Edit tour

Windows Analysis Report
Remittance Advice B9623.HTML

Overview

General Information

Sample Name:Remittance Advice B9623.HTML
Analysis ID:1337736
MD5:44a8ea27fc7849ee92442112d1f12de3
SHA1:4c99958b4bcb9b89d433197f41f0d16f4b6737f1
SHA256:a116b3362f5b8c0ff155e65ff314231c36beef5d620e4db28eaa3a01a71679b0
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
HTML file submission containing password form
HTML document with suspicious title
Phishing site detected (based on logo match)
HTML document with suspicious name
Creates files inside the system directory
None HTTPS page querying sensitive user data (password, username or email)
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
HTML title does not match URL
Suspicious form URL found
IP address seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 3040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Remittance Advice B9623.HTML MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5272 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=2072,i,13270799758387245985,6612383874584642118,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Remittance Advice B9623.HTMLJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    SourceRuleDescriptionAuthorStrings
    0.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: Yara matchFile source: Remittance Advice B9623.HTML, type: SAMPLE
      Source: Yara matchFile source: 0.0.pages.csv, type: HTML
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLTab title: Login Page
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLMatcher: Template: microsoft matched
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: Has password / email / username input fields
      Source: Remittance Advice B9623.HTMLHTTP Parser: Number of links: 0
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: Number of links: 0
      Source: Remittance Advice B9623.HTMLHTTP Parser: Title: Login Page does not match URL
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: Title: Login Page does not match URL
      Source: Remittance Advice B9623.HTMLHTTP Parser: Form action: https://mx.azizrajelvivaaxraf.shop/app/8b1fbe0.php
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: Form action: https://mx.azizrajelvivaaxraf.shop/app/8b1fbe0.php
      Source: Remittance Advice B9623.HTMLHTTP Parser: <input type="password" .../> found
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: <input type="password" .../> found
      Source: Remittance Advice B9623.HTMLHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: No <meta name="author".. found
      Source: Remittance Advice B9623.HTMLHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: No favicon
      Source: Remittance Advice B9623.HTMLHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49727 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49732 version: TLS 1.2
      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: Joe Sandbox ViewIP Address: 198.35.26.112 198.35.26.112
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
      Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
      Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.240
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: Remittance Advice B9623.HTMLString found in binary or memory: https://dfshultzblog.files.wordpress.com/2018/02/publication_spreadsheet_screenshot_blurred.jpg
      Source: Remittance Advice B9623.HTMLString found in binary or memory: https://mx.azizrajelvivaaxraf.shop/app/8b1fbe0.php
      Source: Remittance Advice B9623.HTMLString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/85/Microsoft_365_logo.png/1200px-Microsoft_36
      Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
      Source: unknownDNS traffic detected: queries for: clients2.google.com
      Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /2018/02/publication_spreadsheet_screenshot_blurred.jpg HTTP/1.1Host: dfshultzblog.files.wordpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /wikipedia/commons/thumb/8/85/Microsoft_365_logo.png/1200px-Microsoft_365_logo.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /2018/02/publication_spreadsheet_screenshot_blurred.jpg HTTP/1.1Host: dfshultzblog.files.wordpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /wikipedia/commons/thumb/8/85/Microsoft_365_logo.png/1200px-Microsoft_365_logo.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BBWLTLTxOmoX+Lx&MD=CN9uEAYM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BBWLTLTxOmoX+Lx&MD=CN9uEAYM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000084A5C6CB58 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
      Source: unknownHTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49727 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49732 version: TLS 1.2

      System Summary

      barindex
      Source: Name includes: Remittance Advice B9623.HTMLInitial sample: advice
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_3040_1896138452Jump to behavior
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Remittance Advice B9623.HTML
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=2072,i,13270799758387245985,6612383874584642118,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=2072,i,13270799758387245985,6612383874584642118,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: classification engineClassification label: mal64.phis.winHTML@14/10@16/8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

      Stealing of Sensitive Information

      barindex
      Source: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLHTTP Parser: file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTML
      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder
      1
      Process Injection
      11
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel
      Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder
      1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
      Non-Application Layer Protocol
      Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
      Obfuscated Files or Information
      Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
      Application Layer Protocol
      Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
      Ingress Tool Transfer
      SIM Card SwapCarrier Billing Fraud
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1337736 Sample: Remittance Advice B9623.HTML Startdate: 06/11/2023 Architecture: WINDOWS Score: 64 22 Yara detected HtmlPhish10 2->22 24 HTML document with suspicious name 2->24 26 HTML file submission containing password form 2->26 28 2 other signatures 2->28 6 chrome.exe 9 2->6         started        process3 dnsIp4 12 192.168.2.16, 138, 443, 49396 unknown unknown 6->12 14 239.255.255.250 unknown Reserved 6->14 9 chrome.exe 6->9         started        process5 dnsIp6 16 upload.wikimedia.org 198.35.26.112, 443, 49718, 49719 WIKIMEDIAUS United States 9->16 18 142.251.215.238, 443, 49737 GOOGLEUS United States 9->18 20 7 other IPs or domains 9->20

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://mx.azizrajelvivaaxraf.shop/app/8b1fbe0.php0%Avira URL Cloudsafe

