Edit tour

Windows Analysis Report
https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA

Overview

General Information

Sample URL:	https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA
Analysis ID:	1271632
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2016 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1740,i,13977009374011620039,6654646004780917911,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6540 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg

Source: classification engine

Classification label: clean0.win@24/6@4/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1740,i,13977009374011620039,6654646004780917911,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1740,i,13977009374011620039,6654646004780917911,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA	0%	Virustotal		Browse
https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://worthintl.omeclk.com/portal/ImageServlet?envId=12269&typeId=3	0%	Avira URL Cloud	safe
https://worthintl.omeclk.com/portal/includes/omeda_style.css	0%	Avira URL Cloud	safe
https://worthintl.omeclk.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
worthintl.omeclk.com	205.162.42.171	true	false	unknown
accounts.google.com	142.251.36.237	true	false	high
www.google.com	172.217.16.164	true	false	high
clients.l.google.com	172.217.16.174	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA	false		unknown
https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA	false		unknown
https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA	false		unknown
https://worthintl.omeclk.com/portal/ImageServlet?envId=12269&typeId=3	false	Avira URL Cloud: safe	unknown
https://worthintl.omeclk.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://worthintl.omeclk.com/portal/includes/omeda_style.css	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.36.237	accounts.google.com	United States	15169	GOOGLEUS	false
205.162.42.171	worthintl.omeclk.com	United States	53866	QTS-ASUS	false
172.217.16.174	clients.l.google.com	United States	15169	GOOGLEUS	false
172.217.16.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1271632
Start date and time:	2023-07-12 12:21:21 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@24/6@4/6
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.163, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15086
Entropy (8bit):	3.628946365336269
Encrypted:	false
SSDEEP:	96:jphk5MxdIvL9tfjiPii7047N52aFX3QUU0fCi1Ytf6gtI05VLsQQk:j47riPiiQ47PtFXpSwYtfZv4QQk
MD5:	B2A45EA0E3AD58C0D2130C9BBA784FE4
SHA1:	1C7EDF3DBA14BA5784591AE91BF049A876C5B05B
SHA-256:	61A453DDC975D384C6059ACDCC4776C0BECBF841889794C3B659C14D2550D3FA
SHA-512:	F0D40652FA158898C216BA87440FE18BF57BBF2A52B5EDC83E34D815F650EF7B77384DA920B5A6F3B86694EF69DB34E3A7CDD3B6BB291CCCCC14E55BBEFECDFD
Malicious:	false
Reputation:	low
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$..................................................................................r./.yH.$yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.[yH.$r./.........................................................................................................................yH..yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.[..................................................................................................................7.yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.4..........7...7.............................................................................................yH.4yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH...............Ki.K..K-................................................................................r./.yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.oyH.oyH..yH..yH..yH..yH..yH.4.........K..

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	41127
Entropy (8bit):	5.2437675340952925
Encrypted:	false
SSDEEP:	768:RyqkjrebtlPjh1SKvFOFNFlF4NUmYKgnyT7t8bF2EM9yT/freMtDe:RyqDbttjh1SKvAHvONUmYKgnyT7t4k9z
MD5:	B43F541D27A65EACDEADC3E6937411E6
SHA1:	4D55B02941976365936674910D666DD23E2A4DF6
SHA-256:	E3C7608FC8AFEFA437451058461D49DF5B97DAC0C76D71FBAF9EF08943ABBF3A
SHA-512:	AB7A6853F77B489A53121F0AC290C1D81DD9C3018EEEA92F095159DD79E3E778E3DC9FDFAEFBCDDEF9A7863484168F1BA3F95566AE09B89FCBCBFF975ED284DB
Malicious:	false
Reputation:	low
URL:	https://worthintl.omeclk.com/portal/includes/omeda_style.css
Preview:	:root {. --font-family-var: 'OpenSans-Light', 'Open Sans Light', 'Open Sans', Arial, Helvetica, sans-serif;.}..body {..font-family: Arial, Helvetica, sans-serif; ..color: black; ..background-color: white; ./* .font-size: 1.4em; /..margin: 0px;..padding: 0px;.}..td {..font-family: Arial, Helvetica, sans-serif; ..color: black; .}..p {...font-size : 13px; .}..a {...font-family : var(--font-family-var);..color:#2b54ac;...font-size : 11px;..text-decoration:none;.}..a:hover {...text-decoration : underline;..color: #2b54ac; .}..a:visited {...color: #2b54ac; .}..form {...margin: 0px;.}..body {..margin:0px ; ..padding:0px;.}..a, img, span, div, table, ul, tr, td, textarea, form { ..margin:0px;padding:0px .}..img { ..border: 0; .}..input, select, textarea { ..font-family: Tahoma;..font-size: 11px; ..font-weight:normal ;.}..input, textarea {..padding-left: 5px;..padding-right: 5px;..padding-top: 3px;..padding-bottom: 3px;.}...label {..vertical-align: text-top;.}./OPS-68307/.#topnav-brandpi

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Macintosh, datetime=2014:06:05 15:15:58], baseline, precision 8, 500x218, components 3
Category:	downloaded
Size (bytes):	43645
Entropy (8bit):	7.2454459618781595
Encrypted:	false
SSDEEP:	384:laeBkOaihyeBkOGnvPTnzfNmh8YNg7P5R3qlEYBzxt5iL6lf2CO82q1bMTtv+wHt:laeBUeyeBYTYyFROtceRa8zbMJzr
MD5:	04FB623CEDC1BCCF77381CAB620E8B3F
SHA1:	AD21F8B94B61A1B99725F056D86292FE638C7E03
SHA-256:	27BA4DC6403B92238C549E9EE621FCC1464F0602B47F5CE94C1739429F374DAF
SHA-512:	5622AD6DB13DA8C3015E7637AE911BBE57BCACC1E050A96DE946681EE0FBE01690982F333B82EC73D2714E850A3DDA8394521A4B85FA849CFD12F0BA8EF5490B
Malicious:	false
Reputation:	low
URL:	https://worthintl.omeclk.com/portal/ImageServlet?envId=12269&typeId=3
Preview:	.....GExif..MM..............................b...........j.(...........1..... ...r.2...........i....................'.......'.Adobe Photoshop CS5.1 Macintosh.2014:06:05 15:15:58........................................................................"............(.....................2...................H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................F...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.s........A..CJ.q:.u,..{......>..Y..?sv$..Is..z......k.pw.X5.B....nG.....]U.s.......?g..S..:.[.g.~-.kl..=..ZYc.my.W....]c.....q%..s....{.S...Kr.=

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Macintosh, datetime=2014:06:05 15:15:58], baseline, precision 8, 500x218, components 3
Category:	dropped
Size (bytes):	43645
Entropy (8bit):	7.2454459618781595
Encrypted:	false
SSDEEP:	384:laeBkOaihyeBkOGnvPTnzfNmh8YNg7P5R3qlEYBzxt5iL6lf2CO82q1bMTtv+wHt:laeBUeyeBYTYyFROtceRa8zbMJzr
MD5:	04FB623CEDC1BCCF77381CAB620E8B3F
SHA1:	AD21F8B94B61A1B99725F056D86292FE638C7E03
SHA-256:	27BA4DC6403B92238C549E9EE621FCC1464F0602B47F5CE94C1739429F374DAF
SHA-512:	5622AD6DB13DA8C3015E7637AE911BBE57BCACC1E050A96DE946681EE0FBE01690982F333B82EC73D2714E850A3DDA8394521A4B85FA849CFD12F0BA8EF5490B
Malicious:	false
Reputation:	low
Preview:	.....GExif..MM..............................b...........j.(...........1..... ...r.2...........i....................'.......'.Adobe Photoshop CS5.1 Macintosh.2014:06:05 15:15:58........................................................................"............(.....................2...................H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................F...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.s........A..CJ.q:.u,..{......>..Y..?sv$..Is..z......k.pw.X5.B....nG.....]U.s.......?g..S..:.[.g.~-.kl..=..ZYc.my.W....]c.....q%..s....{.S...Kr.=

