07 51 54 3a 8e 83 44 89 0c 68 91 22 43 7f d2 6a 49 b7 42 4c 91 24 49 3d 6a 35 1d 7e 0a 8c 63 18 c6 8a 7c f5 44 9b 64 9e cc 6f 62 bb 64 d6 c7 06 be 07 17 e0 69 2f 89 c9 0d ba 92 25 5a 8e Data Ascii: I4s)$2Ih6LqC)+"!BAJIu'$JL%R\|4D#4T:%QD!B"!Bh_kQB$HV(R"D(S$!!"R$!B1lh=\|L'rT'QSE$"[RBHmF"_$Z"G/QT:Dh"CjIBL$I=j5~c\|Ddobdi/%Z
2024-04-26 12:16:23 UTC	4096	IN	Data Raw: 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 62 d9 98 d6 66 35 99 8b 66 63 59 98 d6 66 35 99 8d 66 63 59 98 d6 66 35 99 8d 66 62 d9 98 d6 66 35 99 8a de a9 92 69 54 d0 d7 ed 7b 8d 16 5a 2f 9f b8 ed 2a 26 44 89 12 36 23 c1 1e 08 f0 47 82 3c 11 22 44 89 12 24 78 23 c1 1e 08 f0 44 89 1e 08 f0 44 89 1e 08 f0 44 89 1e 08 f0 44 89 1e 08 f0 44 89 12 24 78 23 c1 1e 08 f0 47 82 3c 11 e0 8f 04 78 23 c1 1e 08 f0 47 82 3c 11 e0 8f 04 78 23 c1 1e 08 f0 47 82 3c 11 22 44 89 12 24 48 f0 44 8f 04 78 23 c1 1e 08 f0 47 82 3c 11 22 44 89 12 29 d4 51 3b 4d 7e d7 b8 d1 65 a2 f9 fb 8e dc a8 85 0d 1b 23 74 46 4e 9d Data Ascii: f5fcYf5fcYf5fcYf5fcYf5fcYf5fcYf5fcYf5fbf5fcYf5fcYf5fbf5iT{Z/*&D6#G<"D$x#DDDDD$x#G<x#G<x#G<"D$HDx#G<"D)Q;M~e#tFN
2024-04-26 12:16:23 UTC	866	IN	Data Raw: a6 a2 49 24 dd 35 15 15 3d c5 59 ea 4f cb 8e a6 15 51 11 51 31 a2 22 63 88 fa dc 56 5d c1 7d 91 64 70 df c5 1f 9b 97 83 b4 4c 78 f1 cd 9e f1 ff 00 03 d1 f5 38 ef bb f4 dd cb 1c bb 33 cf b3 7f 3f 56 76 4d 4d 4f ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 56 f5 3d c5 4d 4f be 7a 24 d4 7b d3 24 f5 6d 13 d1 99 9f e0 66 8c 4f 91 24 93 ee cf c4 9f 9a 00 03 db 14 00 00 0f 8b 33 97 26 4c 99 32 64 c9 93 26 4c 99 32 64 c9 93 26 4c 99 32 64 c9 93 26 4c 99 32 64 c9 93 26 4c 99 32 64 c9 93 2c 4f c5 40 8a a8 11 55 00 54 00 04 55 55 55 55 55 54 00 22 aa 80 bf 1a 6e 2d 3c 8e c6 2e 68 ba 66 a2 5d fc 22 5d dd dd dd dd de 64 9a 89 77 79 9a 89 8f 8b 34 00 45 01 56 22 60 00 00 00 00 00 0a aa aa 00 00 28 00 47 c6 27 fc 4d 13 d9 24 9a 24 92 49 24 d1 24 93 f1 67 c2 df 39 Data Ascii: I$5=YOQQ1"cV]}dpLx83?VvMMOV=MOz${$mfO$3&L2d&L2d&L2d&L2d&L2d,O@UTUUUUUT"n-<.hf]"]dwy4EV"`(G'M$$I$$g9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49712	142.250.64.196	443	6280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:23 UTC	900	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGJe2rrEGIjBAC3Sl0nJ4h2THKc6MXQJMPjcvZ2b6sbOMlO_dlr_YCxyCxMotFFGEecXYoVCzog4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-12; NID=513=CwpzJAcELjoc0qmC3Ca9Zg9c7lok9EErdHA3sNL2XHJ7EqqNOUpME1jygxo9EfFGuAgKkVOdEJtUVBKwWajhLJVAHdVfJrAQLWHTVpDRXhnp2Il95gMbTU_YCW-T4P085eAq5o10bDhZI0iuPF9hebuBfT9aMF3CuzCFXZ2gGx8
2024-04-26 12:16:24 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 12:16:24 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3186 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 12:16:24 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-26 12:16:24 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 62 58 53 48 56 69 39 4b 4f Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="bXSHVi9KO
2024-04-26 12:16:24 UTC	1032	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49713	142.250.64.196	443	6280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:26 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGJe2rrEGIjBIUzmP8MjS68jsU5n7lalH86H45ODGAtFoirmRa8CbfH9TSmM6tQA67w0nt09hXd8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-12; NID=513=Qoej7ORltlsBqD4J2-S_Z_JJb014iCktlZmlMmjpKKvfCzZJIHEmA1Hde7u8pCJuCKHMc16yOTt0hXjhLr2bM6O3gJfhUU8-hqKz-lRZDwZJGhFyQKnX5WZ2h3gyadOBtJ9xX6yYRsBBPEoTWBsXi2YGIRRjcKTo5InTA9SSzZU
