Edit tour

Windows Analysis Report
http://questdagnostics.com/bill

Overview

General Information

Sample URL:	http://questdagnostics.com/bill
Analysis ID:	1632297
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

AI detected suspicious Javascript

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2328,i,16787605200765446010,11188688182140596869,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2356 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://questdagnostics.com/bill" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 0.0.i.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: http://questdagnostics.com/bill... This script exhibits several high-risk behaviors, including dynamic code execution through the use of obfuscated URLs and potential data exfiltration. The presence of multiple fallback domains and the aggressive manipulation of the DOM further increase the risk. While the script's purpose is not entirely clear, the overall behavior is highly suspicious and indicative of malicious intent.
Source: 1.1..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: http://questdagnostics.com/page/bouncy.php?&bpae=G... This script exhibits several high-risk behaviors, including dynamic code execution and data exfiltration. It uses obfuscated URLs and attempts to redirect the user to a suspicious domain, which is a strong indicator of malicious intent. The script also checks for the presence of an iframe and a popup window, which could be used to bypass security measures. Overall, this script poses a significant risk and should be treated with caution.

AI detected suspicious URL

Source: http://questdagnostics.com

Joe Sandbox AI: The URL 'questdagnostics.com' closely resembles the legitimate URL 'questdiagnostics.com', which belongs to the well-known healthcare company Quest Diagnostics. The primary difference is the substitution of 'i' with 'a' in 'diagnostics', which is a common typographical error. This character substitution is visually subtle and could easily be overlooked by users, leading to potential confusion. The domain extension '.com' is the same as the legitimate site, which increases the likelihood of user deception. There is no indication that 'questdagnostics.com' serves a different legitimate purpose unrelated to Quest Diagnostics, suggesting a high likelihood of typosquatting.

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\LICENSE.txt

Jump to behavior

Source: unknown

HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49727 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:61513 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /zclkvisitor/e713bbe0-fb8f-11ef-8fa5-121569b2ce89/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=37c7ea50-c695-11ef-8079-0affcf01680d HTTP/1.1Host: pollu-qmx.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bforldonate.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /bill HTTP/1.1Host: questdagnostics.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page/bouncy.php?&bpae=GbhGs7HGyrx69buvsaspcrRS8lMeLx3yB2dbJkwyehem7uz1LprR0Xc%2FZVudBecR4OZxdjGGm9yaqloxd6BqqjGqxl4P8tvryLcUj%2FBfO7Ztt1vgHLSiDXnQV8DIDFn%2BQ8h%2B5lFvbjKpeQls9X%2BLAkDTvZ1sWW31E4%2Ft%2Fm%2FbMcyz7SC1F5u4i58dnqtlASl6IA%2BsWKGZrrJU82i5ZjZZM3kYIqfV%2FMj79mq6VMAqmmsqeiU6J%2BmF0721o7Pj%2FDWeOjWTmD%2B1juvnp%2FuNzqpIwFzV9cxQBFEcd8S7TYifPAxxWreir48Lm9MKRgXRdPX5qYu2T06H3slRw9sONGKVlsXCA4Q1J%2B3pWFOT9yVUGetw886eSG8WxSOHwKE6BCTlaJ7QWSErXcv%2FmY448I1zUH8sUg5M7FnvS2V2TIlnDgfGJdMNUy7WHzcW8onTEFh25cwjiQoSrFlkLZDrGu8FmyIL%2Be80VOrs5DjotT4cFULUrQbJxR8%2FwIxJocNmUqC9mEFmH4O8%2FsKk4k6aqPHqniLi8bASDAq%2Fwb94yem2kN82YhBJXrwsh2ALlVfYjjlyS5KLM3RYkWXiRg%2Fp6G5dGXDAe%2BUHcyeKNBIhpmutG5mFM3Xx3P0%2BjWAdBhR%2FXJHMe%2B9nLiFCTnS8rYq6AZQ7RBN%2Bgg69RkqU85E4QkR3H9EZRR5kb42%2FKgIsd8DXKA8IVTpoQle%2BG2Rowb7%2Br6uBm6aiea%2FDVrld3UW8R3GRPxnHyzM8IVshlkSxAWUfaHDHB9WQMdTd6jugr0pjCM6DjntTGcB0cFjz35sdVnLICqAu9fQpEYXJQ6oLbdj0Ie%2FIBrrVl6wW0TrCwi0%2B29wVJnn5smLBEg66avkC1AYkRMst%2BWZixJJKSG20V3cJCbDQgEJcUyT5PIs4g7JseN3hys4kLpQS0ZLVDiBJdcC%2B5ZGG6rRQyXZI8cgKFWMkXF2N3%2F1ukXjacNld0xmc8ji3KbYsv%2Bb6KEQ2zGcD2LGLfGsy7ejBsZD50obo7a3XxnjEg0Raq9VcR5RcwOpWVqPu90YZgtAv%2BE2NNlMNIvK7H2Rj1s3PlueHwkygMIYOdmsEYBDeJ5jqZKtTeWqK6RI7QnQdJ5RV3ZbnAhcg1O1Kgxzd4Lt1Rw9TzOOVT9jKWLPobJ%2Bt4UobTB7EhxP3CZfV9WlXVt91nmrQ6aeHpHJB1dMODp5rUqmAdWm1ZhpQicBgVsqbNcjW3elCPwdDe9R%2BmosUI9dOtEM9FoYBaiNFPhJhY%2F0MWWkIoo6eNfRHEFDEOJNW6LjwG4a0540Cy38RogHnB9mCgTpnu%2F4jw4aSJmvkbBRy6e3DqbZ85Tk4mz1yQQN%2FKp2xipJaooO1bMDLnDUPYx49kH2ejI7i6GlstEAvdqBz7CbNNpbcjdusqx%2FeIKQ0I3V84qyos3JYg1%2Fv5zSlSBxvTKqa0QqQ4EWHaIzi5hz4UjEXmzVKNYOpisorEgNJQ3pm9typg8GgoneziVnQ%2FhVz6HtElj5SqAcwnMx%2FBhVZyCoet%2B5nAO2z478oK%2BRoGWi9lOrLXpAjI1x7PxV21ZQ8jQr2oyLv28Jy7F32KzttiloWffxpqzHTfteoe69tIfaS8kek29gGhx5hTnUFVsoy%2BU7l1484hmcD4SAF5aVFfdxLkZqHERsM73M%2Fg6f%2BNGP69lHULrYYNhBYcAcXjvhlEaN00DJzsgATGJ8jGw9Ks1IconSp9TO%2FLuqGQPF5HIpACzXsYobiGsVhZTFrVGdWAN5OG0PTsOnjyh1siz9%2FjswLZzFAU7RpeJzs6JPS33X2o4ZVbo8YbHFMgAtKHHaO164bRFjSH8c2BKnMUjl52gWmc2fXKgB956Ky2UUPJ5u%2Fjo%2F1xpbCNnXHhioodZMaeUnRFb8dEDShcwx79pxfErmryJ6LXpDUaI8QTM0zmlQlyN0xNM7n3amov8GeWuMsdKm1bC192I310g%2B4oH5%2FCler0%2F1%2Bs3IHuIK4K4h%2Ba1NxgZMKys7p1mJ1EejM&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1Host: questdagnostics.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://questdagnostics.com/billAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: questdagnostics.com
Source: global traffic	DNS traffic detected: DNS query: qanonasp.com
Source: global traffic	DNS traffic detected: DNS query: bforldonate.com
Source: global traffic	DNS traffic detected: DNS query: pollu-qmx.com
Source: global traffic	DNS traffic detected: DNS query: beowu-fye.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: LICENSE.txt.5.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.5.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: LICENSE.txt.5.dr	String found in binary or memory: https://easylist.to/)
Source: LICENSE.txt.5.dr	String found in binary or memory: https://github.com/easylist)

Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61515
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 61515 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown

HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49727 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir2328_1950436349	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir2328_1950436349

Jump to behavior

Source: classification engine

Classification label: mal48.win@31/13@41/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2328,i,16787605200765446010,11188688182140596869,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2356 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://questdagnostics.com/bill"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2328,i,16787605200765446010,11188688182140596869,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2356 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\LICENSE.txt