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15086
Entropy (8bit):	3.628946365336269
Encrypted:	false
SSDEEP:	96:jphk5MxdIvL9tfjiPii7047N52aFX3QUU0fCi1Ytf6gtI05VLsQQk:j47riPiiQ47PtFXpSwYtfZv4QQk
MD5:	B2A45EA0E3AD58C0D2130C9BBA784FE4
SHA1:	1C7EDF3DBA14BA5784591AE91BF049A876C5B05B
SHA-256:	61A453DDC975D384C6059ACDCC4776C0BECBF841889794C3B659C14D2550D3FA
SHA-512:	F0D40652FA158898C216BA87440FE18BF57BBF2A52B5EDC83E34D815F650EF7B77384DA920B5A6F3B86694EF69DB34E3A7CDD3B6BB291CCCCC14E55BBEFECDFD
Malicious:	false
Reputation:	low
URL:	https://worthintl.omeclk.com/favicon.ico
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$..................................................................................r./.yH.$yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.[yH.$r./.........................................................................................................................yH..yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.[..................................................................................................................7.yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.4..........7...7.............................................................................................yH.4yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH...............Ki.K..K-................................................................................r./.yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.oyH.oyH..yH..yH..yH..yH..yH.4.........K..

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1056
Entropy (8bit):	5.2255239699751765
Encrypted:	false
SSDEEP:	24:bXMNmlMUjmJNTtM8Vs3EW0y3npe++hl958XlxtXvECiOAlA2:bymXmJM8VyeAU++hD5897iOAu2
MD5:	3AE77D8D11C246D207DE6B3F10D99C37
SHA1:	864833949715D93858D1862E9455701D301747F4
SHA-256:	3B7FA3FF4C228FFFC562ACDC28E3040E7E5D7FF9CA7020893BE333019A9D5D0E
SHA-512:	53812489964B3EFB6B1380EDD83039ED4F2E04CB4C3E81E28B87C99AEFD1C6245A5D6B72D34EDAAACC41FD6ED320D2535AD03885E222DB1BAC55BC8EAB8607F9
Malicious:	false
Reputation:	low
URL:	https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA
Preview:	.. ............................<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">. <head>. <title>Worth International Media Central Database :: Unsubscribe</title>. <meta http-equiv="Pragma" content="no-cache"/>. <meta http-equiv="Expires" content="0"/>. <link rel="stylesheet" type="text/css" href="/portal/includes/omeda_style.css" />. </head>..<body>....<table border="0" cellspacing="0" cellpadding="0" width="100%">.<tr><td align="center" style="padding:20px;text-align:center">.<img src="/portal/ImageServlet?envId=12269&typeId=3" alt="PREVUE DIGITAL EDITION" />.</td></tr>.</table>...<div id="unsubscribe" class="content">..<p style="margin-bottom:25px;font-size:14px;margin-top:10px;font-weight:bold">.<center><b>Your opt-out request has been received and your e-mail (allison.tocman@agshealth.com) will be removed from our e-mail list within 5-7 business days.</