      Download Network PCAP: filteredfull

      NameIPActiveMaliciousAntivirus DetectionReputation
      accounts.google.com
      142.251.33.109
      truefalse
        high
        s6.files.wordpress.com
        192.0.72.26
        truefalse
          high
          www.google.com
          142.251.33.100
          truefalse
            high
            upload.wikimedia.org
            198.35.26.112
            truefalse
              high
              clients.l.google.com
              142.251.33.78
              truefalse
                high
                dfshultzblog.files.wordpress.com
                unknown
                unknownfalse
                  high
                  clients1.google.com
                  unknown
                  unknownfalse
                    high
                    clients2.google.com
                    unknown
                    unknownfalse
                      high
                      NameMaliciousAntivirus DetectionReputation
                      https://upload.wikimedia.org/wikipedia/commons/thumb/8/85/Microsoft_365_logo.png/1200px-Microsoft_365_logo.pngfalse
                        high
                        https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000084A5C6CB58false
                          high
                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                            high
                            https://dfshultzblog.files.wordpress.com/2018/02/publication_spreadsheet_screenshot_blurred.jpgfalse
                              high
                              file:///C:/Users/user/Desktop/Remittance%20Advice%20B9623.HTMLfalse
                                low
                                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                  high
                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://mx.azizrajelvivaaxraf.shop/app/8b1fbe0.phpRemittance Advice B9623.HTMLfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://upload.wikimedia.org/wikipedia/commons/thumb/8/85/Microsoft_365_logo.png/1200px-Microsoft_36Remittance Advice B9623.HTMLfalse
                                    high
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.251.33.100
                                    www.google.comUnited States
                                    15169GOOGLEUSfalse
                                    142.251.215.238
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    239.255.255.250
                                    unknownReserved
                                    unknownunknownfalse
                                    142.251.33.78
                                    clients.l.google.comUnited States
                                    15169GOOGLEUSfalse
                                    142.251.33.109
                                    accounts.google.comUnited States
                                    15169GOOGLEUSfalse
                                    192.0.72.26
                                    s6.files.wordpress.comUnited States
                                    2635AUTOMATTICUSfalse
                                    198.35.26.112
                                    upload.wikimedia.orgUnited States
                                    14907WIKIMEDIAUSfalse
                                    IP
                                    192.168.2.16
                                    Joe Sandbox Version:38.0.0 Ammolite
                                    Analysis ID:1337736
                                    Start date and time:2023-11-06 16:23:37 +01:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 3m 59s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:8
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample file name:Remittance Advice B9623.HTML
                                    Detection:MAL
                                    Classification:mal64.phis.winHTML@14/10@16/8
                                    EGA Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 0
                                    • Number of non-executed functions: 0
                                    Cookbook Comments:
                                    • Found application associated with file extension: .HTML
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                    • Excluded IPs from analysis (whitelisted): 104.117.234.93, 142.251.33.99, 34.104.35.123, 69.164.40.8, 142.250.217.67, 192.229.211.108, 23.32.75.35
                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • VT rate limit hit for: Remittance Advice B9623.HTML
                                    No simulations
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    239.255.255.250_EXTERNAL_ ESA Quarantine - Phish using vendor compromised emails.msgGet hashmaliciousUnknownBrowse
                                      https://mainpage.me/kanegraphicalGet hashmaliciousUnknownBrowse
                                        _EXTERNAL_ ESA Quarantine - email fails SPF checks.msgGet hashmaliciousPhisherBrowse
                                          Magmutual Health Insurance Benefits Open Enrollment Plan.shtmlGet hashmaliciousHTMLPhisherBrowse
                                            https://pdjaywyzg.live/kRAG24dGet hashmaliciousUnknownBrowse
                                              https://bafybeihcdppg5ryhs2n3ewfp4ckzj6hyqigmxo2rik6dubkr5oou4brqoi.ipfs.dweb.link/posster1.html#exeter@guidedogs.org.ukGet hashmaliciousUnknownBrowse
                                                https://signinavvsamazoncom.easportingllct.online/?IjQix=FuX8sGet hashmaliciousUnknownBrowse
                                                  https://8798464654654.rnzja.ioGet hashmaliciousUnknownBrowse
                                                    https://de5c3805-9477-4806-bf69-1b51e8a610b1.top/Get hashmaliciousUnknownBrowse
                                                      http://clicktracking.terravision.eu/ls/click?upn=fepIzgiF28f0p7JgNPG2wd9iwvEhTxwQlweRuKjv1e6CcOJ7eqCjVqUgicvT9rKXn7mDVFsuJTujxsxVZO83IQsL6xG5ftYTGUWDC8RRJFQ-3DWL5p_qdtC2FVHbxPR8PW0vDhOy5u7VZTf0l3iFsrvPLiieFGzGU6vIkTthbMhGBPLlkZ515G3J2lL9Xpn8ZHD7Y-2FKVUAB7XR-2F0CC44Qzq5iJrGEVO4fyzf2LO6t1QE6LMzMQl3IM2j9OyQ2svEaaD0w7j8A6O0OiSPlkaoyMFGB6Xihl93Hd6yPBlG0lq-2B8p8JStxdGK2-2BBCAVeH62D8JXSCosrVn6b-2BBVd0d7DjOq9g281MyQnLR1vIkPp4DwyGmz31sBDRbIH8cTGsmocdR0r-2Bwq0gt-2BcsAtOIr4C7i5QXXB40-3DGet hashmaliciousUnknownBrowse
                                                        https://in.xero.com/5MuReANKObbI60DorfKRStD9wwBGASE5R7I7NlTP?utm_source=invoiceEmailViewInvoiceButtonGet hashmaliciousUnknownBrowse
                                                          https://versed-deserted-magnolia.pages.dev/?csa=eiwargaffg&eci=Waldemar.Kramer@zehndergroup.comGet hashmaliciousHTMLPhisherBrowse
                                                            https://api-eu.targetx.com/email-interact/redirect?id=MTEwMDAwNTMwIE5vbmUgOTE5MCBUTVNfdGVzdF9yZWNpcGllbnRfaWQ=&link=https://h74r5qb90wvfgn1.oyderxxkfs.ru/is7qh/#ZnJhbmNvaXNlLmNvbGxlb255QGlsZWRlZnJhbmNlLmZyGet hashmaliciousHTMLPhisherBrowse
                                                              Global Partners 401k Retirement Plan.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                Global Partners Insurance Benefits Open Enrollment.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                  https://r20.rs6.net/tn.jsp?f=0012tqreJE6eph5wRlz3kGypk3hqAnDM7rJCqA38KCUEB7Ix7gvB0tTv4b9sI3ZwriqkAVlcXWU0b-xKUz-_kfimMQQc_bbOCm5RF7dC1zJDo3oB5SsGGFqZxwsuE1kuEVzRCZYL9HH_uZfBt6sf4d9Bg==&c=_HnGFulQBIlacMwDFnV-bEOLappfe3SeT_hRqPOotHsW_BOIJYGdRQ==&ch=6innl8VDzOWfNz6ZiScpVnecbl_qVI3laHw7iqPvTRO-6ei6XqibBA==Get hashmaliciousHTMLPhisherBrowse
                                                                    https://url12.mailanyone.net/scanner?m=1qz1fS-0004Yn-3h&d=4%7Cmail%2F90%2F1699046400%2F1qz1fS-0004Yn-3h%7Cin12a%7C57e1b682%7C21208867%7C12850088%7C6545654636FE57E6E57961A1A15864D3&o=%2Fphta%3A%2Fstsnnmpmio-esphy.ireosapcntrm%2Fe.okaso_%2Faonlipsannsomekd_&s=DaCKk6Yup5aSac-p0fkQtpVQ_7YGet hashmaliciousUnknownBrowse
                                                                      file.0xad818da36c30.0xad818ca48660.ImageSectionObject.oneetx.exe.img.exeGet hashmaliciousUnknownBrowse
                                                                        https://1cpcc.trk.elasticemail.com/tracking/click?d=eAaG_o9dO9qe1DS1Fv_6eTyrD7ldGqE4oV_q251yJRJNffwVCosNHPvH7EOdUMWCXzWyb62d8X2LMp-nVYdVGrBcqyGoDDDgN9lhyWByD2K7XSBhr29N9nZwZJstlzeAAstp0d8wX-WRywRAAA8Z_fs1Get hashmaliciousPhisherBrowse
                                                                          https://0my8l.mjt.lu/lnk/AVEAACpnT8UAAAAAAAAAAD0z5gAAAAAADgQAAAAAABuWjwBlP6oF-LmFML58R2C2N3UdVtCPCgAad1c/7/5780qY7SSt1GfV6WAZhA_Q/aHR0cHM6Ly93d3cuaWRlbnRwcmludC5jb20vbWFpbC9tYWlsaW5nLzEyNC91bnN1YnNjcmliZT9yZXNfaWQ9ODg4NDgmZW1haWw9YmExMV9nYWMlNDBlbWZhLnB0JnRva2VuPTU3MTZlZDU5N2I3OWUyYzkyNjgwZDQ5MzFjOWI3OThjZTQ2NDBkYmQzODhhYjFlNmRmMjRlZGRlMGEzMDBiMDU4MTQzYzBlMjRiZWYxNjM1OTg2ZjgzMjE4ZWUwNDY4MWIwYjBlYThmNDQzMjQwOGRhYmQwYWZmZTFjOWI0NzBlGet hashmaliciousHTMLPhisherBrowse
                                                                            192.0.72.26https://jinknk.wordpress.com/Get hashmaliciousHTMLPhisherBrowse
                                                                              198.35.26.112e-Statement_Coquitlam October.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                https://msds.open.edu/signon/samsoff2.aspx?URL=https%3a%2f%2fbredenkamp.co.za%2f.home%2fauths%2f6Ed2%2flaYhB%2f%2f%2f%2fcHJpdmFjeW9mZmljZXJAcmljLm9yZw==Get hashmaliciousUnknownBrowse
                                                                                  https://secure.payment-gateway.microransom.us/XVFdWa1dtaG5iM1UzU0dFME0yRlBkRUV2UVZWdE5qRkRRMGhFWTBOa1pIZFlSakpvVjJGSFJVbGlORTVEWkRnMU5rMW5lbmhWUlM5aVNubFFSbkJ4Y1hOTGFqRlBVR0k0YjNoR2VrNXRUM1pZVFVaSU55dDFVbWxFYmtaTk16RlpZVkJ3VTFGRVFUQlRWelZEY25oeVZUQmhZbEZtZVRZNVUza3JlV05MVDJ0cGVEVjFaVmxSY0VKVVprczFlazh6TW1WQ01FeDVWRFZhUW5OSVkxcExiemxEVUhOWlpXTTVhekJDYkc1SU1HeFFaVWRWV0ZoNGF6TXpkVmR4YVVWRUxTMVdSMHMwVFdjdlpXRkNlSE4yY1ROUlRIRnNMM2xuUFQwPS0tNjhiMWYwNjY4YmZhYjI2MjgwYWIzNzc4MDEwMzMxNmU2NzE2ZmRhNw==?cid=1747653071Get hashmaliciousUnknownBrowse
                                                                                    PO723-0830-01-R1.Xls.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                      https://www.off-re.ru/.6%20c%207/pub-7/ee2ddd450d4/4963aa4c36/a91b2eb6ed/3756c746/96e672e636f6/Get hashmaliciousHTMLPhisherBrowse
                                                                                        http://arr040.matrixlandline.com/#bS5tYXJ0aW5AaGVsbWl0aW4uY29tGet hashmaliciousUnknownBrowse
                                                                                          https://receipt1483974.cardom-ingenieria.com/Get hashmaliciousUnknownBrowse
                                                                                            https://scnv.io/ONN5Get hashmaliciousHTMLPhisherBrowse
                                                                                              https://www.off-re.ru/.6%20c%207/pub-7/ee2ddd450d4/4963aa4c36/a91b2eb6ed/3756c746/96e672e636f6/Get hashmaliciousHTMLPhisherBrowse
                                                                                                https://www.off-re.ru/.6%20c%207/pub-7/ee2ddd450d4/4963aa4c36/a91b2eb6ed/3756c746/96e672e636f6/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  https://docu-6b8.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                    http://0-884.comGet hashmaliciousPhisherBrowse
                                                                                                      https://0-884.com/organisation/vidaassssss/lasenassssss//Y2VjaWVzdGludGVzdEBsaXZlLmNvbQGet hashmaliciousPhisherBrowse
                                                                                                        https://0-884.com/organisation/vidaassssss/lasenassssss//Y2VjaWVzdGludGVzdEBsaXZlLmNvbQGet hashmaliciousPhisherBrowse
                                                                                                          https://ss.realgreen.com/Get?i=XpvlNk8IbNc0tOEmacuxsMFL7cFRtm8m1CQ74Vc_y306KxrXnoFejfCDmzxnERrNMiA7lGr2F-HNwPo28HTGF0mWO5aRibOkeRYtMeX09s3FCdS4ZpB1lF7o3pKyqk0aoMtJF0nVmvK22aE_PoWqerzI8OUKH2RjcRw9UNhi7301&t=3&u=//jessicacurtisjohnson.com//pov/snz/O%20V%206/#c3RldmUua25pZ2h0QGNhYS5jby51aw==Get hashmaliciousUnknownBrowse
                                                                                                            martin.robertson-msg2486_Thursday September 2023.htmlGet hashmaliciousUnknownBrowse
                                                                                                              Sequestration.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                s6.files.wordpress.comhttps://jinknk.wordpress.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 192.0.72.26
                                                                                                                upload.wikimedia.orghttps://s3dj940.r.us-east-1.awstrack.me/L0/https:%2F%2Fscoalaautovlad.ro%2Fwp-inlcudes%2Fyrgftrgf%2Fkwj1Bv%2FZ3Njb3R0QHdoZWxlbi5jb20=/1/0100018b985215e0-7180c117-b50d-41a4-81a6-cea0d31ef04c-000000/3ypcYBsUPgiVZDpdx86niGXkcRo=346Get hashmaliciousUnknownBrowse
                                                                                                                • 208.80.154.240
                                                                                                                PO723-0830-01-R1.Xls.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://docshare.docshare.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://xeroxdocshare.docshare.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                PayStub-Xero038w578.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://crypt.single-sign-on.password.land/XTjJsQ09Ya3pSMnM1V2k5RFEyOVhRMWwzYzNaQ1pFcFNaUzlrTVhCNWRYWlhTbGRKVVZWNlVqZGhabTVqTlVOU1REbDJhWEF4Y0dGRldYcFpRbUYzV21saGFtdHFXVFo2VlZoNGEzaFlTMjR2YjFJMlZrOVlTQ3Q0V1VvNGNYVjRTV2hxTlc4NFEwRm5jVVY1YWs1eE1sZzVSbTlRYUc5aFdUTm5VMWhLZFcweWFrZDBaVGc1V1RKNlpWVnNNRFpyYVhwc2VXVm9ja0pNUlRSbk9UZDJTVWx3VkZGMWNDOUZSazFvYzBWNFVURkxOM2MzVHk4d09XZExORU5XVjJaa2RtdFVSRVU1ZDFWcGRFOXpPRGxzWkd0dVRtbHVSRmczUnpsdk4yNDBTVnA0YlhCVlVXcHFSRmRuZHowdExWTmtObFpsZWpWRFYyRjRkbWh0WjB0WFMwRmlZVUU5UFE9PS0tZTVlMjM2NzQ3N2YxNjk5MWQzNTMyOGZkZjMyNzJjZDIxMWNlNDZlNw==?cid=1780084960Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                e-Statement_Coquitlam October.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.112
                                                                                                                e-Statement_Coquitlam October.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                e-Statement_Coquitlam October.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://flowpressstudio.blogspot.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://yaazuuii.github.io/steam/Get hashmaliciousUnknownBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://msds.open.edu/signon/samsoff2.aspx?URL=https%3a%2f%2fbredenkamp.co.za%2f.home%2fauths%2f6Ed2%2flaYhB%2f%2f%2f%2fcHJpdmFjeW9mZmljZXJAcmljLm9yZw==Get hashmaliciousUnknownBrowse
                                                                                                                • 198.35.26.112
                                                                                                                https://secure.payment-gateway.microransom.us/XVFdWa1dtaG5iM1UzU0dFME0yRlBkRUV2UVZWdE5qRkRRMGhFWTBOa1pIZFlSakpvVjJGSFJVbGlORTVEWkRnMU5rMW5lbmhWUlM5aVNubFFSbkJ4Y1hOTGFqRlBVR0k0YjNoR2VrNXRUM1pZVFVaSU55dDFVbWxFYmtaTk16RlpZVkJ3VTFGRVFUQlRWelZEY25oeVZUQmhZbEZtZVRZNVUza3JlV05MVDJ0cGVEVjFaVmxSY0VKVVprczFlazh6TW1WQ01FeDVWRFZhUW5OSVkxcExiemxEVUhOWlpXTTVhekJDYkc1SU1HeFFaVWRWV0ZoNGF6TXpkVmR4YVVWRUxTMVdSMHMwVFdjdlpXRkNlSE4yY1ROUlRIRnNMM2xuUFQwPS0tNjhiMWYwNjY4YmZhYjI2MjgwYWIzNzc4MDEwMzMxNmU2NzE2ZmRhNw==?cid=1747653071Get hashmaliciousUnknownBrowse
                                                                                                                • 198.35.26.112
                                                                                                                PO723-0830-01-R1.Xls.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.112
                                                                                                                https://www.off-re.ru/.6%20c%207/pub-7/ee2ddd450d4/4963aa4c36/a91b2eb6ed/3756c746/96e672e636f6/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.112
                                                                                                                http://arr040.matrixlandline.com/#bS5tYXJ0aW5AaGVsbWl0aW4uY29tGet hashmaliciousUnknownBrowse
                                                                                                                • 198.35.26.112
                                                                                                                https://receipt1483974.cardom-ingenieria.com/Get hashmaliciousUnknownBrowse
                                                                                                                • 198.35.26.112
                                                                                                                https://scnv.io/ONN5Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.112
                                                                                                                https://www.off-re.ru/.6%20c%207/pub-7/ee2ddd450d4/4963aa4c36/a91b2eb6ed/3756c746/96e672e636f6/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.112