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://questdagnostics.com/bill	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://pollu-qmx.com/zclkvisitor/e713bbe0-fb8f-11ef-8fa5-121569b2ce89/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=37c7ea50-c695-11ef-8079-0affcf01680d	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bforldonate.com	72.52.178.23	true	false	unknown
google.com	142.251.36.46	true	false	high
questdagnostics.com	69.16.230.226	true	true	unknown
pollu-qmx.com	34.203.62.184	true	false	unknown
www.google.com	142.250.185.68	true	false	high
qanonasp.com	104.21.9.149	true	false	unknown
beowu-fye.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://questdagnostics.com/bill	true		unknown
https://pollu-qmx.com/zclkvisitor/e713bbe0-fb8f-11ef-8fa5-121569b2ce89/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=37c7ea50-c695-11ef-8079-0affcf01680d	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://github.com/easylist)	LICENSE.txt.5.dr	false	high
https://easylist.to/)	LICENSE.txt.5.dr	false	high
https://creativecommons.org/.	LICENSE.txt.5.dr	false	high
https://creativecommons.org/compatiblelicenses	LICENSE.txt.5.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
34.203.62.184	pollu-qmx.com	United States	14618	AMAZON-AESUS	false
69.16.230.226	questdagnostics.com	United States	32244	LIQUIDWEBUS	true
72.52.178.23	bforldonate.com	United States	32244	LIQUIDWEBUS	false
104.21.9.149	qanonasp.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1632297
Start date and time:	2025-03-07 21:06:42 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://questdagnostics.com/bill
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@31/13@41/7

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.185.142, 142.250.185.174, 74.125.206.84, 142.250.185.206, 199.232.214.172, 142.250.186.110, 142.250.181.238, 142.250.185.78, 142.250.184.238, 142.250.186.142, 142.250.186.46, 172.217.18.3, 142.250.185.110, 172.217.16.206, 34.104.35.123, 142.250.185.238, 23.199.214.10, 23.214.159.3
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: http://questdagnostics.com/bill

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	77095
Entropy (8bit):	5.538618070900601
Encrypted:	false
SSDEEP:	1536:y1RlxQ6jQG4eeBp91moaWQQgw6I7xQvQUjci7UglVMSe/14SorG:YFBjt4xBpeoaVQgw6ItEQUjci7TVMJ46
MD5:	5F2E8BC6FD4937FBB0939C6773064F3E
SHA1:	524FAECE2A5491EF2739C2424F962C9ADF74E891
SHA-256:	4723C6E42380C6A90A601C9BF6E4DD72136958516DE05623DC8D342B6E05F00C
SHA-512:	D5B3CF6AB579B71F68BB02739B70DE1D403CE59C45442015E09B502E723E9D9FFCCED8429C228F467995CD01A13CAE9D2172994FF0D8677DFE501898922E00B7
Malicious:	false
Reputation:	low
Preview:	............0.8.@.R.-728x90...........0.8.@.R.adtdp.com^..........0.8.@.R.just-news.pro^..........0.8.@.R.6dc2699b37.com^..........0.8.@.R.yomeno.xyz^..........0.8.@.R.yellowblue.io^..........0.8.@.R.abh.jp^..........0.8.@.R.ad999.biz^..........0.8.@.R._468_60...........0.8.@.R.adrecover.com^..........0.8.@.R.pemsrv.com^..........0.8.@.R.mnaspm.com^.$........0.8.@.R.tags.refinery89.com^.,........0.8.@.R.mysmth.net/nForum//ADAgent_.>...........worldstar.com0.8.@.R.js.assemblyexchange.com/wana..(........0.8.@.R.ogads-pa.googleapis.com^..........0.8.@.R.indoleads.com^.%......0.8.@.R.discordapp.com/banners/.(........0.8.@.R.looker.com/api/internal/.#........0.8.@.R.broadstreetads.com^.(........0.8.@.R.shikoku-np.co.jp/img/ad/..........0.8.@.R./in/track?data=.!......0.8.@.R.linkbucks.com/tmpl/..........0.8.@.R.clicktripz.com^..........0.8.@.R.-ad-manager/........0.8.@.R.files.slack.com^.$........0.8.@.R.admitad-connect.com^..........0.8.@.R./300-250-.2........0.8.@.R"cloudfront.net/js/com

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\LICENSE.txt

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	24623
Entropy (8bit):	4.588307081140814
Encrypted:	false
SSDEEP:	384:mva5sf5dXrCN7tnBxpxkepTqzazijFgZk231Py9zD6WApYbm0:mvagXreRnTqzazWgj0v6XqD
MD5:	D33AAA5246E1CE0A94FA15BA0C407AE2
SHA1:	11D197ACB61361657D638154A9416DC3249EC9FB
SHA-256:	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
SHA-512:	98B1B12FF0991FD7A5612141F83F69B86BC5A89DD62FC472EE5971817B7BBB612A034C746C2D81AE58FDF6873129256A89AA8BB7456022246DC4515BAAE2454B
Malicious:	false
Reputation:	low
Preview:	EasyList Repository Licences.... Unless otherwise noted, the contents of the EasyList repository.. (https://github.com/easylist) is dual licensed under the GNU General.. Public License version 3 of the License, or (at your option) any later.. version, and Creative Commons Attribution-ShareAlike 3.0 Unported, or.. (at your option) any later version. You may use and/or modify the files.. as permitted by either licence; if required, "The EasyList authors.. (https://easylist.to/)" should be attributed as the source of the.. material. All relevant licence files are included in the repository..... Please be aware that files hosted externally and referenced in the.. repository, including but not limited to subscriptions other than.. EasyList, EasyPrivacy, EasyList Germany and EasyList Italy, may be.. available under other conditions; permission must be granted by the.. respective copyright holders to authorise the use of their material.......Creative Commons Attribut

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1529
Entropy (8bit):	5.976028518573561
Encrypted:	false
SSDEEP:	24:pZRj/flTHYFluT1XkYbKgH8jeT3g8zkaoXdKydEHKcL/cAyXoXmKiqJzc64VnICx:p/h4iJfbKgHzT1kakd9d+/LyXkmKL4dJ
MD5:	B34777C83FE725443F6706F838BFCC71
SHA1:	FB5FAB94D7E51A04BFECD8CA892A0268A491B68B
SHA-256:	93FCA3B0D84D2A8B73AEB4F9750EC4075D564677CA62FA9BBD976D5D5619E90C
SHA-512:	377A4EC4982378ABCDCFD91B257A3EF9FEA2DD9F6757A22DD5F829801FA5553B788155435F5F065FEB70B1E7D3F60812458D631C7C5B77D4E4E629DC3CB1D422
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJGaWx0ZXJpbmcgUnVsZXMiLCJyb290X2hhc2giOiJ6U0s3aDNrdHZHdk0tN0FNeExfLXpmbm9wUldrTkoxU2E0RW1QTVdpa3dnIn0seyJwYXRoIjoiTElDRU5TRS50eHQiLCJyb290X2hhc2giOiIyaWswNmk0TFlCdVNHNWphRGFIS253NE9pdnVSRzZsQ0JKMVk0TGtzRFJJIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6Ik0zUVZyMko2WEZJTjZIaERNdzFiU2RnRUhrdk5NVlMxdnNIU29mWHJtWDQifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJnY21qa21nZGxnbmtrY29jbW9laW1pbmFpam1tam5paSIsIml0ZW1fdmVyc2lvbiI6IjkuNTUuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"eVOox95LHt_huD1ZXNk2zxPSK5LxokRu6x0S_ww8Ogb8eOdWxUS-5DWuW4M3rfp6I9tSsLFbZQBy5kvVbkG2XTL2RHMfdF39BNFpjebNLkcQj85ki-IZdn4iYzb7yR8D2jsu2I5aXLZKuwemUaYqw_WiH8DPDTddIWBsR26QcPWGLg1H97vUpe7XsZSs2evmcojkfDe0pzKgmnnsngqJjoPdYbz7iCvc4cTtvuT5q_DqSlH8t

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.858534313092168
Encrypted:	false
SSDEEP:	3:STED3DG7BRc6VANMdunDlGwpva:S+3y66qNMgDl1pC
MD5:	00336491D5151AE40C377A836A97D4E1
SHA1:	B66D1B09F3473DAC79E036F30C12003E1707E0A0
SHA-256:	3D4821C7C552D1D9F0A36859C34432433A7084B27D7928011B0534215EFFD3C9
SHA-512:	12E324A3782DC7928FC182C74D3E8CBE8FBF3D884D54A03C891775041B8FAF4B96F4F271C04E67AC3D6FE610F87F63FF5DCD04870AED92B2B470F73BD7AD38D4
Malicious:	false
Reputation:	low
Preview:	1.6af08fc2b0dd497e30e40290efcb817b9b1f7dc7f734ab1a9dd000ae01f36050