Total Packets: 152
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 12, 2023 12:22:20.317944050 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.318012953 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.318156958 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.318891048 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.318911076 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.335434914 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.335489035 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.335635900 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.335937023 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.335951090 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.438041925 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.438708067 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.438775063 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.439500093 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.439626932 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.440937042 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.441010952 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.443800926 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.447309971 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.447348118 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.449336052 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.449470043 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.769098997 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.769315958 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.770164967 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.770188093 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.770582914 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.770786047 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.771226883 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.771253109 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.809921026 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.826107979 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.826172113 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.826406956 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.826476097 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.861280918 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.861428022 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.861438990 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:20.861500025 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.870012999 CEST	49700	443	192.168.2.3	172.217.16.174
Jul 12, 2023 12:22:20.870049953 CEST	443	49700	172.217.16.174	192.168.2.3
Jul 12, 2023 12:22:20.871850014 CEST	49702	443	192.168.2.3	142.251.36.237
Jul 12, 2023 12:22:20.871897936 CEST	443	49702	142.251.36.237	192.168.2.3
Jul 12, 2023 12:22:22.398293018 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.398356915 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.398458958 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.403791904 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.403827906 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.404974937 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.405045033 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.405586958 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.405586958 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.405661106 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.927846909 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.932084084 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.936556101 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.936602116 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.936980009 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.937010050 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.938074112 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.938179016 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.939225912 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.939455986 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.963726997 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.964008093 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.965712070 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.965744019 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:22.966029882 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:22.967116117 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:23.073265076 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:23.083102942 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:23.083129883 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:23.182435989 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:23.885735035 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:23.885795116 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:23.885921001 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:23.886318922 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:23.886344910 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:23.956166983 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:23.956365108 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:23.956476927 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:23.961921930 CEST	49704	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:23.961961031 CEST	443	49704	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:23.965246916 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:23.985785007 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:23.986481905 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:23.986525059 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:23.988080025 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:23.988279104 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:23.995490074 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:23.995688915 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:24.008286953 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.082317114 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:24.082357883 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:24.136339903 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.136467934 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.136559010 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.137809992 CEST	49705	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.137835979 CEST	443	49705	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.183326960 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:24.462603092 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.462650061 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.462758064 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.466327906 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.466350079 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.477355957 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.477411032 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.477493048 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.477817059 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.477838039 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.717387915 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.726078987 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.753985882 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.754026890 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.754076958 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.754112005 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.754863024 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.755242109 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.756462097 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.756613016 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.756953955 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.757169008 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.757278919 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.757548094 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.800292969 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.804294109 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.963789940 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.963829994 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.963913918 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:24.963939905 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:24.974793911 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.073333025 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.073375940 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.083360910 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.086097002 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.086215973 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.094110012 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.094274044 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.094310999 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.094362020 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.208117008 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.208134890 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.208177090 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.208209038 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.208220005 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.208280087 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.208292961 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.208348036 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.331157923 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.331222057 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.331321955 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.331357002 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.334697962 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.334712982 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.334769964 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.334800005 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.334820032 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.334830046 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.334868908 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.334887028 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.334898949 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.334898949 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.334907055 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.334923983 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.334938049 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.453432083 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.453505039 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.453541040 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.453550100 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.453598976 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.453686953 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.453708887 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.453773975 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.463619947 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.463690996 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.463727951 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.463754892 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.463773012 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.573432922 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.575946093 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.576070070 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.576091051 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.576179028 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.576226950 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.585767031 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.585783005 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.585832119 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.585843086 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.585864067 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.585895061 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.585927010 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.585942030 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.585994005 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.760603905 CEST	49707	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.760648012 CEST	443	49707	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.761260986 CEST	49708	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.761303902 CEST	443	49708	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.982111931 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.982168913 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:25.982271910 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.982546091 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:25.982561111 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.234057903 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.259869099 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.259906054 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.260703087 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.263453960 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.263626099 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.263647079 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.263700962 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.386315107 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.449219942 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.449275017 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.449361086 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.449817896 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.449834108 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.478455067 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.478485107 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.478568077 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.478616953 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.597671032 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.606829882 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.606947899 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.706131935 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.715560913 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.715601921 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.716949940 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.719269037 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.719582081 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.720416069 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.729043961 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.729068995 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.729125023 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.729146004 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.729182959 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.729238987 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.729249954 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.729274035 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.729322910 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.736375093 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.736412048 CEST	443	49709	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.736427069 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.736486912 CEST	49709	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.745178938 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.745232105 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.745316029 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.745981932 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.746001005 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.785337925 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.997646093 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.998027086 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.998061895 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.998640060 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:26.999097109 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.999223948 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:26.999257088 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.081223965 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.081270933 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.081284046 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.081304073 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.081315994 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.081358910 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.081386089 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.081408024 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.081432104 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.081461906 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.205665112 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.205817938 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.242048025 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.242079973 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.242171049 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.242191076 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.242237091 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.329791069 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.329806089 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.329902887 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.330050945 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.330079079 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.330115080 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.330138922 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.364128113 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.364281893 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.454008102 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.454111099 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.454176903 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.454305887 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.454407930 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.455416918 CEST	49711	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.455452919 CEST	443	49711	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.486546040 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.486571074 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.486622095 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.486629963 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.486726999 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:27.486737967 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.486790895 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.487267971 CEST	49713	443	192.168.2.3	205.162.42.171
Jul 12, 2023 12:22:27.487294912 CEST	443	49713	205.162.42.171	192.168.2.3
Jul 12, 2023 12:22:33.990226984 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:33.990359068 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:22:33.990447044 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:37.937858105 CEST	49706	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:22:37.937895060 CEST	443	49706	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:23.852741003 CEST	49716	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:23:23.852804899 CEST	443	49716	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:23.852931023 CEST	49716	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:23:23.854202986 CEST	49716	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:23:23.854218006 CEST	443	49716	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:23.907561064 CEST	443	49716	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:23.908406973 CEST	49716	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:23:23.908427954 CEST	443	49716	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:23.909075975 CEST	443	49716	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:23.910257101 CEST	49716	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:23:23.910365105 CEST	443	49716	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:23.959808111 CEST	49716	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:23:33.946244955 CEST	443	49716	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:33.946356058 CEST	443	49716	172.217.16.164	192.168.2.3
Jul 12, 2023 12:23:33.946573973 CEST	49716	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:23:34.539760113 CEST	49716	443	192.168.2.3	172.217.16.164
Jul 12, 2023 12:23:34.539828062 CEST	443	49716	172.217.16.164	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 12, 2023 12:22:20.288393021 CEST	56924	53	192.168.2.3	8.8.8.8
Jul 12, 2023 12:22:20.288815022 CEST	60625	53	192.168.2.3	8.8.8.8
Jul 12, 2023 12:22:20.309540033 CEST	53	56924	8.8.8.8	192.168.2.3
Jul 12, 2023 12:22:20.332187891 CEST	53	60625	8.8.8.8	192.168.2.3
Jul 12, 2023 12:22:22.320058107 CEST	52955	53	192.168.2.3	8.8.8.8
Jul 12, 2023 12:22:22.388736010 CEST	53	52955	8.8.8.8	192.168.2.3
Jul 12, 2023 12:22:23.796554089 CEST	57134	53	192.168.2.3	8.8.8.8
Jul 12, 2023 12:22:23.838346958 CEST	53	57134	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 12, 2023 12:22:20.288393021 CEST	192.168.2.3	8.8.8.8	0x5177	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Jul 12, 2023 12:22:20.288815022 CEST	192.168.2.3	8.8.8.8	0xcaae	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Jul 12, 2023 12:22:22.320058107 CEST	192.168.2.3	8.8.8.8	0x699a	Standard query (0)	worthintl.omeclk.com	A (IP address)	IN (0x0001)	false
Jul 12, 2023 12:22:23.796554089 CEST	192.168.2.3	8.8.8.8	0xdd94	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 12, 2023 12:22:20.309540033 CEST	8.8.8.8	192.168.2.3	0x5177	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 12, 2023 12:22:20.309540033 CEST	8.8.8.8	192.168.2.3	0x5177	No error (0)	clients.l.google.com		172.217.16.174	A (IP address)	IN (0x0001)	false
Jul 12, 2023 12:22:20.332187891 CEST	8.8.8.8	192.168.2.3	0xcaae	No error (0)	accounts.google.com		142.251.36.237	A (IP address)	IN (0x0001)	false
Jul 12, 2023 12:22:22.388736010 CEST	8.8.8.8	192.168.2.3	0x699a	No error (0)	worthintl.omeclk.com		205.162.42.171	A (IP address)	IN (0x0001)	false
Jul 12, 2023 12:22:23.838346958 CEST	8.8.8.8	192.168.2.3	0xdd94	No error (0)	www.google.com		172.217.16.164	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

worthintl.omeclk.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49702	142.251.36.237	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:20 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
2023-07-12 10:22:20 UTC	0	OUT	Data Raw: 20 Data Ascii:
2023-07-12 10:22:20 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 12 Jul 2023 10:22:20 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'report-sample' 'nonce-3ZhBpIk1vk13wb3ZTUqPEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-07-12 10:22:20 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-07-12 10:22:20 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49700	172.217.16.174	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:20 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.81 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-07-12 10:22:20 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-AnQMF_ciHAQIWvCKk0axDA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 12 Jul 2023 10:22:20 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6036 X-Daystart: 12140 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-07-12 10:22:20 UTC	1	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 30 33 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 32 31 34 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6036" elapsed_seconds="12140"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-07-12 10:22:20 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-07-12 10:22:20 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49704	205.162.42.171	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:22 UTC	4	OUT	GET /portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA HTTP/1.1 Host: worthintl.omeclk.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-07-12 10:22:23 UTC	5	IN	HTTP/1.1 302 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Location: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA Content-Length: 0 Date: Wed, 12 Jul 2023 10:22:23 GMT Server: Apache Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49705	205.162.42.171	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:23 UTC	5	OUT	GET /portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA HTTP/1.1 Host: worthintl.omeclk.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-07-12 10:22:24 UTC	6	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: JSESSIONID=F9044E4B156F08761D177B4C5670BD2B; Path=/portal; Secure; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/html;charset=ISO-8859-1 Content-Language: en-US Transfer-Encoding: chunked Date: Wed, 12 Jul 2023 10:22:23 GMT Server: Apache Connection: close Vary: Accept-Encoding
2023-07-12 10:22:24 UTC	6	IN	Data Raw: 34 32 30 0d 0a 0a 0a 20 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 6f 72 74 68 20 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 4d 65 64 69 61 20 43 65 6e 74 72 61 6c Data Ascii: 420 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Worth International Media Central