2024-04-26 12:16:27 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 12:16:27 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3114 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 12:16:27 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-26 12:16:27 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 79 6e 77 4b 66 56 4d 48 49 46 77 71 55 59 2d 43 54 75 34 78 64 4b 36 56 49 6b 5a 48 58 34 4b 78 4b Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="ynwKfVMHIFwqUY-CTu4xdK6VIkZHX4KxK
2024-04-26 12:16:27 UTC	960	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49715	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:31 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 12:16:31 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=67579 Date: Fri, 26 Apr 2024 12:16:31 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49718	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:31 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 12:16:32 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=67748 Date: Fri, 26 Apr 2024 12:16:32 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 12:16:32 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49716	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:16:32 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fc+XcVUpVwGmnE5&MD=9K45Wntp HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 12:16:32 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 275d6a26-5345-46e2-8465-6a61f3ed40bf MS-RequestId: 2051e2fb-6de1-4de2-a26c-95d2c8cadb48 MS-CV: 7UbrIFaagES50ECt.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 12:16:31 GMT Connection: close Content-Length: 24490
2024-04-26 12:16:32 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 12:16:32 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49734	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:17:13 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fc+XcVUpVwGmnE5&MD=9K45Wntp HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 12:17:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: d879b176-9604-4c65-a6d2-0196eca619cb MS-RequestId: 5ddcfe0d-56e9-494e-bcc9-482111183d8a MS-CV: fybTPAJFjESzOY5v.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 12:17:12 GMT Connection: close Content-Length: 25457
2024-04-26 12:17:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 12:17:13 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2744, Parent PID: 5968

General

Target ID:	0
Start time:	14:16:11
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\POattach.html"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6280, Parent PID: 2744

General

Target ID:	3
Start time:	14:16:19
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1992,i,4275330503968366977,14474711898625079558,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 716, Parent PID: 7084

General

Target ID:	4
Start time:	14:16:20
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://739759078368945019535231516431401126273227452560306561161109/
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2420, Parent PID: 716

General

Target ID:	5
Start time:	14:16:21
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,10206737139113049155,15613713108784648929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report POattach.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2744, Parent PID: 5968

General

Chronological Activities

Analysis Process: chrome.exePID: 6280, Parent PID: 2744

General

Windows Analysis Report
POattach.html