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	4.547350270682037
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFHXG7LGMdv5HcDKhtUJKS1wA:F6VlMZWuMt5SKPS1wA
MD5:	9585CB6CAE92DF90F9FCE1091C6DA40A
SHA1:	FCA8BDED549311578C4623680159FFED831FC38B
SHA-256:	337415AF627A5C520DE87843330D5B49D8041E4BCD3154B5BEC1D2A1F5EB997E
SHA-512:	99192B2F98C559CE61CFE5796733A9DA01CF9B4CA966500ABDD71E35E18A3BF9B75CE5815E73F19D07F299E4BE2B8FC6B9F289D6BBBBF357B9C0D24622DB8207
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.55.0".}

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 5179
Category:	downloaded
Size (bytes):	1561
Entropy (8bit):	7.863251417764597
Encrypted:	false
SSDEEP:	48:XV/xZNtsDOEHx5LABma0mxVgm+o8bTFlJy+:BxZNtsDjHjLxTrm+oYTJy+
MD5:	1D43F8D483A452A76DF80AD2FC1CEBAF
SHA1:	7F5996D942D5DAF5FE2B2B9B36692132B56F7BCF
SHA-256:	AFA8B51D985FD852B12B14D40355AA11D3545E8FE1B91B9963295583DD6BFFBD
SHA-512:	B89014F3EA5C678A1D05DDBB0F7B2DD6084C7639CBECECBB579D7853E4B3C1A2AFD615276AB2172ACEC5DC5425D023C70584D794D3F277CE11FA10FD82463369
Malicious:	false
Reputation:	low
URL:	http://questdagnostics.com/page/bouncy.php?&bpae=GbhGs7HGyrx69buvsaspcrRS8lMeLx3yB2dbJkwyehem7uz1LprR0Xc%2FZVudBecR4OZxdjGGm9yaqloxd6BqqjGqxl4P8tvryLcUj%2FBfO7Ztt1vgHLSiDXnQV8DIDFn%2BQ8h%2B5lFvbjKpeQls9X%2BLAkDTvZ1sWW31E4%2Ft%2Fm%2FbMcyz7SC1F5u4i58dnqtlASl6IA%2BsWKGZrrJU82i5ZjZZM3kYIqfV%2FMj79mq6VMAqmmsqeiU6J%2BmF0721o7Pj%2FDWeOjWTmD%2B1juvnp%2FuNzqpIwFzV9cxQBFEcd8S7TYifPAxxWreir48Lm9MKRgXRdPX5qYu2T06H3slRw9sONGKVlsXCA4Q1J%2B3pWFOT9yVUGetw886eSG8WxSOHwKE6BCTlaJ7QWSErXcv%2FmY448I1zUH8sUg5M7FnvS2V2TIlnDgfGJdMNUy7WHzcW8onTEFh25cwjiQoSrFlkLZDrGu8FmyIL%2Be80VOrs5DjotT4cFULUrQbJxR8%2FwIxJocNmUqC9mEFmH4O8%2FsKk4k6aqPHqniLi8bASDAq%2Fwb94yem2kN82YhBJXrwsh2ALlVfYjjlyS5KLM3RYkWXiRg%2Fp6G5dGXDAe%2BUHcyeKNBIhpmutG5mFM3Xx3P0%2BjWAdBhR%2FXJHMe%2B9nLiFCTnS8rYq6AZQ7RBN%2Bgg69RkqU85E4QkR3H9EZRR5kb42%2FKgIsd8DXKA8IVTpoQle%2BG2Rowb7%2Br6uBm6aiea%2FDVrld3UW8R3GRPxnHyzM8IVshlkSxAWUfaHDHB9WQMdTd6jugr0pjCM6DjntTGcB0cFjz35sdVnLICqAu9fQpEYXJQ6oLbdj0Ie%2FIBrrVl6wW0TrCwi0%2B29wVJnn5smLBEg66avkC1AYkRMst%2BWZixJJKSG20V3cJCbDQgEJcUyT5PIs4g7JseN3hys4kLpQS0ZLVDiBJdcC%2B5ZGG6rRQyXZI8cgKFWMkXF2N3%2F1ukXjacNld0xmc8ji3KbYsv%2Bb6KEQ2zGcD2LGLfGsy7ejBsZD50obo7a3XxnjEg0Raq9VcR5RcwOpWVqPu90YZgtAv%2BE2NNlMNIvK7H2Rj1s3PlueHwkygMIYOdmsEYBDeJ5jqZKtTeWqK6RI7QnQdJ5RV3ZbnAhcg1O1Kgxzd4Lt1Rw9TzOOVT9jKWLPobJ%2Bt4UobTB7EhxP3CZfV9WlXVt91nmrQ6aeHpHJB1dMODp5rUqmAdWm1ZhpQicBgVsqbNcjW3elCPwdDe9R%2BmosUI9dOtEM9FoYBaiNFPhJhY%2F0MWWkIoo6eNfRHEFDEOJNW6LjwG4a0540Cy38RogHnB9mCgTpnu%2F4jw4aSJmvkbBRy6e3DqbZ85Tk4mz1yQQN%2FKp2xipJaooO1bMDLnDUPYx49kH2ejI7i6GlstEAvdqBz7CbNNpbcjdusqx%2FeIKQ0I3V84qyos3JYg1%2Fv5zSlSBxvTKqa0QqQ4EWHaIzi5hz4UjEXmzVKNYOpisorEgNJQ3pm9typg8GgoneziVnQ%2FhVz6HtElj5SqAcwnMx%2FBhVZyCoet%2B5nAO2z478oK%2BRoGWi9lOrLXpAjI1x7PxV21ZQ8jQr2oyLv28Jy7F32KzttiloWffxpqzHTfteoe69tIfaS8kek29gGhx5hTnUFVsoy%2BU7l1484hmcD4SAF5aVFfdxLkZqHERsM73M%2Fg6f%2BNGP69lHULrYYNhBYcAcXjvhlEaN00DJzsgATGJ8jGw9Ks1IconSp9TO%2FLuqGQPF5HIpACzXsYobiGsVhZTFrVGdWAN5OG0PTsOnjyh1siz9%2FjswLZzFAU7RpeJzs6JPS33X2o4ZVbo8YbHFMgAtKHHaO164bRFjSH8c2BKnMUjl52gWmc2fXKgB956Ky2UUPJ5u%2Fjo%2F1xpbCNnXHhioodZMaeUnRFb8dEDShcwx79pxfErmryJ6LXpDUaI8QTM0zmlQlyN0xNM7n3amov8GeWuMsdKm1bC192I310g%2B4oH5%2FCler0%2F1%2Bs3IHuIK4K4h%2Ba1NxgZMKys7p1mJ1EejM&redirectType=js&inIframe=false&inPopUp=false
Preview:	.............:....."./JutD...>{w.......a.A.f.......;;U.UG:.'.m-.........+.....[....~zk.&.....k..lF...26.\|.xI..j...Z{%,........^#.. O.._.{.....V.=.q...X...a.;2.Bw.b+.;W.$.l3.\..).#.S.z.b..1.J.......6...s.:.I.#.]..+hNg....D........VV..]\..xp...&..5KI.g.m{...`$.<...&...ZB.%O..-..\|J'3P.^j.gs.kq9..a#.+e=.............9S...m..3x.v;.....;....CF[?=.A...W...3...ui..t..F.._...M.y....ev.p{....]..f{TTgd.n....tA/..xU..G.A....W.#..F<m....`.}....}....u..F..~..<.:...F8...g..%..[.0,,......eM.L.r..Q.....f.c.w.$..b......h<K.....[...).Gl..!w6....;_.l..1.h.\7..<5.9.B.v.........D.....lK..\.!R1Q..q..r......l..g.}'.....$.oK....4.4P...g......q..H....=......GDA$.57...0.qu....V.:......[T....E&.4S..p/.#......Ac.j..\L.......0.P..!...62U..D$.F...5...+.ct.S.C....j`1G...i.%..g.V(.......R.._T...%Z^....S\.b.is...!....$.5{x[..@P..!?:?...=....q....h6[B...6..p..0.....e.......i..yt.\|r@.s...I<p.2......7.J.v1:'^.....Yc...:."e...+c..;..=..:7....Z~...(..2.;U:......y..\_(...