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49707	205.162.42.171	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:24 UTC	7	OUT	GET /portal/includes/omeda_style.css HTTP/1.1 Host: worthintl.omeclk.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=F9044E4B156F08761D177B4C5670BD2B
2023-07-12 10:22:24 UTC	8	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes ETag: W/"41127-1568225710000" Last-Modified: Wed, 11 Sep 2019 18:15:10 GMT Content-Type: text/css Content-Length: 41127 Date: Wed, 12 Jul 2023 10:22:24 GMT Server: Apache Connection: close Vary: Accept-Encoding
2023-07-12 10:22:24 UTC	9	IN	Data Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 2d 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 2d 76 61 72 3a 20 27 4f 70 65 6e 53 61 6e 73 2d 4c 69 67 68 74 27 2c 20 27 4f 70 65 6e 20 53 61 6e 73 20 4c 69 67 68 74 27 2c 20 27 4f 70 65 6e 20 53 61 6e 73 27 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 0a 09 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 3b 20 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 20 0a 2f 2a 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 20 20 2a 2f 0a 09 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 Data Ascii: :root { --font-family-var: 'OpenSans-Light', 'Open Sans Light', 'Open Sans', Arial, Helvetica, sans-serif;}body {font-family: Arial, Helvetica, sans-serif; color: black; background-color: white; /* font-size: 1.4em; */margin: 0px;padding
2023-07-12 10:22:25 UTC	12	IN	Data Raw: 65 6e 74 2c 23 68 65 61 64 65 72 20 75 6c 23 70 72 69 6d 61 72 79 20 61 2e 63 75 72 72 65 6e 74 3a 68 6f 76 65 72 20 7b 0a 09 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 62 35 62 61 64 3b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 7d 0a 0a 23 68 65 61 64 65 72 20 75 6c 23 70 72 69 6d 61 72 79 20 61 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 38 30 38 31 38 33 3b 0a 09 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 23 68 65 61 64 65 72 20 75 6c 23 70 72 69 6d 61 72 79 20 61 3a 68 6f 76 65 72 20 7b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 30 65 32 36 36 63 3b 0a 7d 0a 23 68 65 61 64 65 72 20 Data Ascii: ent,#header ul#primary a.current:hover {border-bottom: none;background: #2b5bad;margin-top: 0px;}#header ul#primary a {background: #808183;border-bottom: none;}#header ul#primary a:hover {margin-top: 0px;background: #0e266c;}#header
2023-07-12 10:22:25 UTC	18	IN	Data Raw: 2e 6d 65 6e 75 42 75 74 74 6f 6e 41 63 74 69 76 65 20 7b 0a 09 42 4f 52 44 45 52 2d 4c 45 46 54 2d 43 4f 4c 4f 52 3a 20 23 39 30 39 30 39 30 3b 20 0a 09 4c 45 46 54 3a 20 31 70 78 3b 20 0a 09 42 4f 52 44 45 52 2d 42 4f 54 54 4f 4d 2d 43 4f 4c 4f 52 3a 20 23 66 30 66 30 66 30 3b 20 0a 09 43 4f 4c 4f 52 3a 20 23 66 66 66 66 66 66 3b 20 0a 09 42 4f 52 44 45 52 2d 54 4f 50 2d 43 4f 4c 4f 52 3a 20 23 39 30 39 30 39 30 3b 20 0a 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 3b 0a 09 54 4f 50 3a 20 31 70 78 3b 20 0a 09 42 41 43 4b 47 52 4f 55 4e 44 2d 43 4f 4c 4f 52 3a 20 23 61 30 61 30 61 30 3b 20 0a 09 42 4f 52 44 45 52 2d 52 49 47 48 54 2d 43 4f 4c 4f 52 3a 20 23 66 30 66 30 66 30 3b 0a 7d Data Ascii: .menuButtonActive {BORDER-LEFT-COLOR: #909090; LEFT: 1px; BORDER-BOTTOM-COLOR: #f0f0f0; COLOR: #ffffff; BORDER-TOP-COLOR: #909090; padding-top: 6px;padding-bottom: 4px;TOP: 1px; BACKGROUND-COLOR: #a0a0a0; BORDER-RIGHT-COLOR: #f0f0f0;}
2023-07-12 10:22:25 UTC	24	IN	Data Raw: 7d 0a 0a 23 64 65 70 6c 6f 79 6d 65 6e 74 45 64 69 74 20 2e 77 69 64 67 65 74 20 7b 0a 09 77 69 64 74 68 3a 31 30 30 25 0a 7d 0a 0a 23 63 6c 69 65 6e 74 42 6f 6f 6b 53 65 74 75 70 20 2e 77 69 64 67 65 74 20 7b 0a 09 77 69 64 74 68 3a 36 35 30 70 78 0a 7d 0a 0a 23 63 69 72 63 4d 61 69 6e 74 20 2e 77 69 64 67 65 74 20 7b 0a 09 77 69 64 74 68 3a 31 30 30 25 0a 7d 0a 0a 2e 73 65 61 72 63 68 44 65 74 61 69 6c 73 20 7b 0a 09 77 69 64 74 68 3a 20 34 35 30 70 78 3b 0a 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 65 64 65 64 65 3b 09 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c Data Ascii: }#deploymentEdit .widget {width:100%}#clientBookSetup .widget {width:650px}#circMaint .widget {width:100%}.searchDetails {width: 450px;border: 1px solid #dedede;margin-top: 10px;margin-bottom: 25px;padding: 10px;text-align: l
2023-07-12 10:22:25 UTC	27	IN	Data Raw: 6c 6f 72 3a 20 23 35 33 36 34 37 61 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 37 65 65 66 38 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 0a 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 35 70 78 3b 09 0a 09 66 6f 6e 74 2d 73 69 7a 65 20 3a 20 31 31 70 78 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 0a 2e 74 62 6c 43 6f 6c 48 65 61 64 4c 65 66 74 20 7b 0a 09 77 69 64 74 68 3a 32 30 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 35 70 78 3b 0a 09 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 Data Ascii: lor: #53647a;background-color: #e7eef8;text-align:left;padding-top:3px;padding-bottom:3px;padding-right:10px;padding-left: 5px;font-size : 11px;font-weight: bold;}.tblColHeadLeft {width:200px;padding:5px;border-left: 1px solid #d
2023-07-12 10:22:25 UTC	54	IN	Data Raw: 6c 6c 42 6f 72 64 65 72 52 69 67 68 74 42 6f 74 74 6f 6d 7b 20 0a 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 31 30 70 78 3b 0a 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 35 70 78 3b 0a 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 31 30 70 78 3b 0a 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 32 70 78 3b 0a 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 3b 0a 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 20 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 41 37 42 31 41 36 3b 0a 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 30 70 78 3b 0a 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a Data Ascii: llBorderRightBottom{ font-size: 10px; padding-left: 5px; padding-right: 10px; padding-top: 2px; padding-bottom: 2px; vertical-align: middle; border-top: 0px; border-right: 1px solid #A7B1A6; border-left: 0px; border-bottom:
2023-07-12 10:22:25 UTC	59	IN	Data Raw: 64 2d 63 6f 6c 6f 72 3a 20 23 39 33 62 62 65 65 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 31 31 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 32 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 3b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 0a 0a 2f 2a 20 44 65 70 6c 6f 79 6d 65 6e 74 20 45 64 69 74 20 2d 20 4d 65 73 73 61 67 65 20 43 6f 6e 74 65 6e 74 20 53 74 79 6c 65 73 20 2a 2f 0a 0a 2e 73 70 6c 69 74 5f 74 61 62 73 20 7b 0a 20 20 20 20 66 6c 6f 61 74 3a 6c 65 66 74 3b 0a 20 20 20 20 77 69 64 Data Ascii: d-color: #93bbee;font-size: 11px;padding-left: 10px;padding-right: 10px;padding-top: 2px;padding-bottom: 2px;vertical-align: middle;font-weight: bold;}/* Deployment Edit - Message Content Styles */.split_tabs { float:left; wid
2023-07-12 10:22:25 UTC	61	IN	Data Raw: 6c 64 3b 0a 09 77 69 64 74 68 3a 20 31 34 25 3b 0a 7d 0a 0a 2e 64 61 79 4e 75 6d 62 65 72 20 7b 0a 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 33 65 33 65 33 3b 0a 09 63 6f 6c 6f 72 3a 20 23 36 32 36 34 35 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 09 68 65 69 67 68 74 3a 20 32 30 30 70 78 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 0a 09 70 61 64 64 69 6e 67 3a 33 70 78 3b 09 0a 7d 0a 0a 2e 64 65 70 6c 6f 79 6d 65 6e 74 49 6e 66 6f 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 34 31 35 64 38 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 0a 2e 77 65 65 6b 0a 7b 0a 09 62 6f Data Ascii: ld;width: 14%;}.dayNumber {border: 1px solid #e3e3e3;color: #62645f;font-size: 12px;font-weight: bold;height: 200px;text-align:left;padding:3px;}.deploymentInfo {color: #415d8f;font-size: 10px;font-weight: bold;}.week{bo
2023-07-12 10:22:25 UTC	72	IN	Data Raw: 3a 72 69 67 68 74 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 31 66 37 66 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 36 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 32 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 3b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 09 62 6f 72 64 65 72 2d 74 6f 70 3a 20 30 70 78 3b Data Ascii: :right;background-color:#f1f7ff;font-size:14px;font-weight:bold;font-family: Arial, Helvetica, sans-serif;color:#000000;padding-left: 5px;padding-right: 6px;padding-top: 2px;padding-bottom: 2px;vertical-align: middle;border-top: 0px;
2023-07-12 10:22:25 UTC	79	IN	Data Raw: 73 69 74 65 64 20 7b 0a 20 20 20 20 66 6c 6f 61 74 3a 6c 65 66 74 3b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 65 63 65 64 36 3b 0a 7d 0a 0a 61 2e 74 61 62 4f 6e 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 20 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 62 35 34 61 63 3b 0a 7d 0a 0a 61 2e 74 61 62 4f 66 66 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 20 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 62 35 34 61 63 3b 0a 7d 0a 0a 53 50 41 4e 2e 73 65 6c 65 63 74 65 64 54 61 62 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 37 65 Data Ascii: sited { float:left; cursor: pointer; color: #ceced6;}a.tabOn:hover { text-decoration : underline; color: #2b54ac;}a.tabOff:hover { text-decoration : underline; color: #2b54ac;}SPAN.selectedTab {background-color: #e7e