                                                                                                                https://www.off-re.ru/.6%20c%207/pub-7/ee2ddd450d4/4963aa4c36/a91b2eb6ed/3756c746/96e672e636f6/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.112
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                AUTOMATTICUShttps://s3dj940.r.us-east-1.awstrack.me/L0/https:%2F%2Fscoalaautovlad.ro%2Fwp-inlcudes%2Fyrgftrgf%2Fkwj1Bv%2FZ3Njb3R0QHdoZWxlbi5jb20=/1/0100018b985215e0-7180c117-b50d-41a4-81a6-cea0d31ef04c-000000/3ypcYBsUPgiVZDpdx86niGXkcRo=346Get hashmaliciousUnknownBrowse
                                                                                                                • 192.0.78.26
                                                                                                                https://selligenttier.naylorcampaigns.com/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTYyNDExMiZtZXNzYWdlaWQ9NjI0MTEyJmRhdGFiYXNlaWQ9NjI0MTEyJnNlcmlhbD0xNjgyODQwNyZlbWFpbGlkPVRpbUBFbGV2YXRlZGNnLmNvbSZ1c2VyaWQ9MjExMTg2JnRhcmdldGlkPSZtbj0mZmw9Jm12aWQ9JmV4dHJhPSYmJg==&&&9999&&&https://estereovidadarien.org/uwcz/PZHYt/aHJAdXNtZXRyb2JhbmsuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 192.0.78.27
                                                                                                                https://applogyx.com//caltitle.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 192.0.77.2
                                                                                                                https://neon.page/jarosbaum-bollesGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.77.48
                                                                                                                PGiUp8uqGt.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 192.0.78.25
                                                                                                                PO723-0830-01-R1.Xls.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 192.0.77.2
                                                                                                                https://newgamingcodes.com/elemental-dungeons-codes/Get hashmaliciousUnknownBrowse
                                                                                                                • 192.0.78.22
                                                                                                                http://thesocietyhotel.comGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.76.3
                                                                                                                http://freshsociety.infoGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.66.24
                                                                                                                Bank_Information.docGet hashmaliciousFormBookBrowse
                                                                                                                • 192.0.78.24
                                                                                                                https://pilotl.ink/r?i=howdy&e=cbstuqapdt2qjdyseeabazkabxpfwh2hs34pl5adac7niw33dpfc3r6t2p74d4iu3wkfbrp3x5otymzawi3wj6unvaful7723trbm4mhlshazedruueefeoi2phhcgao7llh6v4kv5kntajqnk4dgvdc6alcfxbzokounbriy7edemwg4zswa6noduzbhm4mpvhptzaswerirf4ymm3vqa2sztdruwr3cc6aGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.76.3
                                                                                                                https://pilotl.ink/r?i=howdy&e=cbstuqapdt2qjdyseeabazkabxpfwh2hs34pl5adac7niw33dpfc3r6t2p74d4iu3wkfbrp3x5otymzawi3wj6unvaful7723trbm4mhlshazedruueefeoi2phhcgao7llh6v4kv5kntajqnk4dgvdc6alcfxbzokounbriy7edemwg4zswa6noduzbhm4mpvhptzaswerirf4ymm3vqa2sztdruwr3cc6aGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.76.3
                                                                                                                http://veweeoqh.email/data?_ts=873b3377fcc5f21d21f695cb9b58b61fGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.78.27
                                                                                                                JLavGK0bZb.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 192.0.78.25
                                                                                                                https://allinfo.space/2021/11/13/forklart-hvordan-nasas-dart-oppdrag-vil-treffe-og-avlede-en-asteroide/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 192.0.73.2
                                                                                                                https://bestandssm.xyz/product_details/3974767.htmlGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.78.221
                                                                                                                http://gemmadeealexander.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 192.0.76.3
                                                                                                                http://jessicadire.comGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.77.48
                                                                                                                ForwardedAttachment_2 (1).htmlGet hashmaliciousUnknownBrowse
                                                                                                                • 192.0.73.2
                                                                                                                https://allezlens.fr/Get hashmaliciousUnknownBrowse
                                                                                                                • 192.0.77.40
                                                                                                                WIKIMEDIAUShttps://s3dj940.r.us-east-1.awstrack.me/L0/https:%2F%2Fscoalaautovlad.ro%2Fwp-inlcudes%2Fyrgftrgf%2Fkwj1Bv%2FZ3Njb3R0QHdoZWxlbi5jb20=/1/0100018b985215e0-7180c117-b50d-41a4-81a6-cea0d31ef04c-000000/3ypcYBsUPgiVZDpdx86niGXkcRo=346Get hashmaliciousUnknownBrowse
                                                                                                                • 208.80.154.224
                                                                                                                PO723-0830-01-R1.Xls.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://docshare.docshare.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://xeroxdocshare.docshare.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://download.onelaunch.com/latest/Onelaunch%20Software.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 208.80.154.224
                                                                                                                https://download.onelaunch.com/latest/Onelaunch%20Software.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 208.80.154.224
                                                                                                                PayStub-Xero038w578.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://crypt.single-sign-on.password.land/XTjJsQ09Ya3pSMnM1V2k5RFEyOVhRMWwzYzNaQ1pFcFNaUzlrTVhCNWRYWlhTbGRKVVZWNlVqZGhabTVqTlVOU1REbDJhWEF4Y0dGRldYcFpRbUYzV21saGFtdHFXVFo2VlZoNGEzaFlTMjR2YjFJMlZrOVlTQ3Q0V1VvNGNYVjRTV2hxTlc4NFEwRm5jVVY1YWs1eE1sZzVSbTlRYUc5aFdUTm5VMWhLZFcweWFrZDBaVGc1V1RKNlpWVnNNRFpyYVhwc2VXVm9ja0pNUlRSbk9UZDJTVWx3VkZGMWNDOUZSazFvYzBWNFVURkxOM2MzVHk4d09XZExORU5XVjJaa2RtdFVSRVU1ZDFWcGRFOXpPRGxzWkd0dVRtbHVSRmczUnpsdk4yNDBTVnA0YlhCVlVXcHFSRmRuZHowdExWTmtObFpsZWpWRFYyRjRkbWh0WjB0WFMwRmlZVUU5UFE9PS0tZTVlMjM2NzQ3N2YxNjk5MWQzNTMyOGZkZjMyNzJjZDIxMWNlNDZlNw==?cid=1780084960Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                e-Statement_Coquitlam October.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.153.240
                                                                                                                e-Statement_Coquitlam October.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.224
                                                                                                                e-Statement_Coquitlam October.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.224
                                                                                                                https://flowpressstudio.blogspot.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://yaazuuii.github.io/steam/Get hashmaliciousUnknownBrowse
                                                                                                                • 208.80.154.240
                                                                                                                https://msds.open.edu/signon/samsoff2.aspx?URL=https%3a%2f%2fbredenkamp.co.za%2f.home%2fauths%2f6Ed2%2flaYhB%2f%2f%2f%2fcHJpdmFjeW9mZmljZXJAcmljLm9yZw==Get hashmaliciousUnknownBrowse
                                                                                                                • 198.35.26.96
                                                                                                                https://secure.payment-gateway.microransom.us/XVFdWa1dtaG5iM1UzU0dFME0yRlBkRUV2UVZWdE5qRkRRMGhFWTBOa1pIZFlSakpvVjJGSFJVbGlORTVEWkRnMU5rMW5lbmhWUlM5aVNubFFSbkJ4Y1hOTGFqRlBVR0k0YjNoR2VrNXRUM1pZVFVaSU55dDFVbWxFYmtaTk16RlpZVkJ3VTFGRVFUQlRWelZEY25oeVZUQmhZbEZtZVRZNVUza3JlV05MVDJ0cGVEVjFaVmxSY0VKVVprczFlazh6TW1WQ01FeDVWRFZhUW5OSVkxcExiemxEVUhOWlpXTTVhekJDYkc1SU1HeFFaVWRWV0ZoNGF6TXpkVmR4YVVWRUxTMVdSMHMwVFdjdlpXRkNlSE4yY1ROUlRIRnNMM2xuUFQwPS0tNjhiMWYwNjY4YmZhYjI2MjgwYWIzNzc4MDEwMzMxNmU2NzE2ZmRhNw==?cid=1747653071Get hashmaliciousUnknownBrowse
                                                                                                                • 198.35.26.112
                                                                                                                PO723-0830-01-R1.Xls.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.112
                                                                                                                https://www.off-re.ru/.6%20c%207/pub-7/ee2ddd450d4/4963aa4c36/a91b2eb6ed/3756c746/96e672e636f6/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.96
                                                                                                                http://arr040.matrixlandline.com/#bS5tYXJ0aW5AaGVsbWl0aW4uY29tGet hashmaliciousUnknownBrowse
                                                                                                                • 198.35.26.96
                                                                                                                https://receipt1483974.cardom-ingenieria.com/Get hashmaliciousUnknownBrowse
                                                                                                                • 198.35.26.112
                                                                                                                https://scnv.io/ONN5Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 198.35.26.112
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                28a2c9bd18a11de089ef85a160da29e4Magmutual Health Insurance Benefits Open Enrollment Plan.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://bafybeihcdppg5ryhs2n3ewfp4ckzj6hyqigmxo2rik6dubkr5oou4brqoi.ipfs.dweb.link/posster1.html#exeter@guidedogs.org.ukGet hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://signinavvsamazoncom.easportingllct.online/?IjQix=FuX8sGet hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://8798464654654.rnzja.ioGet hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://de5c3805-9477-4806-bf69-1b51e8a610b1.top/Get hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://in.xero.com/5MuReANKObbI60DorfKRStD9wwBGASE5R7I7NlTP?utm_source=invoiceEmailViewInvoiceButtonGet hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://versed-deserted-magnolia.pages.dev/?csa=eiwargaffg&eci=Waldemar.Kramer@zehndergroup.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                Global Partners 401k Retirement Plan.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                Global Partners Insurance Benefits Open Enrollment.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://r20.rs6.net/tn.jsp?f=0012tqreJE6eph5wRlz3kGypk3hqAnDM7rJCqA38KCUEB7Ix7gvB0tTv4b9sI3ZwriqkAVlcXWU0b-xKUz-_kfimMQQc_bbOCm5RF7dC1zJDo3oB5SsGGFqZxwsuE1kuEVzRCZYL9HH_uZfBt6sf4d9Bg==&c=_HnGFulQBIlacMwDFnV-bEOLappfe3SeT_hRqPOotHsW_BOIJYGdRQ==&ch=6innl8VDzOWfNz6ZiScpVnecbl_qVI3laHw7iqPvTRO-6ei6XqibBA==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://url12.mailanyone.net/scanner?m=1qz1fS-0004Yn-3h&d=4%7Cmail%2F90%2F1699046400%2F1qz1fS-0004Yn-3h%7Cin12a%7C57e1b682%7C21208867%7C12850088%7C6545654636FE57E6E57961A1A15864D3&o=%2Fphta%3A%2Fstsnnmpmio-esphy.ireosapcntrm%2Fe.okaso_%2Faonlipsannsomekd_&s=DaCKk6Yup5aSac-p0fkQtpVQ_7YGet hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                file.0xad818da36c30.0xad818ca48660.ImageSectionObject.oneetx.exe.img.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://1cpcc.trk.elasticemail.com/tracking/click?d=eAaG_o9dO9qe1DS1Fv_6eTyrD7ldGqE4oV_q251yJRJNffwVCosNHPvH7EOdUMWCXzWyb62d8X2LMp-nVYdVGrBcqyGoDDDgN9lhyWByD2K7XSBhr29N9nZwZJstlzeAAstp0d8wX-WRywRAAA8Z_fs1Get hashmaliciousPhisherBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://surveys.hotjar.com/59584473-3f99-4aa1-8923-397bb827ba32Get hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://fgrammarly.com.discovertrade.shop/onesystems.com?fnewsystem.com=rp@emfa.pt&&rwavsbazbunfpepqqejbeysicgysmkokivwbjcykzlotbmxziw=9345204729840813482102576&?rilubvhgabkfgkrczkcittxme=93797579764026980334Get hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                View_Remittance10172023.htmGet hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                RFQ-10004_PTT #U30d7#U30ed#U30b8#U30a7#U30af#U30c8#U00b7pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://5aj38c.com/Rakuten/index.phpGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                http://mastermicx.online/amazon-RD292-user-card-detail-em-thank/Get hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                https://japan-aoen.shop/index.phpGet hashmaliciousUnknownBrowse
                                                                                                                • 23.1.237.25
                                                                                                                • 20.12.23.50
                                                                                                                No context
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 6 14:24:03 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2673
                                                                                                                Entropy (8bit):3.9812568445830756
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8Wxd2VTWdWlHfidAKZdA1FehwiZUklqehey+3:8WSjXty
                                                                                                                MD5:33496DB4C0D6FF3551B0503FA824FF04
                                                                                                                SHA1:32A6398B3BC1F7960F45133C5B419DE65DD3492E
                                                                                                                SHA-256:99F299A110FA77FBD910C957FB855BED1AF52C047B489AAC199477C34EBC4069
                                                                                                                SHA-512:8A9794EE7F41E221329FCEFB45F82C3A0EA94BF9AA659F6D3D63DD33CDE2E0F448AE1476D7A988D57435291800274880849B054410563F1763B81D4C146328F7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,....b.RF....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfW.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfW.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfW.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfW.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfW.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 6 14:24:03 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2675
                                                                                                                Entropy (8bit):3.9986469032631167
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:82xd2VTWdWlHfidAKZdA1seh/iZUkAQkqehdy+2:82Sjh9Q0y
                                                                                                                MD5:B09739CBF2ED7C757B10C69E941C0500
                                                                                                                SHA1:8E331BAD0ED58894FE1E43BE39EFC1D02FCE0F2D
                                                                                                                SHA-256:D36316C1B12C4725770884DFCDDCE8FC7E66C0E25C2AF7DE19D09485479FC33B
                                                                                                                SHA-512:27F63EA2E3032657960D2A332657483BCCB65E49B8761744BB577285AB0EBA9679F530C205268AA811DBC3CD2727D19A17F9CED3CEC75D265799491532770F3B
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,....".HF....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfW.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfW.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfW.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfW.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfW.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2689