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 7030
Category:	downloaded
Size (bytes):	2026
Entropy (8bit):	7.90127138809714
Encrypted:	false
SSDEEP:	48:XovfLceQZry5bAoBmVSVDfGz53YMMi4r6DqSeUv69Sz:4vYkaSmyA3oi4mDqSlveSz
MD5:	38D370047F35EA8D218D12F447C65922
SHA1:	F7252AFB0EDA0C0D774F881A856CBD2713713F24
SHA-256:	D76D560C2AD815169C45502FE3F62200F57E72D43FFEF71BAF7BBD99FF2F95FB
SHA-512:	949DD7176D5EE186475AE4BCA05F4CA5DDA2D46AEFE7CAD7DF3339DED8C58423E2EB6061401FA4D67FDF42D5030E2387A0851D5979E43769C6AD2EEB8B6CC2A2
Malicious:	false
Reputation:	low
URL:	http://questdagnostics.com/bill
Preview:	...........Y..F.=.\|E..7.0.-.$\5.R.7.......q_$....IU..60..O:..%^DdH=.\|.....>.. J.....E7=..n..ri.{4.E.yC.......2.5n.&Y........R.K#%K.L<..h..v................!z7.S.#...r ..C...$....U..$..../.~....WB{.r..iBn..;..j,...^l~D9....[\j....9......-D. ....N&x....d.(g......6.T.NE,..&..z4Z.a...v=+..H....'}...z.A....B..:>R..p(.....R........r.7.I....$...=..#.,.......14;;...D...uw....}g.)i~5..,n!..X....Y}O...I.Ht.8....$.w.H.....Sr...g...d.dz.2....>.U.g.IM..[.@..n.W.s.H.ea.. VW=..i..zUt...;.0.._...'..{....M.XweQ...~..X...1<jW.JF.Q.B/.ux..........4z.9.4...e....Z.B...>_.Sag....J'..0.ONV....w.<ID-..i..;8W.l..6..T.xX3.^.{.q...lhQ6g..,#...{4!....dF.m...8..Z..).4.V\|.k...KB...S.5.3W.Q."h..C.b^@.d..F^7....:..x.H.e..,#uS...a.{...fr...%b.a.....{vf.V'.O.E.z..;....n.....;w...jQ..MC.....IF...a.W..a.sAX,..9...D....j..qTF<....X...U.,g..>_pj..!..%..lk=...d.......L....2J..-uB......V....`.......i\)Prc...6n...PM)d;;..?..;.....3.;...>...iV...4JF....c5..~]3C9..z....T..Cmr

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 2320
Category:	downloaded
Size (bytes):	804
Entropy (8bit):	7.735156907602742
Encrypted:	false
SSDEEP:	24:XeNV0P4EMA8kjshakJY+pGCuqZKNsu+0WsV/n:XeC4hAnjkDDuFsRPSn
MD5:	FEA5B6A1C5EF1A8DB77B349D09CDCC03
SHA1:	67232C2F5B8E364D07558CD460A1727B00BEBC91
SHA-256:	B7E76C36C007C9D2562BFF16BEDCE482A132B78AB1B336CD47E90AD26B56E048
SHA-512:	10F22604C5097C62738CC48C5F4399C00851A86EC3A53D17370AE3F3E0204BEBF8A16CE1FD548583AB55B98532928097896DE6EEC52A7C2B2A4545CB31C71B50
Malicious:	false
Reputation:	low
URL:	https://bforldonate.com/
Preview:	...........V..8.}f."..G.i...4..@ .......l....8.!......{..>.d.eW.q.:......O....(.R'.,..&....\.2...{+.J].\......b.?P..Y9P.u.o.I.<..w..1...J.L.E....1>d....}W.E........%...K...b0..xb.......eS8.~{..B..Z.....@{p..9Y.}u...l7`F..[..j.;.b....3.SO.F......?.{8*...m.hR.....j..-ky9..........dq1k.d...![l.....G....._..56.\`T..'a.S.....;F.]#...[k..zY...z..a.mW..^L..............c!.=.[.V.......`.zj\.+..k.....u..6..l..M.p.C.......DV.1R..<;.W9.},.....Ak.........3.7O.`...t.5.k8.'..ih4..qM.3l..A14...5.[..R.2\|...:....ss..O{....!..).../......`...vNQ................. ..C..q.r.....s".q.....+..}.....H..........I....>w..9..J....U...w.,}.^......'BWT`....0b.\|.!r...T....N..0.g.3....8.%.B.l..].%....k>0DC.....W`w.o......=..sN..8...2C.C._....a.-..S.v?j.G...kL..j..T..S}.\|.\|.~.-.......

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 991
Category:	downloaded
Size (bytes):	409
Entropy (8bit):	7.4096464743547354
Encrypted:	false
SSDEEP:	12:XlVK/sSlSOudpNwDXUSSlRhudNcFTnW8R2Ol:XlcDXYwD7OVzT2Ol
MD5:	B0694561C0C75A7DBF2776642B70DFD3
SHA1:	681BDFABF67F481FB3105F8FED10E2E0955B143A
SHA-256:	D91362AADFFF2625016E77966FA8F87BEB791439388B72A05965C3B38418E1D4
SHA-512:	CB9D90F4BA4191B57DF5CD665B270F044CE3AAC0CD6F427555A54B01425304C4A38F55F5E9C9BF39AAFFB5324B4C153A401D1855739599B4DE1BEB8754FC719E
Malicious:	false
Reputation:	low
URL:	https://bforldonate.com/page/bouncy.php?&bpae=GbhGdL0GvUx%2Fj3O0934q5ufQ0pG8jjqbwTWt%2FT%2BmHW2UOArkr631Xoig6AStthEQEEZrYJLHcxY0Y7VqhsdS5%2BrC9YBmX%2BMG7i66uDZxdTEkB9zqGLVyC6YW7gwoXWcNotEgU%2F0WTswr4HZEG4YGmkB1wIYM6cVAYkZbCBnmS5%2Biw9TtmL0zcadQO6qiJHHSxkJDrt4kA1fEKIc710GvHNswIB%2BwQWcjcoeivIQthjt4yzimfDWocxdm0FtP%2BduGCAf16haDlXVe%2BaqXHI4NBw3oJFA5gHsFy8TTfAFcBqocA79oRr81MTaW%2BKwgAfJ%2BjgnYQNUjXRt12OrDrl6k3z2Ur3A0nhTMmc7lV38f5ywG3l4puc%2B%2B1NqsXcjXXs14nDI4F9ywk%2Fv2hn%2BvSTeOp9lSc8Zzml0nNB4dWpNeCGkKcJ71%2FLt76t7nyyLmW%2FD5cKDzs%2Bd8lhDpndDG8rZ976gSoHdpcurnxcmcMabn5F6OGZwiPZoZEEgFnpdPumL0qQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false
Preview:	...........SMs. .=.....q&..v..FJ/...K~.^..)....i......g&.s{..]...m..7...v.BNg......5;.@..G.............1...S.....`~......+...jW+.9Z+..\|.e.[....O..%.Tly3..m....%@...\|..{.........P6.T.-.f.W.T.......!j+.v...-....a.=...f..I+..N._....T.=N...Jw\.h.........5.vrsqy...\.S.l..........<Z..~....(.bq.}...1.gNP7.!...9.{..=.>.0..........q..e...Z..dm.Q.y.)>.....U.a..p6..]...`..y..K.......9/..9.......