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49708	205.162.42.171	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:24 UTC	8	OUT	GET /portal/ImageServlet?envId=12269&typeId=3 HTTP/1.1 Host: worthintl.omeclk.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=F9044E4B156F08761D177B4C5670BD2B
2023-07-12 10:22:24 UTC	11	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Type: image/jpeg Content-Length: 43645 Date: Wed, 12 Jul 2023 10:22:24 GMT Server: Apache Connection: close
2023-07-12 10:22:24 UTC	12	IN	Data Raw: ff d8 ff e1 0f 47 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a8 00 00 00 d4 00 0a fc 80 00 00 27 10 00 0a fc 80 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 35 2e 31 20 4d 61 63 69 6e 74 6f 73 68 00 32 30 31 34 3a 30 36 3a 30 35 20 31 35 3a 31 35 3a 35 38 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 01 f4 a0 03 00 04 00 00 00 01 00 00 00 da 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 05 00 00 00 01 00 00 01 22 01 1b 00 05 00 Data Ascii: GExifMM*bj(1 r2i''Adobe Photoshop CS5.1 Macintosh2014:06:05 15:15:58"
2023-07-12 10:22:25 UTC	14	IN	Data Raw: 1a 10 43 4a e6 71 3a be 75 2c b1 ad 7b ee ba e0 c6 d5 bc 97 ed 3e ed db 59 f9 d6 3f 73 76 24 a7 ac 49 73 7f b2 7a ed c3 d5 b2 d2 1d c8 6b ed 70 77 dd 58 35 b5 42 9e a7 d4 fa 6e 47 a5 97 be c6 0d 5d 55 87 73 b6 9f cf a6 df ce ff 00 3f 67 f5 12 53 d3 a4 b2 3a e6 5b bf 67 d1 7e 2d ae 6b 6c b1 a4 3d 84 b6 5a 59 63 96 6d 79 bd 57 2e aa f0 f1 5d 63 dc c6 cd b6 03 0e 71 25 c7 df 73 8f e8 d9 b7 e8 7b 92 53 d4 a4 b9 fc 4b 72 ba 3d 19 16 e6 b5 c5 f6 96 37 1e b7 59 bb 73 bd fb ff 00 39 fb 36 ff 00 84 72 15 35 75 ae ad 37 1b 8d 74 92 40 32 58 cf 85 75 d7 ee 7e df de b1 c9 29 e9 52 5c d5 f8 9d 67 a5 b7 d7 66 41 7d 4d fa 44 39 ce 03 cd f4 db bb d9 fd 54 b2 ba 86 46 55 15 e5 57 63 e9 70 3e 8e 45 6c 79 00 3a 37 d7 63 04 fd 1b 1b bd 3a 31 b3 56 b3 24 f8 22 65 57 4f 4a 92 Data Ascii: CJq:u,{>Y?sv$IszkpwX5BnG]Us?gS:[g~-kl=ZYcmyW.]cq%s{SKr=7Ys96r5u7t@2Xu~)R\gfA}MD9TFUWcp>Ely:7c:1V$"eWOJ
2023-07-12 10:22:25 UTC	17	IN	Data Raw: 74 53 62 6f 6f 6c 01 00 00 00 00 49 6e 74 65 65 6e 75 6d 00 00 00 00 49 6e 74 65 00 00 00 00 43 6c 72 6d 00 00 00 0f 70 72 69 6e 74 53 69 78 74 65 65 6e 42 69 74 62 6f 6f 6c 00 00 00 00 0b 70 72 69 6e 74 65 72 4e 61 6d 65 54 45 58 54 00 00 00 0f 00 63 00 33 00 36 00 30 00 2d 00 4d 00 61 00 72 00 6b 00 65 00 74 00 69 00 6e 00 67 00 00 00 38 42 49 4d 04 3b 00 00 00 00 01 b2 00 00 00 10 00 00 00 01 00 00 00 00 00 12 70 72 69 6e 74 4f 75 74 70 75 74 4f 70 74 69 6f 6e 73 00 00 00 12 00 00 00 00 43 70 74 6e 62 6f 6f 6c 00 00 00 00 00 43 6c 62 72 62 6f 6f 6c 00 00 00 00 00 52 67 73 4d 62 6f 6f 6c 00 00 00 00 00 43 72 6e 43 62 6f 6f 6c 00 00 00 00 00 43 6e 74 43 62 6f 6f 6c 00 00 00 00 00 4c 62 6c 73 62 6f 6f 6c 00 00 00 00 00 4e 67 74 76 62 6f 6f 6c 00 00 00 00 Data Ascii: tSboolInteenumInteClrmprintSixteenBitboolprinterNameTEXTc360-Marketing8BIM;printOutputOptionsCptnboolClbrboolRgsMboolCrnCboolCntCboolLblsboolNgtvbool
2023-07-12 10:22:25 UTC	33	IN	Data Raw: 00 00 00 53 63 6c 20 55 6e 74 46 23 50 72 63 40 59 00 00 00 00 00 00 38 42 49 4d 03 ed 00 00 00 00 00 10 00 48 00 00 00 01 00 01 00 48 00 00 00 01 00 01 38 42 49 4d 04 26 00 00 00 00 00 0e 00 00 00 00 00 00 00 00 00 00 3f 80 00 00 38 42 49 4d 04 0d 00 00 00 00 00 04 00 00 00 1e 38 42 49 4d 04 19 00 00 00 00 00 04 00 00 00 1e 38 42 49 4d 03 f3 00 00 00 00 00 09 00 00 00 00 00 00 00 00 01 00 38 42 49 4d 27 10 00 00 00 00 00 0a 00 01 00 00 00 00 00 00 00 01 38 42 49 4d 03 f5 00 00 00 00 00 48 00 2f 66 66 00 01 00 6c 66 66 00 06 00 00 00 00 00 01 00 2f 66 66 00 01 00 a1 99 9a 00 06 00 00 00 00 00 01 00 32 00 00 00 01 00 5a 00 00 00 06 00 00 00 00 00 01 00 35 00 00 00 01 00 2d 00 00 00 06 00 00 00 00 00 01 38 42 49 4d 03 f8 00 00 00 00 00 70 00 00 ff ff ff ff Data Ascii: Scl UntF#Prc@Y8BIMHH8BIM&?8BIM8BIM8BIM8BIM'8BIMH/fflff/ff2Z5-8BIMp
2023-07-12 10:22:25 UTC	49	IN	Data Raw: 4f 43 45 53 53 22 20 78 6d 70 47 3a 63 79 61 6e 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 6d 61 67 65 6e 74 61 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 79 65 6c 6c 6f 77 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 62 6c 61 63 6b 3d 22 31 30 30 2e 30 30 30 30 30 30 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 78 6d 70 47 3a 73 77 61 74 63 68 4e 61 6d 65 3d 22 43 3d 30 20 4d 3d 30 20 59 3d 30 20 4b 3d 39 30 22 20 78 6d 70 47 3a 6d 6f 64 65 3d 22 43 4d 59 4b 22 20 78 6d 70 47 3a 74 79 70 65 3d 22 50 52 4f 43 45 53 53 22 20 78 6d 70 47 3a 63 79 61 6e 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 6d 61 67 65 6e 74 61 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 79 65 6c 6c 6f 77 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 62 Data Ascii: OCESS" xmpG:cyan="0.000000" xmpG:magenta="0.000000" xmpG:yellow="0.000000" xmpG:black="100.000000"/> <rdf:li xmpG:swatchName="C=0 M=0 Y=0 K=90" xmpG:mode="CMYK" xmpG:type="PROCESS" xmpG:cyan="0.000000" xmpG:magenta="0.000000" xmpG:yellow="0.000000" xmpG:b
2023-07-12 10:22:25 UTC	66	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 3f Data Ascii: <?
2023-07-12 10:22:25 UTC	71	IN	Data Raw: 20 7f e2 ad 5e bf 6d 3e 5c 06 09 87 ce 17 aa 47 af 04 72 2f 7e 35 43 fa db 0d 2b 33 cd 84 b6 5e 67 d3 6e 88 49 49 b7 90 f6 93 ec ff 00 c1 8d bf e0 b8 e1 c8 20 80 41 a8 3b 82 30 2b 79 b3 66 c5 5d 9b 0a 75 5d 7a 2d 2a 64 86 48 5a 42 eb cc 15 20 77 23 bf cb 0b ff 00 c6 56 df f2 cd 27 fc 10 c6 95 93 66 c0 3a 56 a4 9a a5 bb 5c 46 86 30 ae 53 8b 10 4e c0 1e df 3c 7d f6 a5 67 a7 47 ce ea 40 b5 fb 28 37 66 f9 2e 2a 8b cd 91 1b af 38 ca 49 16 76 ea ab d9 a5 24 9f f8 15 a5 3f e0 b0 17 f8 ab 57 ad 79 47 4f 0e 02 98 69 59 de 6c 2d d0 f5 09 b5 2b 1f ac ce aa ae 1c a7 c1 50 28 29 be e4 f8 e1 96 05 76 6c 42 ea f6 d6 ca 3f 52 ea 55 8d 7b 57 a9 ff 00 54 75 39 1f ba f3 8c 0a 4a d9 c0 d2 78 3c 87 88 ff 00 81 15 38 ab 27 cd 90 79 3c db aa 3f d8 11 46 3d 94 9f f8 91 38 c5 f3 Data Ascii: ^m>\Gr/~5C+3^gnII A;0+yf]u]z-dHZB w#V'f:V\F0SN<}gG@(7f.8Iv$?WyGOiYl-+P()vlB?RU{WTu9Jx<8'y<?F=8
2023-07-12 10:22:25 UTC	71	IN	Data Raw: 8a 65 9b 36 6c 83 73 b3 66 cd 8a bb 36 04 d4 af 86 9d 6a d7 45 3d 40 a4 0e 20 d3 a9 a7 5a 1c 25 ff 00 17 27 fc b2 1f f8 31 ff 00 34 e4 e3 8e 72 17 11 6d 59 35 18 b1 9e 19 ca 8d 5f 22 c9 73 61 3e 99 af 2e a5 72 6d c4 06 32 14 bf 22 d5 e9 4f 61 e3 87 19 19 44 c4 d4 85 16 58 f2 43 24 78 a0 6c 72 76 6c d9 89 00 54 ec 07 53 81 9b b3 61 3d e7 98 f4 fb 52 52 32 6e 24 1d a3 fb 3f f0 7f f3 4e 13 cd e6 ab e7 27 d1 8e 38 97 b5 41 63 f7 9d bf e1 72 c8 e1 99 e9 5e f7 1f 26 af 0c 0d 19 59 ee 8e ec c3 36 41 8f 98 f5 72 7f bf 03 d8 22 7f cd 38 a4 7e 67 d5 10 fc 45 24 1e 0c b4 ff 00 88 f1 c9 7e 5e 7d e1 a8 76 86 1e e9 0f 87 ed 66 b9 b2 39 6b e6 c8 5c 85 bc 84 c7 fe 5a 1e 43 fe 07 ed 61 f4 17 10 5d 46 25 b7 90 48 87 ba 9f d7 95 ca 12 8f d4 29 c9 c7 9b 1e 4f a2 40 f9 75 f9 Data Ascii: e6lsf6jE=@ Z%'14rmY5_"sa>.rm2"OaDXC$xlrvlTSa=RR2n$?N'8Acr^&Y6Ar"8~gE$~^}vf9k\ZCa]F%H)O@u
2023-07-12 10:22:25 UTC	80	IN	Data Raw: c8 e6 14 32 6d 27 54 4d 2b 42 92 5d 9a 67 99 96 14 3d cf 15 dc ff 00 92 b9 1e b8 b8 9a ee 66 9e e1 cb c8 fd 58 e2 65 98 80 a4 9a 0a d0 76 15 c1 9a 7e 95 7b a9 35 2d 93 e0 1b 34 ad b2 0f a7 fa 61 54 16 6c 96 c1 e4 d4 a5 6e 6e 89 3d c4 6a 00 fb da bf f1 1c 59 fc 9d 64 47 c1 71 2a b7 89 e2 47 dd 45 c1 6a 88 f2 aa d3 48 43 fc ce e7 f1 a7 f0 cd ad eb f1 e9 a0 db db d2 4b b2 3a 1f b2 95 ee de ff 00 e4 e2 73 ca 3c b5 a3 ac 0a e2 59 c9 65 84 d2 95 2c 4b 72 2b 53 f6 2b 90 a7 77 91 da 49 18 b3 b1 25 98 f5 24 f7 c5 2b ee 2e 67 ba 94 cd 71 21 92 46 ea cd fc 3c 31 2c 5a da da 7b c9 d2 de dd 0b c8 e6 80 0f d6 7d b2 6b a6 79 6a ce c9 55 ee 14 5c 5c 75 25 85 50 1f f2 54 ff 00 c4 9b 14 30 a8 ad 2e a7 de 08 24 90 78 a2 96 fd 43 1e fa 7d f4 63 94 96 d2 a8 f1 28 c0 7e ac e9 Data Ascii: 2m'TM+B]g=fXev~{5-4aTlnn=jYdGq*GEjHCK:s<Ye,Kr+S+wI%$+.gq!F<1,Z{}kyjU\\u%PT0.$xC}c(~