                                                                                                                Entropy (8bit):4.007910547598522
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8Fd2VTWdWAHfidAKZdA14meh7sFiZUkmgqeh7s7y+BX:8mjCnRy
                                                                                                                MD5:4AA0EADAF23D90ABA23514E4B451EE18
                                                                                                                SHA1:7F5DFB618DB2DF0BC0DCE80FAE3E45B53DBB06D9
                                                                                                                SHA-256:1EAA96B4865679CE0B3AD9216097DADC5DAC4481EE0FB578528E69A95BB0CA0F
                                                                                                                SHA-512:6251949078C1569275EA2FE096C8F4137E39AE7282E88DF8C2C54BEB33A969A04B97BA04FD52E5B29F83235CE9E9EB6F94E3CD01A79115764ACF033A1122BD72
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfW.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfW.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfW.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfW.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 6 14:24:03 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2677
                                                                                                                Entropy (8bit):3.994070880657054
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8pxd2VTWdWlHfidAKZdA1TehDiZUkwqehZy+R:8pSjSjy
                                                                                                                MD5:DE47E31861D38D7EDB5321692EC76165
                                                                                                                SHA1:E30E1B2F31989DE2070D85B316B2B31C4272465A
                                                                                                                SHA-256:2EA9F3589619B75BECD1131FBD858DE73F2CF8540D6859540FC17B02367C2A4B
                                                                                                                SHA-512:0F313AE6A0D47CF8419FBA9DA67C1B5F1311475F1336A52C645154FEA6D6DD23124DA0F5162EDCEC0903DFB51E4BECB237475A4DDE9924418969AE3E1EEE7DBE
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,....SKCF....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfW.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfW.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfW.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfW.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfW.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 6 14:24:03 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2677
                                                                                                                Entropy (8bit):3.984710243314853
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8iXvxd2VTWdWlHfidAKZdA1dehBiZUk1W1qeh/y+C:8sSjC9fy
                                                                                                                MD5:1340D6C1AA3CC5B82D68ACF68C0A8E36
                                                                                                                SHA1:CFB08C616BCF49E07595A7AEA6C84EAD87381C1E
                                                                                                                SHA-256:65A441DB6028E0252E65FA861FA87ADD7742988968353B3D9878319764B038C4
                                                                                                                SHA-512:9BD76D73164078FDDE3D7CAAC27F8E59590557F20881770D1CA07ECD4E6E109007A23263E38190C638583ADF671A4A52F04F037D140291CAA1AC54695D81936F
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,....1.LF....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfW.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfW.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfW.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfW.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfW.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 6 14:24:03 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2679
                                                                                                                Entropy (8bit):3.9974360154572284
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8Qxd2VTWdWlHfidAKZdA1duTeehOuTbbiZUk5OjqehOuTbRy+yT+:8QSjYTfTbxWOvTbRy7T
                                                                                                                MD5:D03B350400FCB2160C2B1DAC37B6EEEF
                                                                                                                SHA1:84B7CB9235485453C310BB0794DAA411346D422D
                                                                                                                SHA-256:46CBBA8198F02ED34B973F53775E187F181B2C0DEC942F19FD265EBBFA508564
                                                                                                                SHA-512:5DE83494A702DB27C9973E52F028E518B7ECA21FA50532B1722C4D16ABEF5608A7B5FFC73C3A6A6649EB171A4C3B9C21D3C0E42813E85278EDB10C988FB2E855
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,.....z6F....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IfW.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfW.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfW.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfW.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfW.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Created with GIMP", progressive, precision 8, 640x400, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):18036
                                                                                                                Entropy (8bit):7.691605556136008
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:YRT0Mz5ykl/OkhnGZLrPLp94+XlOBIsk1nnvAklG1gdBWUy2ITSz:Yl0g5yKWkhQLrt2+yIsuoklJtvz
                                                                                                                MD5:A54B0B7EC6B94319CBAFD286793F2C21
                                                                                                                SHA1:996EE6617102330D0A41DC77A9BA10119624CF58
                                                                                                                SHA-256:CFFDC9F7FAF495C37C4F8F032D63C4381FA434AB564BDE7652BFB6107CADF87F
                                                                                                                SHA-512:440CC787D7C2FDF7C0CA54FE1FE4482038797BBB030199675B6DE742F6F1FEC1343426987F4913493E716352BFC8D49145BCC226C0B866E5DBE75388461D4DEB
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......JFIF.....H.H......Created with GIMP...C.....................................#...!....).!$%'('..+.+&.#&'&...C...........&...&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&.....................................................................................................Fu.k-...<...........................h.sR.Gu.....g.W..<.`.........................6<...(..%Y..ny.l....R..CP........ ....................!L..L"P...:...MA.....=.;<.4. ..........................8:8:;.`..9)NN..px..a...).J@P.fC2..............9....................@.(.........@P.....NJfjdthq"N.SP....m...N.S#..x.'.).^..fjry.L.Jnhdvtr%....N.@.F.....B..R........|..Wx.fi..[.{.4.t.........NS.U...|O.....?.D...M.^..>..[.'.%v............Yuj..y.._..kV%y.SR....`ry.......e;L.C@C..|_?...8..nz.t....Ow.....HR..S..y<?7...g.M{.}.C....:!.!.1....8}_.q..u..K....>n.h..;}?>..&s...g.9MO.v..x..C...3.5N..A..#.u!.l`...'...E.f........u....E...N^.].v...q.....i..}.S...M.@.......x.L.....k..l.^,..R.....o....s.....x.=Msa..N
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 1200 x 198, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23997
                                                                                                                Entropy (8bit):7.907235227323934
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:t8GfuV9jcmqSrSR9GU1lShD/LsaAinmB8V68B+4iSXrzSjNMJiQcgd:t8omJVbSRUU1llaAibVxXrCNYcgd
                                                                                                                MD5:F720AD0A8AA79B2EBBD49B4E93872921
                                                                                                                SHA1:4A878B192FF71EC0E291A916E2A1BF8B2C4FBDA8
                                                                                                                SHA-256:FE233D8742762B04463A2726537F0670548F13B9C350AD107CE3FEE0D5F3D922
                                                                                                                SHA-512:3CF8D6AA6C56964E5E5C7FCD2597EB944BDF4A860B4907B0353F4D3FD060C73F7E81C4E9CCD1B6F1A05A011B828879C5D903A1E3A85C2427DEB3EB5CC10A9E82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR...............y.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v....tIME......*.....\.IDATx...w.]U....Lz/.N...&5 M)bE......e/(v...........t.B..@B ..^....=2..df.>.{...<.....w....k.."""""""""""""""""".5u..c..c.......j.L.....0ur{...w0....s..................)........^j...._.&o....\..A..<...9.r5.......H1......G......9...Ss...e&.......Hy....(.'O...3:'.:'"""""""..z5............X""""""""Rh.`........H.).%""""""""...............X""""""""Rh.`........H.).%""""""""...............X""""""""Rh.`........H.).%""""""""...............X""""""""Rh.`........H.).%""""""""...............X""""""""Rh.`........H.).%""""""""...............X""""""""Rh.`........H.).%""""""""...............X""""""""Rh...""""""oef}... ........o..........:...H..`.......f........l...F.C.`.V.....K...kf.".....,..V......DDDDD.f.Y..5.6....M...<T.`...k...........DD.H.,......9f....x.p....3..gtm.....H.(.%"""""5....g.....f..U.Z]D.4.`.....HM.5...|..s.].ED*..X"".
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:RIFF (little-endian) data, Web/P image
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):11832
                                                                                                                Entropy (8bit):7.97271771037361
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:8SeBrnxzoQyyVNd8MDcpS1By204tJgQbhMHCX6SV2OSH4/jPZncxZNe0y7SlKI3K:8rBdoQ/HM+y204MQ+HzSVsH4Lhnc/408
                                                                                                                MD5:094A88C4BF3CCD448A7F621913EA67C1
                                                                                                                SHA1:4BB99CBE889CE877BF00D814DC5AA0D1C32596F3
                                                                                                                SHA-256:4EC4086BA7EB12AFA46C5C392F30EF15376AAFB91372F24EDCBC4F0CF8E1E571
                                                                                                                SHA-512:0405E8EE645ADDC5D9209900C9019A168D7389EA505DBE9E4D714132180362A111C3F25A3F7E088AA4749D42AF8C586343E49261A6E4A3F0936B902BC2267DCC
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/8/85/Microsoft_365_logo.png/1200px-Microsoft_365_logo.png
                                                                                                                Preview:RIFF0...WEBPVP8L#.../.D1.5.....?.{.....7..t.Y5i.)uB.;..7Z.j..UD#..4.F..N..").*.'.x.F.k.U.1*:>j..3....V@I...%.LT....}4.P.E..-^.#.n.q!. .T...KH@.#xo.....6.m'S6;.m..d..t..N.v........)....|.....~.....9Z./W.I.X#.:$.X#Y..ce<...2.H...$#+.I..2.....V..$YW+..H..!#..I.X...H..$#.....Y.a%IF..%YYce<..dd$.!#..+YY#.:.$c.$.n%+.I.].d.$.5.H.0.."$..f...m.......m.L....Wk&)&5'.v..Z...#..Z..0;.N....h:..;uV}.~.V......s.y..v0'v..C....:..}....wr.~...;....o.7...........2....X$..1O.......)1....-.4{.0.........;.V.V..4..?.0.f.l.....p.E..d..$L.9..v..$`6..H2../..8... a...YH.g..3W...<..l.BU.,6.}$Q...iN....4E..Ms.l6..iJU=f..>.....4F.;v..x..U.`nl...4.Jv..=.JY7..VUg.........T..X,().&7L..^g.....W...\...V.^....X...LW3y.<.j...=".....aW,.;..N.tV.`..".md..M...........%Cu..}M....L]....c.-c...(.N...WT<...uV.b..b(...Z5..+.!&.6V...l..x...25...8...g...,.].*..u..&.cL.@.^.b.kc..2`c.;.|v...ID{.t6.%1c8+..nJ..a.&...De.e@c.t.q....d..w..9.Q.bS.U1..X.[..F..ylS..-.B.q.].".+.L.K.J...L.l.8.?...{
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Created with GIMP", progressive, precision 8, 640x400, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):18036
                                                                                                                Entropy (8bit):7.691605556136008
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:YRT0Mz5ykl/OkhnGZLrPLp94+XlOBIsk1nnvAklG1gdBWUy2ITSz:Yl0g5yKWkhQLrt2+yIsuoklJtvz
                                                                                                                MD5:A54B0B7EC6B94319CBAFD286793F2C21
                                                                                                                SHA1:996EE6617102330D0A41DC77A9BA10119624CF58
                                                                                                                SHA-256:CFFDC9F7FAF495C37C4F8F032D63C4381FA434AB564BDE7652BFB6107CADF87F
                                                                                                                SHA-512:440CC787D7C2FDF7C0CA54FE1FE4482038797BBB030199675B6DE742F6F1FEC1343426987F4913493E716352BFC8D49145BCC226C0B866E5DBE75388461D4DEB
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://dfshultzblog.files.wordpress.com/2018/02/publication_spreadsheet_screenshot_blurred.jpg
                                                                                                                Preview:......JFIF.....H.H......Created with GIMP...C.....................................#...!....).!$%'('..+.+&.#&'&...C...........&...&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&.....................................................................................................Fu.k-...<...........................h.sR.Gu.....g.W..<.`.........................6<...(..%Y..ny.l....R..CP........ ....................!L..L"P...:...MA.....=.;<.4. ..........................8:8:;.`..9)NN..px..a...).J@P.fC2..............9....................@.(.........@P.....NJfjdthq"N.SP....m...N.S#..x.'.).^..fjry.L.Jnhdvtr%....N.@.F.....B..R........|..Wx.fi..[.{.4.t.........NS.U...|O.....?.D...M.^..>..[.'.%v............Yuj..y.._..kV%y.SR....`ry.......e;L.C@C..|_?...8..nz.t....Ow.....HR..S..y<?7...g.M{.}.C....:!.!.1....8}_.q..u..K....>n.h..;}?>..&s...g.9MO.v..x..C...3.5N..A..#.u!.l`...'...E.f........u....E...N^.].v...q.....i..}.S...M.@.......x.L.....k..l.^,..R.....o....s.....x.=Msa..N
                                                                                                                File type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                Entropy (8bit):4.641222205421066
                                                                                                                TrID:
                                                                                                                • HyperText Markup Language (15015/1) 24.41%
                                                                                                                • HyperText Markup Language with DOCTYPE (12503/2) 20.32%
                                                                                                                • HyperText Markup Language (11501/1) 18.69%
                                                                                                                • HyperText Markup Language (11501/1) 18.69%
                                                                                                                • HyperText Markup Language (11001/1) 17.88%
                                                                                                                File name:Remittance Advice B9623.HTML
                                                                                                                File size:2'794 bytes
                                                                                                                MD5:44a8ea27fc7849ee92442112d1f12de3
                                                                                                                SHA1:4c99958b4bcb9b89d433197f41f0d16f4b6737f1
                                                                                                                SHA256:a116b3362f5b8c0ff155e65ff314231c36beef5d620e4db28eaa3a01a71679b0
                                                                                                                SHA512:718fb3cbfe92d0ffb2f3cffa8deaf84b96ef7d0e3588193764049663fb0fd715765582b0fdb2ad2d8ace96341e3a133c4739504b1f9c46a474feeb6fd45b1434
                                                                                                                SSDEEP:48:t3QL5bF79G8LQj8H81uy3YF0OHv49rO0D2WD7cXRcwDzxg1f6aA7M:CbF7K2vv49NPG9Dzx0IM
                                                                                                                TLSH:C351421985851D4BB03392B46BB24548F78F416343024A683BED72A69FBAAD480B36DC
                                                                                                                File Content Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Login Page</title>.. <style>.. body {.. margin: 0;.. padding: 0;.
                                                                                                                Icon Hash:173149cccc490307