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 7, 2025 21:07:48.362050056 CET	49678	443	192.168.2.4	20.189.173.27
Mar 7, 2025 21:07:48.673209906 CET	49678	443	192.168.2.4	20.189.173.27
Mar 7, 2025 21:07:48.938795090 CET	49671	443	192.168.2.4	204.79.197.203
Mar 7, 2025 21:07:49.282531977 CET	49678	443	192.168.2.4	20.189.173.27
Mar 7, 2025 21:07:50.485727072 CET	49678	443	192.168.2.4	20.189.173.27
Mar 7, 2025 21:07:52.891957998 CET	49678	443	192.168.2.4	20.189.173.27
Mar 7, 2025 21:07:57.751272917 CET	49678	443	192.168.2.4	20.189.173.27
Mar 7, 2025 21:07:58.595021009 CET	49671	443	192.168.2.4	204.79.197.203
Mar 7, 2025 21:07:59.655239105 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:07:59.660418034 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.764507055 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.764524937 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.764535904 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.764542103 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.764676094 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.764688969 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.765335083 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:07:59.765525103 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:07:59.876941919 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:07:59.881540060 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:07:59.881540060 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:07:59.882025003 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.886549950 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.886562109 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.986032009 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:07:59.986172915 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:07:59.986920118 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:07:59.991980076 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:08:00.013371944 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:00.013423920 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:00.014549971 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:00.014935017 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:00.014950991 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:00.101869106 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:08:00.102319956 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:08:00.121625900 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:08:00.126754999 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:08:00.233016968 CET	443	49709	131.253.33.254	192.168.2.4
Mar 7, 2025 21:08:00.234009027 CET	49709	443	192.168.2.4	131.253.33.254
Mar 7, 2025 21:08:00.238977909 CET	49680	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:00.239365101 CET	49727	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:00.239481926 CET	443	49727	204.79.197.222	192.168.2.4
Mar 7, 2025 21:08:00.239576101 CET	49727	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:00.239893913 CET	49727	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:00.239907980 CET	443	49727	204.79.197.222	192.168.2.4
Mar 7, 2025 21:08:00.349033117 CET	49729	80	192.168.2.4	142.250.186.163
Mar 7, 2025 21:08:00.354559898 CET	80	49729	142.250.186.163	192.168.2.4
Mar 7, 2025 21:08:00.354644060 CET	49729	80	192.168.2.4	142.250.186.163
Mar 7, 2025 21:08:00.354732037 CET	49729	80	192.168.2.4	142.250.186.163
Mar 7, 2025 21:08:00.359801054 CET	80	49729	142.250.186.163	192.168.2.4
Mar 7, 2025 21:08:00.546185970 CET	49680	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:00.994168997 CET	80	49729	142.250.186.163	192.168.2.4
Mar 7, 2025 21:08:00.999917984 CET	49729	80	192.168.2.4	142.250.186.163
Mar 7, 2025 21:08:01.005114079 CET	80	49729	142.250.186.163	192.168.2.4
Mar 7, 2025 21:08:01.146429062 CET	49680	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:01.184288025 CET	80	49729	142.250.186.163	192.168.2.4
Mar 7, 2025 21:08:01.226423979 CET	49729	80	192.168.2.4	142.250.186.163
Mar 7, 2025 21:08:02.085937023 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:02.097090006 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:02.097112894 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:02.098340988 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:02.099596977 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:02.100444078 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:02.100557089 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:02.141455889 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:02.141474009 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:02.191596985 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:02.282871962 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:02.282917976 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:02.283454895 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:02.287035942 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:02.287050962 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:02.317006111 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:02.317239046 CET	49733	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:02.322164059 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:02.322235107 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:02.322293997 CET	80	49733	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:02.322376013 CET	49733	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:02.346867085 CET	49680	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:02.369376898 CET	443	49727	204.79.197.222	192.168.2.4
Mar 7, 2025 21:08:02.369451046 CET	49727	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:04.753901958 CET	49680	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:05.099705935 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:05.104818106 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:05.721890926 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:05.721906900 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:05.721977949 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:05.873442888 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:05.878595114 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:05.878604889 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:05.878609896 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:06.016077995 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:06.016088963 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:06.016141891 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:06.104547977 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:06.120852947 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:06.120917082 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:06.120933056 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:06.122427940 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:06.122447014 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:06.123606920 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:06.123637915 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:06.123944998 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:06.124022007 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:06.124087095 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:06.124531031 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:06.124542952 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:06.125890017 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:06.128149033 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:06.128182888 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:06.567689896 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:06.611978054 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:07.360481024 CET	49678	443	192.168.2.4	20.189.173.27
Mar 7, 2025 21:08:09.563203096 CET	49680	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:09.738737106 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.758790970 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.758913994 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:09.758944988 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.761703014 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:09.761734009 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.762026072 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:09.762032986 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.762274027 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:09.762279034 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.831829071 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.846729040 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.846793890 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:09.846810102 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:09.847567081 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:09.847577095 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:10.138705969 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:10.139081955 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:10.139111996 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:10.234323025 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:10.257440090 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:10.282077074 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:10.316135883 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:10.368556023 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:10.410259962 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:10.589629889 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:10.589677095 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:10.589755058 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:10.590233088 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:10.590245962 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:11.767141104 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:11.767229080 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:11.767460108 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:12.292865038 CET	49726	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:12.292900085 CET	443	49726	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:14.359848022 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:14.375740051 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:14.375806093 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:14.375834942 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:14.377430916 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:14.377445936 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:14.377655983 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:14.377660990 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:14.377803087 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:14.377808094 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:14.805408955 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:14.846354008 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:14.940735102 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:14.942420006 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:14.942442894 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:15.332657099 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:15.374998093 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:15.450048923 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:15.450078011 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:15.884736061 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:08:15.945173979 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:08:16.165941954 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:16.165987968 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:16.166066885 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:16.166362047 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:16.166404963 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:16.166444063 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:16.166454077 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:16.168329000 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:16.168329000 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:16.168356895 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.443506002 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.496362925 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.515273094 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.515284061 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.516554117 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.516571999 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.516628981 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.519543886 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.519618034 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.520199060 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.520210981 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.528403997 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.540128946 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.540142059 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.541594982 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.541660070 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.548871040 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.549017906 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.565527916 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.592192888 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.592205048 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.642268896 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.889331102 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.889432907 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.889657974 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.891989946 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.891989946 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:18.892013073 CET	443	49737	34.203.62.184	192.168.2.4
Mar 7, 2025 21:08:18.892118931 CET	49737	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:08:19.163081884 CET	49680	443	192.168.2.4	204.79.197.222
Mar 7, 2025 21:08:20.210421085 CET	49741	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:20.210469007 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:20.210617065 CET	49741	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:20.214744091 CET	49741	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:20.214761019 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:22.353010893 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:22.353400946 CET	49741	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:22.353419065 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:22.353782892 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:22.354319096 CET	49741	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:22.354387999 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:22.406989098 CET	49741	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:32.457256079 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:32.457321882 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:32.458461046 CET	49741	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:34.283729076 CET	49741	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:08:34.283751011 CET	443	49741	142.250.185.68	192.168.2.4
Mar 7, 2025 21:08:47.329473972 CET	49733	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:47.334618092 CET	80	49733	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:51.017230034 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:51.022445917 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:51.588890076 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:08:51.588908911 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:08:55.267328024 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:55.267355919 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:55.376549959 CET	49735	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:08:55.376568079 CET	443	49735	104.21.9.149	192.168.2.4
Mar 7, 2025 21:08:59.447170973 CET	61513	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:59.452239990 CET	53	61513	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:59.452312946 CET	61513	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:59.457499981 CET	53	61513	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:59.938986063 CET	61513	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:59.944734097 CET	53	61513	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:59.944818020 CET	61513	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:09:00.064929008 CET	61515	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:09:00.064976931 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:00.065083981 CET	61515	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:09:00.065459013 CET	61515	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:09:00.065475941 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:00.892018080 CET	49736	443	192.168.2.4	72.52.178.23
Mar 7, 2025 21:09:00.892049074 CET	443	49736	72.52.178.23	192.168.2.4
Mar 7, 2025 21:09:01.814127922 CET	49729	80	192.168.2.4	142.250.186.163
Mar 7, 2025 21:09:01.819551945 CET	80	49729	142.250.186.163	192.168.2.4
Mar 7, 2025 21:09:01.819613934 CET	49729	80	192.168.2.4	142.250.186.163
Mar 7, 2025 21:09:02.073704958 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:02.074063063 CET	61515	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:09:02.074079037 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:02.074451923 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:02.074911118 CET	61515	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:09:02.074970961 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:02.126430035 CET	61515	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:09:03.595148087 CET	49738	443	192.168.2.4	34.203.62.184
Mar 7, 2025 21:09:03.595187902 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:09:04.284730911 CET	49733	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:09:04.290216923 CET	80	49733	69.16.230.226	192.168.2.4
Mar 7, 2025 21:09:04.290329933 CET	49733	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:09:06.283659935 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:09:06.283821106 CET	443	49731	69.16.230.226	192.168.2.4
Mar 7, 2025 21:09:06.284143925 CET	49731	443	192.168.2.4	69.16.230.226
Mar 7, 2025 21:09:10.283700943 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:09:10.283911943 CET	443	49734	104.21.9.149	192.168.2.4
Mar 7, 2025 21:09:10.283999920 CET	49734	443	192.168.2.4	104.21.9.149
Mar 7, 2025 21:09:11.016155005 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:09:11.016343117 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:09:11.740648985 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:11.740720987 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:11.740782022 CET	61515	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:09:12.285897970 CET	49732	80	192.168.2.4	69.16.230.226
Mar 7, 2025 21:09:12.285948992 CET	61515	443	192.168.2.4	142.250.185.68
Mar 7, 2025 21:09:12.285969973 CET	443	61515	142.250.185.68	192.168.2.4
Mar 7, 2025 21:09:12.296545029 CET	80	49732	69.16.230.226	192.168.2.4
Mar 7, 2025 21:09:18.533885956 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:09:18.533991098 CET	443	49738	34.203.62.184	192.168.2.4
Mar 7, 2025 21:09:18.534044027 CET	49738	443	192.168.2.4	34.203.62.184