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49709	205.162.42.171	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:26 UTC	92	OUT	GET /favicon.ico HTTP/1.1 Host: worthintl.omeclk.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-07-12 10:22:26 UTC	92	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes ETag: W/"15086-1503515970000" Last-Modified: Wed, 23 Aug 2017 19:19:30 GMT Content-Type: image/x-icon Content-Length: 15086 Date: Wed, 12 Jul 2023 10:22:26 GMT Server: Apache Connection: close
2023-07-12 10:22:26 UTC	93	IN	Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 24 79 48 13 5b 79 48 13 95 79 48 13 cf 79 48 13 e2 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 e2 79 48 13 c0 79 48 13 95 79 48 13 5b 79 48 13 24 72 88 2f 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 00 %6 % h6(0` $r/yH$yH[yHyHyHyHyHyHyHyHyHyHyH[yH$r/
2023-07-12 10:22:26 UTC	95	IN	Data Raw: 47 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 aa 8e 89 37 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 49 b5 39 67 49 b5 39 e9 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 e9 49 b5 39 67 72 88 2f 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 c8 8e 4b aa c8 8e 4b ff c8 8e 4b ff c8 8e 4b ff c8 8e 4b f4 c8 8e 4b 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 95 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ef 79 48 13 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 67 49 b5 39 f4 49 b5 39 ff 49 b5 39 ff 49 b5 Data Ascii: GyHyHyHyHyH7r/I9gI9I9I9I9I9I9I9I9I9I9I9I9I9I9I9gr/r/KKKKKKFr/yHyHyHyHyHyH4I9gI9I9I9I
2023-07-12 10:22:26 UTC	97	IN	Data Raw: ff 49 b5 39 ff 49 b5 39 e9 49 b5 39 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e 4b 95 c8 8e 4b ff c8 8e 4b ff c8 8e 4b ff c8 8e 4b d0 c8 8e 4b 16 00 00 00 00 00 00 00 00 79 48 13 11 79 48 13 cf 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 34 49 b5 39 f4 49 b5 39 ff 49 b5 39 ff 49 b5 39 f4 49 b5 39 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 41 49 b5 39 f4 49 b5 39 ff 49 b5 39 ff 49 b5 39 f4 49 b5 39 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e 4b 7f c8 8e 4b ff c8 8e 4b ff c8 8e 4b ff c8 8e 4b d0 c8 8e 4b 16 00 00 00 00 00 00 Data Ascii: I9I9I9'KKKKKKyHyHyHyHyHyHI94I9I9I9I9I9AI9AI9I9I9I9I94KKKKKK