                                                                                                                Download Network PCAP: filteredfull

                                                                                                                • Total Packets: 144
                                                                                                                • 443 (HTTPS)
                                                                                                                • 80 (HTTP)
                                                                                                                • 53 (DNS)
                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Nov 6, 2023 16:24:01.086509943 CET4434970323.1.237.25192.168.2.16
                                                                                                                Nov 6, 2023 16:24:01.086721897 CET49703443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:02.343302965 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.343339920 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.343415022 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.343808889 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:02.343848944 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.343903065 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:02.344245911 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.344264030 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.344468117 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:02.344481945 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.442787886 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.442830086 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.442883968 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.443279028 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.443340063 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.443419933 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.443609953 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.443646908 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.443881035 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.443906069 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.508347988 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.508425951 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.508564949 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.508939028 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.508966923 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.509016991 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.509166956 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.509202003 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.509330034 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.509352922 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.684462070 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.684715986 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.684762001 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.685039043 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.685106039 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.685869932 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.685921907 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.686863899 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.686919928 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.687037945 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.687050104 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.690160036 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.690345049 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:02.690356970 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.691212893 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.691268921 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:02.691998959 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:02.692058086 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.692150116 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:02.692161083 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.730467081 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:02.746423960 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:02.771981955 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.772237062 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.772260904 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.773699999 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.773767948 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.774835110 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.774919033 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.775146961 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.775155067 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.809467077 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.809729099 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.809787989 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.810704947 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.810784101 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.810801029 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.810847998 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.811866999 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.811928988 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.812036991 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.812050104 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.825422049 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.844779968 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.845071077 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.845087051 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.846577883 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.846656084 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.846972942 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.847070932 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.857451916 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.881237984 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.881607056 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.881669998 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.882555962 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.882631063 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.882652998 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.882709026 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.882951975 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.883016109 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.889431953 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.889458895 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.936450958 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:02.936466932 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:02.936528921 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.984602928 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.001530886 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.001652956 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.001714945 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:03.002232075 CET49715443192.168.2.16142.251.33.78
                                                                                                                Nov 6, 2023 16:24:03.002252102 CET44349715142.251.33.78192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.012799025 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.012909889 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.012968063 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:03.013981104 CET49716443192.168.2.16142.251.33.109
                                                                                                                Nov 6, 2023 16:24:03.013998985 CET44349716142.251.33.109192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.067945957 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.068026066 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.068079948 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.068084002 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.068125963 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.068135023 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.068180084 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.068186998 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.109225035 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.109427929 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.109450102 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.159418106 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.201633930 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.201651096 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.201678038 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.201692104 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.201704979 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.201721907 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.201735973 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.201741934 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.201795101 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.202635050 CET49718443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.202647924 CET44349718198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.219850063 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.219909906 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.219937086 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.219960928 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.219975948 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.220024109 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.225866079 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.225987911 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.226036072 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.226275921 CET49717443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.226289988 CET44349717192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.362495899 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.362544060 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.362622023 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.362891912 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.362904072 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.390909910 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.390994072 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.391073942 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.391489029 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.391525030 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.472510099 CET804975172.21.81.240192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.472596884 CET4975180192.168.2.1672.21.81.240
                                                                                                                Nov 6, 2023 16:24:03.532059908 CET804975072.21.81.240192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.532231092 CET4975080192.168.2.1672.21.81.240
                                                                                                                Nov 6, 2023 16:24:03.699986935 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.700269938 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.700326920 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.701108932 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.701196909 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.701488972 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.701539040 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.701690912 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.701698065 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.714375019 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.714663029 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.714694977 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.716147900 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.716218948 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.716228962 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.716286898 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.717123032 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.717205048 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.717255116 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.748697042 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:03.761262894 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.764667034 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:03.764698982 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.812565088 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:04.004045963 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.004170895 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.004235983 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.004260063 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.004287958 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.004338980 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.004370928 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.004504919 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.004549980 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.004563093 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.045414925 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.045485020 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.045505047 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.094450951 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.105793953 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.105828047 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.105863094 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.105880022 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.105889082 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.105916023 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.106019020 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:04.106019020 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:04.106019020 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:04.106064081 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.155972958 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.156156063 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.156214952 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.156219959 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.156281948 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.156332016 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.158557892 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:04.161729097 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.161959887 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.162030935 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.162451982 CET49723443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:04.162482023 CET44349723192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.235713005 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.235729933 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.235760927 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.235852003 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:04.235866070 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.235925913 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:04.246248960 CET49722443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:04.246289015 CET44349722198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.446532011 CET804975572.21.81.240192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.446604967 CET4975580192.168.2.1672.21.81.240
                                                                                                                Nov 6, 2023 16:24:04.696604967 CET49673443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:04.696685076 CET49674443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:04.821472883 CET804975672.21.81.240192.168.2.16
                                                                                                                Nov 6, 2023 16:24:04.821624041 CET4975680192.168.2.1672.21.81.240
                                                                                                                Nov 6, 2023 16:24:05.094449997 CET49672443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:06.783170938 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:06.783261061 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:06.783344984 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:06.783576012 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:06.783617020 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:07.106158018 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:07.106651068 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:07.106678009 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:07.107856035 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:07.107949018 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:07.109253883 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:07.109311104 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:07.154445887 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:07.154464006 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:07.202461958 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:15.278381109 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:15.278476954 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.278588057 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:15.281342030 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:15.281371117 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.762371063 CET49703443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:15.944436073 CET4434970323.1.237.25192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.949398041 CET4434970323.1.237.25192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.949446917 CET4434970323.1.237.25192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.949484110 CET4434970323.1.237.25192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.949511051 CET49703443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:15.949522972 CET4434970323.1.237.25192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.949543953 CET49703443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:15.949579000 CET49703443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:15.960709095 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.960794926 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:15.963246107 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:15.963262081 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:15.963490963 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.006230116 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:16.463404894 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:16.509285927 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.904261112 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.904325008 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.904345036 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.904383898 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.904417992 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.904522896 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:16.904522896 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:16.904522896 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:16.904593945 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.904635906 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.904757023 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:16.905013084 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:17.120258093 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:17.120327950 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:17.120408058 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:17.272929907 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:17.272929907 CET49727443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:17.272975922 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:17.273001909 CET4434972720.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:18.456454039 CET49726443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:24:18.456487894 CET44349726142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:24:21.311950922 CET4434970323.1.237.25192.168.2.16
                                                                                                                Nov 6, 2023 16:24:21.312026978 CET49703443192.168.2.1623.1.237.25
                                                                                                                Nov 6, 2023 16:24:47.896876097 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:24:47.896893978 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:24:47.944850922 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:24:47.944875002 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:24:53.682116032 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:53.682153940 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:53.682317019 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:53.683326006 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:53.683340073 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:54.364350080 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:54.364538908 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:54.368597031 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:54.368607998 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:54.368947983 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:54.378735065 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:54.425328016 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:55.031368971 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:55.031387091 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:55.031424999 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:55.031570911 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:55.031594038 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:55.031784058 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:55.035885096 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:55.035897017 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:24:55.035926104 CET49732443192.168.2.1620.12.23.50
                                                                                                                Nov 6, 2023 16:24:55.035931110 CET4434973220.12.23.50192.168.2.16
                                                                                                                Nov 6, 2023 16:25:02.840061903 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:25:02.840135098 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:25:02.840183973 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:25:04.461405039 CET49720443192.168.2.16192.0.72.26
                                                                                                                Nov 6, 2023 16:25:04.461431980 CET44349720192.0.72.26192.168.2.16
                                                                                                                Nov 6, 2023 16:25:04.461464882 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:25:04.461581945 CET44349719198.35.26.112192.168.2.16
                                                                                                                Nov 6, 2023 16:25:04.461694002 CET49719443192.168.2.16198.35.26.112
                                                                                                                Nov 6, 2023 16:25:06.684964895 CET49734443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:25:06.685003042 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:06.685110092 CET49734443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:25:06.685400009 CET49734443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:25:06.685415030 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:07.002969027 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:07.003262043 CET49734443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:25:07.003320932 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:07.003798962 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:07.004142046 CET49734443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:25:07.004229069 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:07.050959110 CET49734443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:25:16.999592066 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:16.999650002 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:16.999934912 CET49734443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:25:18.455982924 CET49734443192.168.2.16142.251.33.100
                                                                                                                Nov 6, 2023 16:25:18.456008911 CET44349734142.251.33.100192.168.2.16
                                                                                                                Nov 6, 2023 16:25:31.788975000 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:31.789015055 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:31.789233923 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:31.789525986 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:31.789544106 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.105050087 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.105506897 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:32.105565071 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.105899096 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.106017113 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:32.106489897 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.106580019 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:32.108421087 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:32.108480930 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.108597040 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:32.108611107 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.157217979 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:32.465084076 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.465778112 CET44349737142.251.215.238192.168.2.16
                                                                                                                Nov 6, 2023 16:25:32.465864897 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:32.466015100 CET49737443192.168.2.16142.251.215.238
                                                                                                                Nov 6, 2023 16:25:32.466069937 CET44349737142.251.215.238192.168.2.16
                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Nov 6, 2023 16:24:02.187903881 CET4945853192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:02.188262939 CET5698353192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:02.189359903 CET4939653192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:02.189708948 CET6187553192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:02.214427948 CET53624861.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.279230118 CET5901953192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:02.279762030 CET5295953192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:02.280527115 CET5405153192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:02.280972958 CET5195653192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:02.341082096 CET53569831.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.342242002 CET53493961.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.342257023 CET53494581.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.342578888 CET53618751.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.431715012 CET53590191.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.434564114 CET53529591.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.437526941 CET53540511.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:02.437952995 CET53519561.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.207698107 CET53626541.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.208244085 CET5545553192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:03.208553076 CET6369553192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:03.233803988 CET5269053192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:03.234045029 CET5371953192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:03.361080885 CET53554551.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.361985922 CET53636951.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.389902115 CET53537191.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:03.390297890 CET53526901.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:06.627590895 CET5645553192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:06.627911091 CET6142253192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:24:06.781409979 CET53614221.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:06.781559944 CET53564551.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:20.308619022 CET138138192.168.2.16192.168.2.255
                                                                                                                Nov 6, 2023 16:24:20.313213110 CET53553931.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:24:39.093693972 CET53549501.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:25:02.031940937 CET53564831.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:25:02.187249899 CET53581681.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:25:30.687761068 CET53621481.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:25:31.634654045 CET5307553192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:25:31.634773970 CET6424653192.168.2.161.1.1.1
                                                                                                                Nov 6, 2023 16:25:31.787533045 CET53530751.1.1.1192.168.2.16
                                                                                                                Nov 6, 2023 16:25:31.787552118 CET53642461.1.1.1192.168.2.16
                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Nov 6, 2023 16:24:02.187903881 CET192.168.2.161.1.1.10xad94Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.188262939 CET192.168.2.161.1.1.10x6630Standard query (0)clients2.google.com65IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.189359903 CET192.168.2.161.1.1.10x5133Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.189708948 CET192.168.2.161.1.1.10x4a11Standard query (0)accounts.google.com65IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.279230118 CET192.168.2.161.1.1.10xc977Standard query (0)upload.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.279762030 CET192.168.2.161.1.1.10xe60fStandard query (0)upload.wikimedia.org65IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.280527115 CET192.168.2.161.1.1.10x153eStandard query (0)dfshultzblog.files.wordpress.comA (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.280972958 CET192.168.2.161.1.1.10xa81cStandard query (0)dfshultzblog.files.wordpress.com65IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.208244085 CET192.168.2.161.1.1.10x46a8Standard query (0)upload.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.208553076 CET192.168.2.161.1.1.10x1426Standard query (0)upload.wikimedia.org65IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.233803988 CET192.168.2.161.1.1.10x6125Standard query (0)dfshultzblog.files.wordpress.comA (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.234045029 CET192.168.2.161.1.1.10xcf16Standard query (0)dfshultzblog.files.wordpress.com65IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:06.627590895 CET192.168.2.161.1.1.10x4e80Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:06.627911091 CET192.168.2.161.1.1.10xcb97Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                Nov 6, 2023 16:25:31.634654045 CET192.168.2.161.1.1.10x151aStandard query (0)clients1.google.comA (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:25:31.634773970 CET192.168.2.161.1.1.10xf5c9Standard query (0)clients1.google.com65IN (0x0001)false
                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Nov 6, 2023 16:24:02.341082096 CET1.1.1.1192.168.2.160x6630No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.342242002 CET1.1.1.1192.168.2.160x5133No error (0)accounts.google.com142.251.33.109A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.342257023 CET1.1.1.1192.168.2.160xad94No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.342257023 CET1.1.1.1192.168.2.160xad94No error (0)clients.l.google.com142.251.33.78A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.431715012 CET1.1.1.1192.168.2.160xc977No error (0)upload.wikimedia.org198.35.26.112A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.437526941 CET1.1.1.1192.168.2.160x153eNo error (0)dfshultzblog.files.wordpress.coms6.files.wordpress.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.437526941 CET1.1.1.1192.168.2.160x153eNo error (0)s6.files.wordpress.com192.0.72.26A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.437526941 CET1.1.1.1192.168.2.160x153eNo error (0)s6.files.wordpress.com192.0.72.27A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:02.437952995 CET1.1.1.1192.168.2.160xa81cNo error (0)dfshultzblog.files.wordpress.coms6.files.wordpress.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.361080885 CET1.1.1.1192.168.2.160x46a8No error (0)upload.wikimedia.org198.35.26.112A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.389902115 CET1.1.1.1192.168.2.160xcf16No error (0)dfshultzblog.files.wordpress.coms6.files.wordpress.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.390297890 CET1.1.1.1192.168.2.160x6125No error (0)dfshultzblog.files.wordpress.coms6.files.wordpress.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.390297890 CET1.1.1.1192.168.2.160x6125No error (0)s6.files.wordpress.com192.0.72.26A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:03.390297890 CET1.1.1.1192.168.2.160x6125No error (0)s6.files.wordpress.com192.0.72.27A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:06.781409979 CET1.1.1.1192.168.2.160xcb97No error (0)www.google.com65IN (0x0001)false
                                                                                                                Nov 6, 2023 16:24:06.781559944 CET1.1.1.1192.168.2.160x4e80No error (0)www.google.com142.251.33.100A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:25:31.787533045 CET1.1.1.1192.168.2.160x151aNo error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:25:31.787533045 CET1.1.1.1192.168.2.160x151aNo error (0)clients.l.google.com142.251.215.238A (IP address)IN (0x0001)false
                                                                                                                Nov 6, 2023 16:25:31.787552118 CET1.1.1.1192.168.2.160xf5c9No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                • clients2.google.com
                                                                                                                • accounts.google.com
                                                                                                                • dfshultzblog.files.wordpress.com
                                                                                                                • upload.wikimedia.org
                                                                                                                • slscr.update.microsoft.com
                                                                                                                • clients1.google.com
                                                                                                                TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                Nov 6, 2023 16:24:15.949484110 CET23.1.237.25443192.168.2.1649703CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=USCN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=USWed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,028a2c9bd18a11de089ef85a160da29e4
                                                                                                                CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=USCN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=USWed Aug 12 02:00:00 CEST 2020Fri Jun 28 01:59:59 CEST 2024
                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                0192.168.2.1649715142.251.33.78443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:02 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                                                Host: clients2.google.com
                                                                                                                Connection: keep-alive
                                                                                                                X-Goog-Update-Interactivity: fg
                                                                                                                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                                                                                                X-Goog-Update-Updater: chromecrx-117.0.5938.132
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                1192.168.2.1649716142.251.33.109443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:02 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                                                                                Host: accounts.google.com
                                                                                                                Connection: keep-alive
                                                                                                                Content-Length: 1
                                                                                                                Origin: https://www.google.com
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
                                                                                                                2023-11-06 15:24:02 UTC1OUTData Raw: 20
                                                                                                                Data Ascii:


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                10192.0.72.26443192.168.2.1649723C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:03 UTC37INHTTP/1.1 200 OK
                                                                                                                Server: nginx
                                                                                                                Date: Mon, 06 Nov 2023 15:24:03 GMT
                                                                                                                Content-Type: image/jpeg
                                                                                                                Content-Length: 18036
                                                                                                                Connection: close
                                                                                                                Last-Modified: Sun, 04 Feb 2018 03:55:00 GMT
                                                                                                                Expires: Sat, 16 Dec 2023 13:35:53 GMT
                                                                                                                X-Orig-Src: 01_mogdir
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                Access-Control-Allow-Origin: https://dfshultzblog.wordpress.com
                                                                                                                Vary: Origin
                                                                                                                X-nc: HIT sea 26 np
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Accept-Ranges: bytes
                                                                                                                2023-11-06 15:24:03 UTC37INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff fe 00 13 43 72 65 61 74 65 64 20 77 69 74 68 20 47 49 4d 50 ff db 00 43 00 06 04 05 05 05 04 06 05 05 05 07 06 06 07 09 0f 0a 09 08 08 09 13 0d 0e 0b 0f 16 13 17 17 16 13 15 15 18 1b 23 1e 18 1a 21 1a 15 15 1e 29 1f 21 24 25 27 28 27 18 1d 2b 2e 2b 26 2e 23 26 27 26 ff db 00 43 01 06 07 07 09 08 09 12 0a 0a 12 26 19 15 19 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 ff c2 00 11 08 01 90 02 80 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 01 03 02 04 05 06 07 ff c4 00 1a 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06
                                                                                                                Data Ascii: JFIFHHCreated with GIMPC#!)!$%'('+.+&.#&'&C&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
                                                                                                                2023-11-06 15:24:03 UTC38INData Raw: f5 71 e3 ed f2 f9 12 69 14 e3 ae 7d bf 53 cd be f3 0e 4d cf 40 00 85 00 00 01 0a 08 78 fa 4c f5 9e e5 e6 ce 6b bc de 6c ee 5e 2c a0 87 52 ac ca bb 8a bc d9 a6 6f 16 02 93 b9 73 d4 ea 0b 13 b9 78 b3 3d 4d 73 61 d4 bc d9 4e 28 90 1d 1d e6 96 59 d4 b9 6a 44 b9 df 27 72 e5 a9 4e a2 c9 dc bc d9 c9 4e b4 27 72 e5 a9 63 e9 71 d8 10 a0 00 00 04 28 21 e7 ae 0f 41 d0 20 28 07 07 91 61 ea 38 32 3d 49 d8 00 c8 c8 ec e0 1a 19 14 e4 dc ec f3 94 86 86 a0 a0 02 14 00 66 62 72 7a 4e c8 50 01 0a 00 06 92 8a 40 00 05 00 10 a4 21 9a 74 bd 82 9c 94 a0 18 4d 7c fc f7 92 f6 41 67 d0 d7 9f 6b 00 87 24 29 01 4e 4a 43 b0 72 52 1d 14 14 02 02 80 0e 08 43 42 90 14 02 02 80 73 1e 2a a9 ed 58 78 ca 9b 2f 94 dd 3d 4a 00 87 26 07 21 0b d9 c9 e9 21 4a 01 e7 9b f9 78 f4 62 68 70 68 9f 5b
                                                                                                                Data Ascii: qi}SM@xLkl^,Rosx=MsaN(YjD'rNN'rcq(!A (a82=IfbrzNP@!tM|Agk$)NJCrRCBs*Xx/=J&!!Jxbhph[
                                                                                                                2023-11-06 15:24:03 UTC39INData Raw: 07 25 00 00 00 00 a0 10 14 00 72 52 80 40 50 08 0a 01 01 40 21 0e 80 04 05 00 80 a0 10 f3 fc 9f 48 13 a4 cf e8 70 ef 53 62 14 d0 cc 1d a6 ab 0c 4e 13 a3 b5 00 63 37 84 df 71 d2 8e ae 76 d7 20 00 00 01 0a 00 21 40 00 00 00 00 00 00 04 28 00 85 00 00 00 06 3f 2f d2 04 de 78 f7 f1 eb 53 d0 9b 28 00 08 0c 0e 4a 9d a8 03 09 bf 36 77 a2 e8 0b 73 b6 b9 50 00 00 02 14 00 42 80 08 50 00 00 00 42 80 08 50 01 0a 00 00 00 0f 07 e7 fd d4 17 ae 1f 63 cb a6 f3 ec 5a 01 d0 04 07 9c e0 d5 34 50 04 28 00 e6 5e 1a 01 16 bb b8 a0 02 14 00 42 80 08 50 00 00 00 42 80 08 50 01 0a 00 00 00 0f 1e 2f b4 a7 07 87 53 aa d8 c2 38 ae cf 61 a8 21 0f 39 c9 d2 74 a0 08 50 01 84 df ca c7 7e 96 03 b4 fa 5b f3 6d 60 02 14 00 42 80 08 50 00 00 00 42 80 08 50 01 0a 00 21 40 00 d7 9d a0 e2 bc
                                                                                                                Data Ascii: %rR@P@!HpSbNc7qv !@(?/xS(J6wsPBPBPcZ4P(^BPBP/S8a!9tP~[m`BPBP!@
                                                                                                                2023-11-06 15:24:03 UTC41INData Raw: f2 b8 67 eb 72 9b 8b 32 9b 18 fb 21 0f e5 f9 1e 07 d5 64 7d 56 42 fe 43 3e a3 23 c7 e6 6d e3 99 8f b3 52 0d 0f f3 4c 55 34 34 1f a3 17 4d 48 43 f9 7e 57 e3 3e b5 8b f9 6d 9f 52 cf aa 67 83 ce f2 6b 31 3a 42 0c d8 c7 d9 a9 0c ff 00 1c b3 b5 23 b5 0b c8 be 79 e7 a8 bc c8 ed 42 c9 31 a4 63 11 b1 4d 91 e7 c1 66 7d 2e 22 fe 2a 3e 99 1f 4c 8f a6 47 d2 62 7d 26 27 d2 a4 7d 32 17 f1 d1 8e 38 a3 5c 49 89 ae 26 a8 f4 44 28 8b c7 f2 3c 4b 33 e9 71 3e 93 13 e9 91 f4 c8 c3 c0 90 96 22 68 bc 31 a4 6a 85 11 b1 47 05 0d 91 b2 29 ff 00 d1 22 17 3f c6 7e d6 48 5e 44 76 9d a2 f2 d3 d3 14 36 36 43 f6 b9 cb f1 9f 85 b6 bc 39 18 f8 9d c7 f1 f1 f3 61 b0 bc 0c e9 c8 f1 e0 f1 32 4c 49 91 91 91 9a b3 56 24 34 46 46 3c 59 8e 2c 69 91 9a b3 56 47 35 66 ac 8e 3c 58 93 26 46 14 a6 7e
                                                                                                                Data Ascii: gr2!d}VBC>#mRLU44MHC~W>mRgk1:B#yB1cMf}."*>LGb}&'}28\I&D(<K3q>"h1jG)"?~H^Dv66C9a2LIV$4FF<Y,iVG5f<X&F~
                                                                                                                2023-11-06 15:24:03 UTC42INData Raw: 94 a5 29 4a 52 94 a5 29 4a 5f 86 43 6a ec 8a 9b 58 23 ad 1a 9d 68 eb 46 8b 87 f7 5a a7 5a 16 06 a6 a6 a2 fd 7f 61 d8 76 1b 9e 88 8d 52 17 90 ec 16 43 cc ec 16 57 87 ca 44 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 1d 67 59 d6 68 7a 3d 0b d9 d6 75 8b 11 f8 ce b3 1c 27 0f 94 ca 52 94 cb 38 77 0b ca 76 1d 82 cc a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4e c3 b0 ec 37 a6 a6 a6 2a 7d 86 42 09 10 84 21 9e 14 e8 17 8a 1d 67 58 b0 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 1a b3 56 6a c8 c4 62 53 64 5f 8b 1f 18 94 a5 29 4a 52 94 79 1d 88 ec 47 62 3b 11 ba 16 45 29 4a 52 94 a5 29 4a 52
                                                                                                                Data Ascii: )JR)J_CjX#hFZZavRCWD!B!B!B!B!B!B!B!BgYhz=u'R8wv)JR)JR)JR)JR)JR)JR)N7*}B!gX!B!B!B!B!B!B!BVjbSd_)JRyGb;E)JR)JR
                                                                                                                2023-11-06 15:24:03 UTC43INData Raw: 35 0d 42 e5 c7 98 ff 00 b0 64 92 49 27 d2 e0 a1 42 85 0a fa 5e 24 a2 51 2b f8 63 f4 b9 24 92 49 ff 00 10 7f ff c4 00 26 11 00 02 01 02 05 04 03 01 01 00 00 00 00 00 00 00 00 11 01 02 14 03 12 13 21 40 04 10 31 50 20 30 60 70 80 ff da 00 08 01 02 01 01 3f 01 ff 00 7b 31 c0 e0 70 38 33 40 e0 70 38 1c 0f eb 63 81 c0 e0 cc 3f 6d 8f 89 34 93 d4 d4 5d 54 5d d4 5d d4 47 55 51 73 51 73 51 3d 55 45 dd 45 1d 55 53 26 15 4e 3e ac 7c 49 a4 b9 a8 b9 a8 ba a8 bb a8 c0 ea 26 a9 29 f1 f7 d5 26 63 31 9c ce 45 43 18 c6 3f 8d 5e 38 f8 b8 59 8b 42 cc b2 82 ca 0b 32 d0 b4 2c cb 28 29 e9 22 0a 29 51 f5 62 e1 66 2d 0b 42 ce 0b 28 30 fa 6c b2 47 df 5f c6 aa f2 97 12 5c 49 73 25 cc 94 63 cc c9 4c b8 f8 4c 3e 42 ec 84 21 76 42 17 d8 bb 21 0b 81 55 26 53 29 90 c9 26 26 1c c9 a1 26
                                                                                                                Data Ascii: 5BdI'B^$Q+c$I&!@1P 0`p?{1p83@p8c?m4]T]]GUQsQsQ=UEEUS&N>|I&)&c1EC?^8YB2,()")Qbf-B(0lG_\Is%cLL>B!vB!U&S)&&&