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 7, 2025 21:07:56.272496939 CET	53	62347	1.1.1.1	192.168.2.4
Mar 7, 2025 21:07:56.298234940 CET	53	59421	1.1.1.1	192.168.2.4
Mar 7, 2025 21:07:59.787405014 CET	53	61291	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:00.001705885 CET	65392	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:00.001847029 CET	51343	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:00.009027004 CET	53	51343	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:00.009311914 CET	53	65392	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:02.088128090 CET	62061	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:02.088309050 CET	61288	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:02.120743990 CET	53014	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:02.120894909 CET	53079	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:02.247893095 CET	53	53014	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:02.260430098 CET	53	53079	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:02.313774109 CET	53	61288	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:02.315615892 CET	53	62061	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:06.098630905 CET	63781	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:06.098792076 CET	53111	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:06.121510983 CET	53	63781	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:06.122791052 CET	53	53111	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:10.372406960 CET	53662	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:10.372606993 CET	57109	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:10.491089106 CET	53	57109	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:10.588526964 CET	53	53662	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:16.127156019 CET	63466	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:16.127391100 CET	57855	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:16.158494949 CET	53	63466	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:16.164175034 CET	53	57855	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:16.901571035 CET	53	54000	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:18.896267891 CET	62604	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:18.896677017 CET	57236	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:18.903960943 CET	53	62604	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:18.905154943 CET	53	57236	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:18.905805111 CET	62327	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:18.913218975 CET	53	62327	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:18.922822952 CET	53670	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:18.923321962 CET	53233	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:18.930670977 CET	53	53670	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:18.930825949 CET	53	53233	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:18.967088938 CET	57705	53	192.168.2.4	8.8.8.8
Mar 7, 2025 21:08:18.967514992 CET	64893	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:18.974236965 CET	53	57705	8.8.8.8	192.168.2.4
Mar 7, 2025 21:08:18.974489927 CET	53	64893	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:19.985541105 CET	64919	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:19.987443924 CET	58988	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:19.993434906 CET	53	64919	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:19.995290041 CET	53	58988	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:25.058810949 CET	60584	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:25.059041977 CET	59291	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:25.066536903 CET	53	60584	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:25.067341089 CET	53	59291	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:25.070883989 CET	53666	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:25.080611944 CET	53	53666	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:32.195198059 CET	59424	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:32.197593927 CET	64746	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:32.203301907 CET	53	59424	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:32.204956055 CET	53	64746	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:32.205897093 CET	53248	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:32.213481903 CET	53	53248	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:32.216393948 CET	62777	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:32.217066050 CET	58693	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:32.224474907 CET	53	58693	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:32.224482059 CET	53	62777	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:32.241574049 CET	53780	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:32.242228985 CET	62183	53	192.168.2.4	8.8.8.8
Mar 7, 2025 21:08:32.248862028 CET	53	53780	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:32.249444962 CET	53	62183	8.8.8.8	192.168.2.4
Mar 7, 2025 21:08:35.728890896 CET	53	53962	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:43.127780914 CET	58696	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:43.127943993 CET	65289	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:43.135688066 CET	53	58696	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:43.135699034 CET	53	65289	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:43.140742064 CET	60131	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:43.149034977 CET	53	60131	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:43.177839994 CET	63875	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:08:43.178572893 CET	63587	53	192.168.2.4	8.8.8.8
Mar 7, 2025 21:08:43.185074091 CET	53	63875	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:43.187329054 CET	53	63587	8.8.8.8	192.168.2.4
Mar 7, 2025 21:08:47.945336103 CET	138	138	192.168.2.4	192.168.2.255
Mar 7, 2025 21:08:55.638665915 CET	53	63111	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:58.681940079 CET	53	49371	1.1.1.1	192.168.2.4
Mar 7, 2025 21:08:59.446752071 CET	53	54829	1.1.1.1	192.168.2.4
Mar 7, 2025 21:09:00.542463064 CET	53	57880	1.1.1.1	192.168.2.4
Mar 7, 2025 21:09:07.580430031 CET	61630	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:09:07.580573082 CET	59056	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:09:07.587902069 CET	53	61630	1.1.1.1	192.168.2.4
Mar 7, 2025 21:09:07.588289976 CET	53	59056	1.1.1.1	192.168.2.4
Mar 7, 2025 21:09:07.588908911 CET	50574	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:09:07.596240997 CET	53	50574	1.1.1.1	192.168.2.4
Mar 7, 2025 21:09:07.617563009 CET	64674	53	192.168.2.4	1.1.1.1
Mar 7, 2025 21:09:07.617811918 CET	55041	53	192.168.2.4	8.8.8.8
Mar 7, 2025 21:09:07.625022888 CET	53	64674	1.1.1.1	192.168.2.4
Mar 7, 2025 21:09:07.625072956 CET	53	55041	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 7, 2025 21:08:00.001705885 CET	192.168.2.4	1.1.1.1	0x23c7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:00.001847029 CET	192.168.2.4	1.1.1.1	0x45fc	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:02.088128090 CET	192.168.2.4	1.1.1.1	0xf0e3	Standard query (0)	questdagnostics.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:02.088309050 CET	192.168.2.4	1.1.1.1	0x37a6	Standard query (0)	questdagnostics.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:02.120743990 CET	192.168.2.4	1.1.1.1	0xf4f8	Standard query (0)	questdagnostics.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:02.120894909 CET	192.168.2.4	1.1.1.1	0xe0f4	Standard query (0)	questdagnostics.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:06.098630905 CET	192.168.2.4	1.1.1.1	0x6983	Standard query (0)	qanonasp.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:06.098792076 CET	192.168.2.4	1.1.1.1	0x757d	Standard query (0)	qanonasp.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:10.372406960 CET	192.168.2.4	1.1.1.1	0x3052	Standard query (0)	bforldonate.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:10.372606993 CET	192.168.2.4	1.1.1.1	0x9f97	Standard query (0)	bforldonate.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:16.127156019 CET	192.168.2.4	1.1.1.1	0x9a6f	Standard query (0)	pollu-qmx.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:16.127391100 CET	192.168.2.4	1.1.1.1	0xa94b	Standard query (0)	pollu-qmx.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:18.896267891 CET	192.168.2.4	1.1.1.1	0x2008	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:18.896677017 CET	192.168.2.4	1.1.1.1	0xd06c	Standard query (0)	beowu-fye.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:18.905805111 CET	192.168.2.4	1.1.1.1	0xcdf4	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:18.922822952 CET	192.168.2.4	1.1.1.1	0xcc02	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:18.923321962 CET	192.168.2.4	1.1.1.1	0xac20	Standard query (0)	beowu-fye.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:18.967088938 CET	192.168.2.4	8.8.8.8	0x8873	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:18.967514992 CET	192.168.2.4	1.1.1.1	0xd5f8	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:19.985541105 CET	192.168.2.4	1.1.1.1	0xa430	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:19.987443924 CET	192.168.2.4	1.1.1.1	0x534	Standard query (0)	beowu-fye.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:25.058810949 CET	192.168.2.4	1.1.1.1	0x194c	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:25.059041977 CET	192.168.2.4	1.1.1.1	0x5aa2	Standard query (0)	beowu-fye.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:25.070883989 CET	192.168.2.4	1.1.1.1	0xfb3	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:32.195198059 CET	192.168.2.4	1.1.1.1	0xfcb0	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:32.197593927 CET	192.168.2.4	1.1.1.1	0x74ec	Standard query (0)	beowu-fye.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:32.205897093 CET	192.168.2.4	1.1.1.1	0xdc8a	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:32.216393948 CET	192.168.2.4	1.1.1.1	0xed2a	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:32.217066050 CET	192.168.2.4	1.1.1.1	0xdb24	Standard query (0)	beowu-fye.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:32.241574049 CET	192.168.2.4	1.1.1.1	0xa71b	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:32.242228985 CET	192.168.2.4	8.8.8.8	0x97f2	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:43.127780914 CET	192.168.2.4	1.1.1.1	0x9d3e	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:43.127943993 CET	192.168.2.4	1.1.1.1	0x88d2	Standard query (0)	beowu-fye.com	65	IN (0x0001)	false
Mar 7, 2025 21:08:43.140742064 CET	192.168.2.4	1.1.1.1	0xf9c2	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:43.177839994 CET	192.168.2.4	1.1.1.1	0x9985	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:43.178572893 CET	192.168.2.4	8.8.8.8	0xb024	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:09:07.580430031 CET	192.168.2.4	1.1.1.1	0x8c36	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:09:07.580573082 CET	192.168.2.4	1.1.1.1	0x9586	Standard query (0)	beowu-fye.com	65	IN (0x0001)	false
Mar 7, 2025 21:09:07.588908911 CET	192.168.2.4	1.1.1.1	0x763	Standard query (0)	beowu-fye.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:09:07.617563009 CET	192.168.2.4	1.1.1.1	0x7cd3	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:09:07.617811918 CET	192.168.2.4	8.8.8.8	0xa59	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 7, 2025 21:08:00.009027004 CET	1.1.1.1	192.168.2.4	0x45fc	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 7, 2025 21:08:00.009311914 CET	1.1.1.1	192.168.2.4	0x23c7	No error (0)	www.google.com	142.250.185.68	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:02.247893095 CET	1.1.1.1	192.168.2.4	0xf4f8	No error (0)	questdagnostics.com	69.16.230.226	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:02.315615892 CET	1.1.1.1	192.168.2.4	0xf0e3	No error (0)	questdagnostics.com	69.16.230.226	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:06.121510983 CET	1.1.1.1	192.168.2.4	0x6983	No error (0)	qanonasp.com	104.21.9.149	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:06.121510983 CET	1.1.1.1	192.168.2.4	0x6983	No error (0)	qanonasp.com	172.67.160.49	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:06.122791052 CET	1.1.1.1	192.168.2.4	0x757d	No error (0)	qanonasp.com		65	IN (0x0001)	false
Mar 7, 2025 21:08:10.588526964 CET	1.1.1.1	192.168.2.4	0x3052	No error (0)	bforldonate.com	72.52.178.23	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:16.158494949 CET	1.1.1.1	192.168.2.4	0x9a6f	No error (0)	pollu-qmx.com	34.203.62.184	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:16.158494949 CET	1.1.1.1	192.168.2.4	0x9a6f	No error (0)	pollu-qmx.com	3.95.111.48	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:18.974236965 CET	8.8.8.8	192.168.2.4	0x8873	No error (0)	google.com	142.251.36.46	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:18.974489927 CET	1.1.1.1	192.168.2.4	0xd5f8	No error (0)	google.com	142.250.185.78	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:32.248862028 CET	1.1.1.1	192.168.2.4	0xa71b	No error (0)	google.com	142.250.185.206	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:32.249444962 CET	8.8.8.8	192.168.2.4	0x97f2	No error (0)	google.com	142.251.36.46	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:43.185074091 CET	1.1.1.1	192.168.2.4	0x9985	No error (0)	google.com	142.250.184.238	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:08:43.187329054 CET	8.8.8.8	192.168.2.4	0xb024	No error (0)	google.com	142.251.36.46	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:09:07.625022888 CET	1.1.1.1	192.168.2.4	0x7cd3	No error (0)	google.com	142.250.186.78	A (IP address)	IN (0x0001)	false
Mar 7, 2025 21:09:07.625072956 CET	8.8.8.8	192.168.2.4	0xa59	No error (0)	google.com	142.251.36.46	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bforldonate.com