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49711	205.162.42.171	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:26 UTC	97	OUT	GET /portal/ImageServlet?envId=12269&typeId=3 HTTP/1.1 Host: worthintl.omeclk.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=F9044E4B156F08761D177B4C5670BD2B
2023-07-12 10:22:27 UTC	108	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Type: image/jpeg Content-Length: 43645 Date: Wed, 12 Jul 2023 10:22:26 GMT Server: Apache Connection: close
2023-07-12 10:22:27 UTC	109	IN	Data Raw: ff d8 ff e1 0f 47 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a8 00 00 00 d4 00 0a fc 80 00 00 27 10 00 0a fc 80 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 35 2e 31 20 4d 61 63 69 6e 74 6f 73 68 00 32 30 31 34 3a 30 36 3a 30 35 20 31 35 3a 31 35 3a 35 38 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 01 f4 a0 03 00 04 00 00 00 01 00 00 00 da 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 05 00 00 00 01 00 00 01 22 01 1b 00 05 00 Data Ascii: GExifMM*bj(1 r2i''Adobe Photoshop CS5.1 Macintosh2014:06:05 15:15:58"
2023-07-12 10:22:27 UTC	118	IN	Data Raw: d7 33 d4 69 1d db 22 bf fa 56 3b d3 6b 3e 9e f4 23 d2 eb 36 b9 fe ab f6 bd f5 58 59 ed 8d f4 ec d8 ef a3 bb de da 9a d7 a6 3d 1b 18 b6 f6 ee 7f e9 de db 39 1e c2 d7 1b 9a da c6 dd bb 3d 67 d9 66 c7 ff 00 a4 49 49 db d4 31 1c 6b 6b 6c 97 5b 3b 1a 01 9d 0f a6 ed ed 8f d1 ed b3 f4 7f a4 fc f5 61 50 fd 91 54 d2 45 8e 69 a5 c5 f2 c6 b1 85 c4 bb d5 77 ba ba da e6 b5 df 45 ec 67 d3 ad 5f 49 4a 49 24 92 52 92 49 24 94 ff 00 ff d3 f5 54 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ea a4 97 ca a9 24 a7 ff d9 00 38 42 49 4d 04 21 00 00 00 00 00 59 00 00 00 01 01 00 00 00 0f 00 41 00 64 00 6f 00 62 00 65 00 20 00 50 00 68 00 6f 00 Data Ascii: 3i"V;k>#6XY=9=gfII1kkl[;aPTEiwEg_IJI$RI$T$$$$$$$$$$8BIM!YAdobe Pho
2023-07-12 10:22:27 UTC	126	IN	Data Raw: 30 22 20 78 6d 70 47 3a 6d 61 67 65 6e 74 61 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 79 65 6c 6c 6f 77 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 62 6c 61 63 6b 3d 22 31 30 30 2e 30 30 30 30 30 30 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 78 6d 70 47 3a 73 77 61 74 63 68 4e 61 6d 65 3d 22 43 4d 59 4b 20 52 65 64 22 20 78 6d 70 47 3a 6d 6f 64 65 3d 22 43 4d 59 4b 22 20 78 6d 70 47 3a 74 79 70 65 3d 22 50 52 4f 43 45 53 53 22 20 78 6d 70 47 3a 63 79 61 6e 3d 22 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 6d 61 67 65 6e 74 61 3d 22 31 30 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 79 65 6c 6c 6f 77 3d 22 31 30 30 2e 30 30 30 30 30 30 22 20 78 6d 70 47 3a 62 6c 61 63 6b 3d 22 30 2e 30 30 30 30 30 30 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 78 6d 70 Data Ascii: 0" xmpG:magenta="0.000000" xmpG:yellow="0.000000" xmpG:black="100.000000"/> <rdf:li xmpG:swatchName="CMYK Red" xmpG:mode="CMYK" xmpG:type="PROCESS" xmpG:cyan="0.000000" xmpG:magenta="100.000000" xmpG:yellow="100.000000" xmpG:black="0.000000"/> <rdf:li xmp
2023-07-12 10:22:27 UTC	141	IN	Data Raw: 6a 9f 6a f7 6b 4f 6b a7 6b ff 6c 57 6c af 6d 08 6d 60 6d b9 6e 12 6e 6b 6e c4 6f 1e 6f 78 6f d1 70 2b 70 86 70 e0 71 3a 71 95 71 f0 72 4b 72 a6 73 01 73 5d 73 b8 74 14 74 70 74 cc 75 28 75 85 75 e1 76 3e 76 9b 76 f8 77 56 77 b3 78 11 78 6e 78 cc 79 2a 79 89 79 e7 7a 46 7a a5 7b 04 7b 63 7b c2 7c 21 7c 81 7c e1 7d 41 7d a1 7e 01 7e 62 7e c2 7f 23 7f 84 7f e5 80 47 80 a8 81 0a 81 6b 81 cd 82 30 82 92 82 f4 83 57 83 ba 84 1d 84 80 84 e3 85 47 85 ab 86 0e 86 72 86 d7 87 3b 87 9f 88 04 88 69 88 ce 89 33 89 99 89 fe 8a 64 8a ca 8b 30 8b 96 8b fc 8c 63 8c ca 8d 31 8d 98 8d ff 8e 66 8e ce 8f 36 8f 9e 90 06 90 6e 90 d6 91 3f 91 a8 92 11 92 7a 92 e3 93 4d 93 b6 94 20 94 8a 94 f4 95 5f 95 c9 96 34 96 9f 97 0a 97 75 97 e0 98 4c 98 b8 99 24 99 90 99 fc 9a 68 9a d5 9b Data Ascii: jjkOkklWlmm`mnnknooxop+ppq:qqrKrss]sttptu(uuv>vvwVwxxnxy*yyzFz{{c{\|!\|\|}A}~~b~#Gk0WGr;i3d0c1f6n?zM _4uL$h
2023-07-12 10:22:27 UTC	144	IN	Data Raw: bd ba 8a d5 6d dd 5a 53 c4 31 22 83 0f b1 57 66 c2 7b ef 32 69 d6 44 a2 b1 b8 94 7e cc 7b 80 7d df ec e1 24 fe 70 bd 72 7d 08 63 8d 7b 72 ab 9f d6 a3 fe 17 1a 56 67 9b 20 7f e2 ad 5e bf 6d 3e 5c 06 09 87 ce 17 aa 47 af 04 72 2f 7e 35 43 fa db 0d 2b 33 cd 84 b6 5e 67 d3 6e 88 49 49 b7 90 f6 93 ec ff 00 c1 8d bf e0 b8 e1 c8 20 80 41 a8 3b 82 30 2b 79 b3 66 c5 5d 9b 0a 75 5d 7a 2d 2a 64 86 48 5a 42 eb cc 15 20 77 23 bf cb 0b ff 00 c6 56 df f2 cd 27 fc 10 c6 95 93 66 c0 3a 56 a4 9a a5 bb 5c 46 86 30 ae 53 8b 10 4e c0 1e df 3c 7d f6 a5 67 a7 47 ce ea 40 b5 fb 28 37 66 f9 2e 2a 8b cd 91 1b af 38 ca 49 16 76 ea ab d9 a5 24 9f f8 15 a5 3f e0 b0 17 f8 ab 57 ad 79 47 4f 0e 02 98 69 59 de 6c 2d d0 f5 09 b5 2b 1f ac ce aa ae 1c a7 c1 50 28 29 be e4 f8 e1 96 05 76 6c Data Ascii: mZS1"Wf{2iD~{}$pr}c{rVg ^m>\Gr/~5C+3^gnII A;0+yf]u]z-dHZB w#V'f:V\F0SN<}gG@(7f.8Iv$?WyGOiYl-+P()vl