                                                                                                                2023-11-06 15:24:04 UTC45INData Raw: b4 ca ac 51 0f 66 b0 93 91 94 6e 49 5e 9c a0 cd 0a 5e 9b 31 61 2f 62 47 a7 02 9c 95 14 a3 e9 05 b9 22 2f a1 d8 43 44 56 3a 10 85 a4 8c 42 9e c5 dc fd 88 f6 17 31 2e 08 fa 76 13 b2 5b 05 e2 62 5e c5 ee 89 37 1a a2 23 fb 0b 32 38 f0 49 c9 9f 91 c3 93 bc ec 17 d0 78 ff 00 a2 fb 1d c7 a8 c4 5f 24 82 fb 1d 83 bf 27 d8 76 99 79 1f b0 7d 24 dc 8e dc 88 8f 2c 58 18 b0 5b 87 a5 7f 61 34 e4 ee 33 f2 76 97 c9 90 22 0d 60 c4 16 58 fe 87 68 90 7d c7 68 be a7 79 49 65 8c f4 4b e4 2d e8 ea 1b 18 b4 6a f3 ad 09 79 3e a3 ea 3b 8b 4b 2c 82 08 18 a8 a8 a8 82 08 20 82 08 2a 2a 19 41 dd c0 8f 10 c7 36 aa a5 a0 53 d1 7a e9 bb 08 d8 e6 31 19 75 d4 6e 46 61 c4 5a 6a 96 9d 12 17 a2 bd 3d 03 b6 f2 a6 55 c6 4f 42 70 ca 3f 27 0e 06 f7 82 be 08 fe 1f 81 9c e0 6f 82 fc 9d 1a 2a c3 90
                                                                                                                Data Ascii: QfnI^^1a/bG"/CDV:B1.v[b^7#28Ix_$'vy}$,X[a43v"`Xh}hyIeK-jy>;K, **A6Sz1unFaZj=UOBp?'o*
                                                                                                                2023-11-06 15:24:04 UTC46INData Raw: ff 00 eb cf ff 00 fd ed fb 2b f9 3f ff 00 fd f8 7f 0e 49 42 08 96 13 a2 08 a3 d8 1c 46 91 82 5b ff 00 e8 51 45 58 b6 7b 2b cf ff 00 fd ed fb 2b 6f d7 9f ff 00 fb 2b c1 f0 c2 1b b4 8f be 1d c0 62 37 1e d3 43 c5 14 35 31 6d fa f3 ff 00 ff 00 7b 7e ca db f5 e7 ff 00 fe ca db f4 fa d4 0c 9c 88 ef 23 60 6a b4 24 bb 38 14 46 34 24 92 49 20 82 08 20 42 3b 36 99 21 92 49 24 92 49 24 92 49 24 92 48 d4 92 49 24 6a 25 24 92 49 12 92 49 24 92 49 24 92 49 24 92 48 d4 92 49 24 92 fc 89 21 06 01 e8 9f b0 bc 02 45 28 e3 92 eb c4 74 81 19 19 19 19 19 19 19 19 19 19 61 cb 91 f4 19 b9 17 d8 4d 79 29 88 c8 c8 c8 c8 c8 c8 c8 c8 c8 c8 c8 c8 c8 c6 99 19 19 19 18 d3 12 64 64 64 64 62 4c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 69 91 91 91 91 91 94 41 22 60 fd 03 a0 73 1a bd 1f
                                                                                                                Data Ascii: +?IBF[QEX{++o+b7C51m{~#`j$8F4$I B;6!I$I$I$HI$j%$II$I$I$HI$!E(taMy)ddddbLiA"`s
                                                                                                                2023-11-06 15:24:04 UTC62INData Raw: b7 ba 48 24 92 01 24 0d b6 5c 92 c4 93 22 49 04 92 09 20 23 c1 28 92 48 00 0c 00 00 00 13 52 98 00 04 92 00 00 c8 40 98 01 88 f7 86 db 00 02 40 04 39 45 2c 82 48 20 8e 49 24 92 6d fb 56 48 17 ed b9 24 e6 d3 a4 90 4e df 6a 12 64 90 09 21 92 00 60 92 48 00 0c 00 00 00 40 00 90 01 12 e4 80 00 80 01 03 6e 00 00 2f 00 e0 02 40 01 80 59 24 10 49 24 dc 00 00 00 08 00 90 01 00 00 00 00 10 00 95 b7 40 00 00 00 20 02 40 04 8b 19 4c 02 49 20 4c 00 00 00 08 00 80 01 00 00 00 00 10 01 8a 49 e0 00 00 00 20 00 40 04 b6 04 0c 80 49 04 7e 49 00 92 65 fb de 48 24 92 01 24 82 49 1f fd b9 20 12 49 04 92 09 20 f7 43 68 80 48 12 9c 00 04 00 4f 38 4e 01 00 00 08 00 10 00 20 02 00 04 80 00 20 00 40 04 59 02 4c 02 c9 04 8e 49 24 92 42 49 32 49 24 92 49 24 92 48 04 90 49 24 92 49
                                                                                                                Data Ascii: H$$\"I #(HR@@9E,H I$mVH$Njd!`H@n/@Y$I$@ @LI LI @I~IeH$$I I ChHO8N @YLI$BI2I$I$HI$I
                                                                                                                2023-11-06 15:24:04 UTC63INData Raw: 13 97 5f 98 96 8e 27 3f 3b 7a 41 05 a1 17 44 10 41 04 7a 10 54 54 3e c7 3e bf 31 32 94 a8 7d 8e 7d 34 10 b4 2e 46 d8 a5 45 45 58 42 10 84 f1 d1 45 0d 68 6e f5 e1 8d 94 50 dd 8d dd 2d e1 4a 51 3d 2d 78 c1 02 ca 28 ac 10 49 24 89 4b c4 b9 f4 ed 69 04 ba b1 c6 8a 28 a7 89 7b 66 e1 59 b9 b9 b8 db 1a f7 17 ae 43 73 73 73 71 d1 5f 56 8a 28 6a 43 db af 41 1a c2 87 23 53 ab 08 42 10 9d 59 27 02 5a 1e be bb c6 24 20 82 44 0d 5f af a2 8a 2b b3 4a 56 52 ff 00 65 d9 65 96 59 65 96 37 fc 3f 31 14 22 20 81 a8 c0 b1 49 23 9f 62 32 8a 28 8f d5 27 04 c5 14 59 45 14 58 d9 8f 7e ba d6 25 20 82 04 c1 37 f5 f0 84 27 61 a1 65 94 50 dd 8d df 5f 04 10 2d 21 23 fc 7f ba 1a be 95 f4 84 d0 fd a5 96 59 34 24 7d 29 e9 8b 0f db 80 96 87 af ae 95 28 b2 cb 1b 21 a9 eb ec a2 8a ec 73 12
                                                                                                                Data Ascii: _'?;zADAzTT>>12}}4.FEEXBEhnP-JQ=-x(I$Ki({fYCsssq_V(jCA#SBY'Z$ D_+JVReeYe7?1" I#b2('YEX~% 7'aeP_-!#Y4$})(!s
                                                                                                                2023-11-06 15:24:04 UTC65INData Raw: 58 be d3 a3 1e d1 34 d0 c6 a1 58 ec a5 0b 88 f0 33 89 70 cc 91 1d 1d c4 72 e4 ba 42 5c 92 a1 8b 01 08 0d da a1 74 40 b9 21 da 20 1c 07 a8 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 82 18 d0 92 24 21 63 42 4e c1 09 4f 84 8a a0 a4 8d 08 48 8b c8 5c 58 8b 24 5d d8 21 30 21 23 1b 76 09 1e 04 a7 60 b4 88 62 b9 a1 4b 10 f2 26 4c 80 21 3c c4 a8 9a 19 16 4b d7 70 44 4f 44 a4 63 fa 90 8a 91 3a 42 44 a0 b3 a7 81 5c c5 91 22 18 2d 45 73 42 dc 21 0b 1a 38 14 51 41 b6 a1 5a 43 5a 86 00 11 8c 3c a9 09 54 10 89 21 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 7f e0 d4 55 15 44 34 09 fe 7f ce 08 82 1b 44 93 6f d6 0b 67 d6 89 fd 82 21 7d 48 ad 9f 13 40 fb d1 b9 1b 11 b9 1b 90 9f fe 10 44 2f f2 22 08 ad bf 35 59 59 58 cc 67 0a ca ca c4 65 0e de 45 65 65 65 74 62 43 c1 8a
                                                                                                                Data Ascii: X4X3prB\t@! !B!B!B$!cBNOH\X$]!0!#v`bK&L!<KpDODc:BD\"-EsB!8QAZCZ<T!JR)JR)JR)UD4Dog!}H@D/"5YYXgeEeeetbC
                                                                                                                2023-11-06 15:24:04 UTC66INData Raw: b6 27 48 be cb ec be cc 31 8d bc af 84 a1 c7 c2 83 b0 49 88 be cb ec be c6 f3 91 35 2f b2 fb 2f b2 fb 1b de 44 fd 97 d9 7d 97 d8 df b1 77 17 d9 7d 97 d9 da 1b d9 7d 97 d9 7d 8d e7 23 7b 2f b2 fb 2f b2 fb 2e f2 5f 65 f6 5f 65 f6 37 bc 89 fb 2f b2 fb 2f b1 bd 89 fb 2f b2 fb 2f b1 8d 43 50 d4 35 07 1e b2 2a f9 41 cf 86 36 89 1c 33 0b 91 62 47 f0 0d 28 d9 93 21 82 33 e2 63 0f 22 36 b2 46 46 46 46 55 28 8c 8c 8c c7 92 5e 4d 86 c3 61 6f 26 68 8c 8c 8c 69 89 a9 19 19 19 19 54 a2 32 32 31 82 4c 8c 8c 8c 46 23 23 23 23 1b 41 19 19 19 19 45 52 32 32 32 31 b5 12 64 64 64 63 06 11 91 91 8d a0 d5 15 8a ed 66 d2 8c b3 88 c3 68 1a 96 87 20 85 51 8c 22 10 83 46 c4 96 46 47 05 71 3e c8 01 93 ea 01 0f 68 73 55 19 e6 6c 36 0d 6b 58 d2 5f a0 0c 17 d4 00 c9 f6 00 0b e8 aa fe
                                                                                                                Data Ascii: 'H1I5//D}w}}}#{//._e_e7////CP5*A63bG(!3c"6FFFFU(^Mao&hiT221LF####AER2221dddcfh Q"FFGq>hsUl6kX_
                                                                                                                2023-11-06 15:24:04 UTC67INData Raw: 46 47 48 c8 c8 c8 c6 98 93 23 23 23 20 d0 71 89 93 0d 31 9d 79 2e c3 57 92 87 5c e4 d9 8c 1a 19 b2 d0 c5 01 34 0a 7c a8 47 cc 27 a8 51 6a 86 3b 31 d9 8e c4 b6 2c 10 b1 0b 90 f7 27 a4 f4 9e 93 d2 65 3d 27 a4 f4 9e 91 3e 84 bb a2 76 27 62 76 1f 61 a6 7a 4f 49 e9 1e 91 57 c1 e9 3d 27 a4 f4 99 7c 1e 93 d2 7a 4f 49 a2 2d 27 a4 f4 9e 93 44 d1 3d 27 a4 f4 8f 48 ab e0 f4 9e 93 d2 7a 4c be 0f 49 e9 3d 27 a4 75 f0 2d 27 a4 f4 9e 91 34 70 6f 56 90 9f 09 1a d1 ad 11 f0 8c dc 0d 61 ed 48 32 b8 3d af 82 b1 48 23 26 17 50 44 c8 70 e1 8e 92 31 69 46 42 66 01 19 c0 96 f0 35 70 5f 65 f6 5f 65 f6 5d e4 be cb ec be cb ec 7e 69 8d ab 22 8c d3 73 37 31 c7 cb 18 e4 5f 65 f6 5f 63 7e c4 f7 92 fb 2f b2 fb 2f b2 ef 25 f6 5f 65 f6 5f 63 7e c4 fd 97 d9 7d 97 d8 de c6 f6 5f 65 f6 5f
                                                                                                                Data Ascii: FGH### q1y.W\4|G'Qj;1,'e='>v'bvazOIW='|zOI-'D='HzLI='u-'4poVaH2=H#&PDp1iFBf5p_e_e]~i"s71_e_c~//%_e_c~}_e_
                                                                                                                2023-11-06 15:24:04 UTC69INData Raw: b2 42 c8 db 0b 98 38 ed 51 d0 5c 70 7f 0f e1 fc 2e 47 e0 3c 86 4e 7e 3f c3 f8 7f 0f e1 e7 81 1f c3 f8 7f 06 75 07 9a 34 23 55 b3 00 df 11 a5 54 80 cf e1 fc 3f 83 e0 e4 7f 0f e1 fc 3f 85 c9 fc 3f 87 f0 fe 0f 91 70 7f 0f e1 fc f9 3f 87 f0 fe 0f 81 b2 7f 0f e1 fc 3f 87 93 f8 7f 0f e1 fc 1f 22 3f 87 f0 fe 1e 87 a1 fc 3f 87 f0 66 2c 18 30 73 c3 3a 31 62 db 11 29 b2 9e 04 92 f0 60 c1 83 06 06 f0 f8 a5 fc 70 60 c1 83 14 50 c1 83 05 14 90 e3 31 a4 63 83 15 b8 62 a8 da 63 10 86 0c 18 1c 87 23 06 0c 18 31 4c 18 30 60 72 8a 43 06 0c 10 41 83 06 07 21 14 c1 83 06 0f 26 0c 18 30 3e 45 0c 18 30 41 06 0c 18 1c 19 4f 33 06 0e 58 32 34 44 56 10 ea 26 9c 1a ad e4 c1 83 06 0c 18 1b c0 72 48 b6 6e 60 c1 83 06 28 a1 83 06 0e 60 5d 48 d4 86 df 03 48 8e 52 42 a4 a2 30 60 c0 e4
                                                                                                                Data Ascii: B8Q\p.G<N~?u4#UT???p??"??f,0s:1b)`p`P1cbc#1L0`rCA!&0>E0AO3X24DV&rHn`(`]HHRB0`