pollu-qmx.com

c.pki.goog

questdagnostics.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49729	142.250.186.163	80

Timestamp	Bytes transferred	Direction	Data
Mar 7, 2025 21:08:00.354732037 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 7, 2025 21:08:00.994168997 CET	222	IN	HTTP/1.1 304 Not Modified Date: Fri, 07 Mar 2025 20:00:47 GMT Expires: Fri, 07 Mar 2025 20:50:47 GMT Age: 433 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 7, 2025 21:08:00.999917984 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 7, 2025 21:08:01.184288025 CET	222	IN	HTTP/1.1 304 Not Modified Date: Fri, 07 Mar 2025 20:00:47 GMT Expires: Fri, 07 Mar 2025 20:50:47 GMT Age: 434 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	69.16.230.226	80	6196	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 7, 2025 21:08:05.099705935 CET	438	OUT	GET /bill HTTP/1.1 Host: questdagnostics.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 7, 2025 21:08:05.721890926 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 07 Mar 2025 20:08:05 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip Data Raw: 37 65 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 59 c9 8e e3 46 12 3d f7 7c 45 b9 00 37 da 30 c6 2d ee 24 5c 35 03 52 dc 37 89 bb c4 1b 97 14 17 71 5f 24 92 83 f9 f7 49 55 bb c7 36 30 98 a3 4f 3a 90 cc 25 5e 44 64 2a 48 3d bc 7c cb a7 ba fa c7 df 3e bd e5 20 4a e1 f3 d3 db 98 0c 45 37 3d 9a 9f 6e d1 f0 72 69 87 7b 34 a4 45 93 79 43 f5 f2 fe f2 fa b5 8b 32 f0 35 6e e7 26 59 7f e9 f2 ee 9f 9f e3 2e 02 ef 52 9c 4b 23 25 4b eb b0 90 4c 3c df c6 68 ec 92 c1 76 e8 ca 00 fa 82 ad 1c 9a c6 ea f5 be 82 1c d4 d4 bc 21 7a 37 d8 bb 53 f2 23 2a 86 fe 9c 72 20 b1 f1 43 b8 a4 a5 24 d5 cc 1a f5 55 bb a4 24 d7 f7 a5 d4 2f 15 7e a4 a7 db b0 ea 89 57 42 7b ee 72 a0 c2 69 42 6e 99 ac 3b 05 7f 6a 2c 9f e6 15 5e 6c 7e 44 39 8b ce e1 9d a8 c4 5b 5c 6a 1d b0 aa 91 39 c1 01 9d bd f2 ee 2d 44 c6 20 c0 10 01 87 4e 26 78 d5 f0 8a 8d 64 dd 28 67 8f 88 c4 8c 17 04 9d 36 fd 54 b1 4e 45 2a 2c c4 8d 81 26 85 c3 a0 7a 34 5a 10 61 19 86 06 76 3d 2b fd c5 87 48 a3 a4 98 ba 27 7d 83 ed eb 7a ec 41 e1 91 2a 84 d4 e2 8e 42 91 96 3a 3e 52 [TRUNCATED] Data Ascii: 7eaYF=\|E70-$\5R7q_$IU60O:%^DdH=\|> JE7=nri{4EyC25n&Y.RK#%KL<hv!z7S#r C$U$/~WB{riBn;j,^l~D9[\j9-D N&xd(g6TNE,&z4Zav=+H'}zAB:>Rp(Rr7I$=#,14;;Duw}g)i~5,n!XY}OIHt8$wHSrgddz2>UgIM[@nWsHea VW=izUt;0_'{MXweQ~X1<jWJFQB/ux4z94eZB>_SagJ'0ONVw<ID-i;8Wl6TxX3^{qlhQ6g,#{4!dFm8Z)4V\|kKBS53WQ"hCb^@dF^7:xHe,#uSa{fr%ba{vf.V'OEz;n;wjQMCIFaWasAX,9Dj.qTF<XU,g>_pj!%lk=dL2J-uBV`.i\)Prc6nPM)d;;?;3;>iV4JFc5~]3C9zTCmrAkPV [TRUNCATED]
Mar 7, 2025 21:08:05.721906900 CET	991	IN	Data Raw: 52 13 ee b5 b1 cb 51 42 be 1c b1 7d 78 f1 99 a0 3a f9 13 83 34 f5 60 91 11 90 3b 59 e5 90 d4 38 f0 1d 31 78 7d cd a6 41 8d 84 79 67 15 09 97 f9 63 1f 9b 49 19 60 a0 da 1f ef 29 0f 18 58 75 5c dd 8e 9e c2 a4 87 49 30 18 b1 3d 73 51 61 8a c7 5c cd Data Ascii: RQB}x:4`;Y81x}AygcI`)Xu\I0=sQa\pvF\%yeAj^%<nbfr1>sf(k+0Cpx!eZ]N7w</8sQP*TAJ8-Ic@0P4k`>k;b9C-\H"pNk
Mar 7, 2025 21:08:05.873442888 CET	2671	OUT	GET /page/bouncy.php?&bpae=GbhGs7HGyrx69buvsaspcrRS8lMeLx3yB2dbJkwyehem7uz1LprR0Xc%2FZVudBecR4OZxdjGGm9yaqloxd6BqqjGqxl4P8tvryLcUj%2FBfO7Ztt1vgHLSiDXnQV8DIDFn%2BQ8h%2B5lFvbjKpeQls9X%2BLAkDTvZ1sWW31E4%2Ft%2Fm%2FbMcyz7SC1F5u4i58dnqtlASl6IA%2BsWKGZrrJU82i5ZjZZM3kYIqfV%2FMj79mq6VMAqmmsqeiU6J%2BmF0721o7Pj%2FDWeOjWTmD%2B1juvnp%2FuNzqpIwFzV9cxQBFEcd8S7TYifPAxxWreir48Lm9MKRgXRdPX5qYu2T06H3slRw9sONGKVlsXCA4Q1J%2B3pWFOT9yVUGetw886eSG8WxSOHwKE6BCTlaJ7QWSErXcv%2FmY448I1zUH8sUg5M7FnvS2V2TIlnDgfGJdMNUy7WHzcW8onTEFh25cwjiQoSrFlkLZDrGu8FmyIL%2Be80VOrs5DjotT4cFULUrQbJxR8%2FwIxJocNmUqC9mEFmH4O8%2FsKk4k6aqPHqniLi8bASDAq%2Fwb94yem2kN82YhBJXrwsh2ALlVfYjjlyS5KLM3RYkWXiRg%2Fp6G5dGXDAe%2BUHcyeKNBIhpmutG5mFM3Xx3P0%2BjWAdBhR%2FXJHMe%2B9nLiFCTnS8rYq6AZQ7RBN%2Bgg69RkqU85E4QkR3H9EZRR5kb42%2FKgIsd8DXKA8IVTpoQle%2BG2Rowb7%2Br6uBm6aiea%2FDVrld3UW8R3GRPxnHyzM8IVshlkSxAWUfaHDHB9WQMdTd6jugr0pjCM6DjntTGcB0cFjz35sdVnLICqAu9fQpEYXJQ6oLbdj0Ie%2FIBrrVl6wW0TrCwi0%2B29wVJnn5smLBEg66avkC1AYkRMst%2BWZixJJKSG20V3cJCbDQgEJcUyT5PIs4g7JseN3hys4kLpQS0ZLVDiB [TRUNCATED] Host: questdagnostics.