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49713	205.162.42.171	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-12 10:22:26 UTC	108	OUT	GET /favicon.ico HTTP/1.1 Host: worthintl.omeclk.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-07-12 10:22:27 UTC	122	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes ETag: W/"15086-1503515970000" Last-Modified: Wed, 23 Aug 2017 19:19:30 GMT Content-Type: image/x-icon Content-Length: 15086 Date: Wed, 12 Jul 2023 10:22:26 GMT Server: Apache Connection: close
2023-07-12 10:22:27 UTC	122	IN	Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 24 79 48 13 5b 79 48 13 95 79 48 13 cf 79 48 13 e2 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 e2 79 48 13 c0 79 48 13 95 79 48 13 5b 79 48 13 24 72 88 2f 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 00 %6 % h6(0` $r/yH$yH[yHyHyHyHyHyHyHyHyHyHyH[yH$r/
2023-07-12 10:22:27 UTC	142	IN	Data Raw: ff 49 b5 39 ff 49 b5 39 e9 49 b5 39 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e 4b 95 c8 8e 4b ff c8 8e 4b ff c8 8e 4b ff c8 8e 4b d0 c8 8e 4b 16 00 00 00 00 00 00 00 00 79 48 13 11 79 48 13 cf 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 34 49 b5 39 f4 49 b5 39 ff 49 b5 39 ff 49 b5 39 f4 49 b5 39 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 41 49 b5 39 f4 49 b5 39 ff 49 b5 39 ff 49 b5 39 f4 49 b5 39 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e 4b 7f c8 8e 4b ff c8 8e 4b ff c8 8e 4b ff c8 8e 4b d0 c8 8e 4b 16 00 00 00 00 00 00 Data Ascii: I9I9I9'KKKKKKyHyHyHyHyHyHI94I9I9I9I9I9AI9AI9I9I9I9I94KKKKKK
2023-07-12 10:22:27 UTC	157	IN	Data Raw: 00 49 b5 39 27 49 b5 39 d8 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 f4 49 b5 39 bb 49 b5 39 7e 49 b5 39 59 49 b5 39 59 49 b5 39 7e 49 b5 39 bb 49 b5 39 f4 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 d8 49 b5 39 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8e 89 37 0a c8 8e 4b be c8 8e 4b ff c8 8e 4b ff c8 8e 4b ff c8 8e 4b d0 c8 8e 4b 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 95 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 4b 49 b5 39 e5 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 Data Ascii: I9'I9I9I9I9I9I9I9I9~I9YI9YI9~I9I9I9I9I9I9I9I9'7KKKKKKyHyHyHyHyHyHGI9KI9I9I9I9I9I9I9I9I9I9I9I9I9I

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	12:22:16
Start date:	12/07/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff614650000
File size:	2'851'656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Target ID:	1
Start time:	12:22:17
Start date:	12/07/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1740,i,13977009374011620039,6654646004780917911,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff614650000
File size:	2'851'656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Target ID:	2
Start time:	12:22:20
Start date:	12/07/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA
Imagebase:	0x7ff614650000
File size:	2'851'656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Source: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA	HTTP Parser: No favicon
Source: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA	HTTP Parser: No favicon

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA HTTP/1.1Host: worthintl.omeclk.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduA HTTP/1.1Host: worthintl.omeclk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /portal/includes/omeda_style.css HTTP/1.1Host: worthintl.omeclk.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=F9044E4B156F08761D177B4C5670BD2B
Source: global traffic	HTTP traffic detected: GET /portal/ImageServlet?envId=12269&typeId=3 HTTP/1.1Host: worthintl.omeclk.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=F9044E4B156F08761D177B4C5670BD2B
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: worthintl.omeclk.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://worthintl.omeclk.com/portal/deployunsubscribe/Unsubscribe.jsp?UvDuzaQX7m7bVShamfObn2zGmP90KmduAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /portal/ImageServlet?envId=12269&typeId=3 HTTP/1.1Host: worthintl.omeclk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=F9044E4B156F08761D177B4C5670BD2B
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: worthintl.omeclk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2016, Parent PID: 3088

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Windows Analysis Report
https://worthintl.omeclk.com/portal/unsubscribe/?UvDuzaQX7m7bVShamfObn2zGmP90KmduA