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://questdagnostics.com/bill Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 7, 2025 21:08:06.016077995 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 07 Mar 2025 20:08:05 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip Data Raw: 36 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 98 d9 ae a3 3a 16 86 af ab 9f 22 bd 2f 4a 75 74 44 ed 10 e6 3e 7b 77 8b 90 10 08 81 84 00 61 b8 41 0c 66 08 83 99 87 b4 fa dd 3b 3b 55 d5 55 47 3a ea 27 c8 95 6d 2d fb f7 b2 0d fa f5 ad b7 a4 2b f2 7f fe ed d3 5b 02 bc f0 de 7e 7a 6b 83 26 ad ba 8f ee a7 c1 6b 16 11 6c 46 af 09 d3 32 36 9a 7c f1 be 78 49 ba ae 6a ff f1 fa 5a 7b 25 2c bd b6 fa 1a c0 e2 d5 d3 5e 23 00 c2 20 4f 83 ec 5f ed 7b a5 12 1b 11 a7 56 eb 3d c9 71 e8 fe 14 58 04 cd ac 15 61 e8 3b 32 14 42 77 cf 62 2b 1e 3b 57 eb 24 08 6c 33 bd 5c 19 cc 93 29 83 23 13 53 04 7a ec 91 62 c6 f9 31 d5 4a db c1 16 d6 d6 f1 e4 36 07 07 d4 be 73 f0 3a c6 49 1a 23 ac 5d 08 c5 2b 68 4e 67 8f c5 d5 9a ef 89 44 cd 97 13 c7 00 c2 00 d3 d9 56 56 a3 d7 5d 5c de d6 a5 78 70 a9 e4 8a e2 a4 26 cb 1c 35 4b 49 17 67 1a 6d 7b e7 f3 be 12 60 24 1c 3c c0 ce c4 26 8e 8e e7 82 5a 42 83 25 4f 80 ea 2d a2 d6 7c 4a 27 33 50 ce 5e 6a a7 67 73 ef 6b 71 39 10 dc 61 23 e8 2b 65 3d e0 f2 d5 12 83 ae ca 9c 8c 89 80 89 83 a5 39 53 [TRUNCATED] Data Ascii: 619:"/JutD>{waAf;;UUG:'m-+[~zk&klF26\|xIjZ{%,^# O_{V=qXa;2Bwb+;W$l3\)#Szb1J6s:I#]+hNgDVV]\xp&5KIgm{`$<&ZB%O-\|J'3P^jgskq9a#+e=9Sm3xv;;CF[?=AW3uitF_Myevp{]f{TTgdntA/xUGAW#F<m.`}}uF~<:F8g%[0,,eMLrQfcw$bh<K[)Gl!w6;_l1h\7<59BvDlK\!R1Qqrlg}'$oK44PgqH=GDA$570quV:[TE&4Sp/#Acj\L0P!62UD$F5+ctSCj`1Gi%gV(R_T%Z^S\bis!$5{x[@P!?:?=qh6[B6p0eiyt\|r@sI<p27Jv1:'^Yc:"e+c;=.:7Z~(2;U:y\_(WVd [TRUNCATED]
Mar 7, 2025 21:08:06.016088963 CET	526	IN	Data Raw: f5 55 8a 36 67 d2 2b 79 26 81 38 77 83 2d bd 5f 5e 6d 43 5c 7a 9c a5 74 8c 38 f1 a1 99 dc 62 46 4a 4a 42 46 9d d2 74 b5 26 98 78 73 99 b3 e7 ec 88 09 15 7a 22 ed e4 d8 18 ae cd 67 0d 70 46 60 58 b1 15 9d 4b 76 43 ce b4 c9 62 e2 2a 3d 3b 62 ae b1 Data Ascii: U6g+y&8w-_^mC\zt8bFJJBFt&xsz"gpF`XKvCb*=;b+ml2Em(Ay&%bDvNRmN5AfGBkZ1!1"cJw\N-LnzDi;{Lv{@X6nh7BOL
Mar 7, 2025 21:08:51.017230034 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49733	69.16.230.226	80	6196	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 7, 2025 21:08:47.329473972 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	34.203.62.184	443	6196	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-07 20:08:18 UTC	817	OUT	GET /zclkvisitor/e713bbe0-fb8f-11ef-8fa5-121569b2ce89/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=37c7ea50-c695-11ef-8079-0affcf01680d HTTP/1.1 Host: pollu-qmx.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://bforldonate.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-07 20:08:18 UTC	407	IN	HTTP/1.1 302 Date: Fri, 07 Mar 2025 20:08:18 GMT Content-Length: 0 Connection: close Cache-Control: no-store, no-cache, pre-check=0, post-check=0 content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Headers: X-Requested-With,Content-Type Location: http://beowu-fye.com

Target ID:	5
Start time:	15:07:48
Start date:	07/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	15:07:54
Start date:	07/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2328,i,16787605200765446010,11188688182140596869,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2356 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	15:08:00
Start date:	07/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://questdagnostics.com/bill"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://questdagnostics.com/bill

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\Filtering Rules

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\LICENSE.txt

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\manifest.fingerprint

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2328_1334803548\manifest.json

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2328, Parent PID: 6076

General

Chronological Activities

Analysis Process: chrome.exePID: 6196, Parent PID: 2328

Windows Analysis Report
http://questdagnostics.com/bill