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                11198.35.26.112443192.168.2.1649722C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:04 UTC47INHTTP/1.1 200 OK
                                                                                                                date: Mon, 06 Nov 2023 14:41:15 GMT
                                                                                                                content-type: image/png
                                                                                                                content-length: 23997
                                                                                                                content-disposition: inline;filename*=UTF-8''Microsoft_365_logo.png
                                                                                                                etag: f720ad0a8aa79b2ebbd49b4e93872921
                                                                                                                last-modified: Sun, 24 Sep 2023 20:24:43 GMT
                                                                                                                server: ATS/9.1.4
                                                                                                                age: 2568
                                                                                                                x-cache: cp4051 miss, cp4051 hit/4203
                                                                                                                x-cache-status: hit-front
                                                                                                                server-timing: cache;desc="hit-front", host;desc="cp4051"
                                                                                                                strict-transport-security: max-age=106384710; includeSubDomains; preload
                                                                                                                report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
                                                                                                                nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
                                                                                                                x-client-ip: 156.146.49.168
                                                                                                                x-content-type-options: nosniff
                                                                                                                access-control-allow-origin: *
                                                                                                                access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
                                                                                                                timing-allow-origin: *
                                                                                                                accept-ranges: bytes
                                                                                                                connection: close
                                                                                                                2023-11-06 15:24:04 UTC48INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 00 c6 08 06 00 00 00 c2 15 79 00 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 00 00 00 00 00 f9 43 bb 7f 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 00 07 74 49 4d 45 07 e7 09 18 14 18 2a 1d a7 c6 b8 00 00 5c 87 49 44 41 54 78 da ed dd 77 98 5d 55 d5 c7 f1 ef 4c 7a 2f 90 4e 0d bd f7 26 35 20 20 4d 29 62 45 14 0b 16 d4 f7 95 65 2f 28 76 d1 ad bc 8a 82 0d 05 01 11 a5 89 f4 8e 74 10 42 09 a4 40 42 20 9d f4 5e a6 bc 7f ac 3d 32 84 c9 64 66 ee 3e e7 9e 7b ef ef f3 3c f3 00 9a 9c b9 77 9f b6 f7 da 6b af 0d 22 22
                                                                                                                Data Ascii: PNGIHDRygAMAa cHRMz&u0`:pQ<bKGDCpHYs.#.#x?vtIME*\IDATxw]ULz/N&5 M)bEe/(vtB@B ^=2df>{<wk""
                                                                                                                2023-11-06 15:24:04 UTC69INData Raw: 1b 48 da ba 11 cd 71 10 a9 c0 63 d7 06 b4 e5 58 76 37 9a b4 59 1b ab c9 b7 b8 6e a9 16 65 d0 ee c3 e9 44 00 2b 2e 21 b8 10 5f 0a 5e 6e 7d 81 63 f1 2c 86 2b cc ec 3d 5d cc c6 dd 98 01 89 af bb 26 72 de c1 33 c1 60 25 75 e0 b4 0e 65 60 49 8d 0b 21 ac 0b 21 b4 d4 16 fc 13 d9 64 f2 8f 01 3e 62 66 5d e9 ef 66 d5 3f ba 9b ec 96 a0 75 e5 f9 76 1b b0 24 e1 61 7b 00 a3 2b a0 88 7e 29 ed d6 80 67 64 df 90 c1 75 32 08 d8 b1 75 21 7c 05 b0 44 a4 10 2f 6d 7c 26 ff f5 44 87 3c 3e be a4 3b 6a 1f e0 c0 04 bf 77 01 70 93 82 20 b9 e8 8f 07 b1 52 59 4a 05 6f 73 5c 66 2b c9 6e 69 41 7b fa 90 76 0b e7 b5 94 27 93 ac ab 1a 49 bf 63 52 a7 fb 85 21 84 49 f8 0e 5b 45 a9 e1 d4 1b 5f 2a f3 67 e0 f7 66 76 a4 99 a5 dc b4 68 30 a5 4f 76 ac 7f 1e 2b ed d9 f3 3a 69 b3 55 7b e0 75 b0 44
                                                                                                                Data Ascii: HqcXv7YneD+.!_^n}c,+=]&r3`%ue`I!!d>bf]f?uv$a{+~)gdu2u!|D/m|&D<>;jwp RYJos\f+niA{v'IcR!I[E_*gfvh0Ov+:iU{uD


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                12192.168.2.164972720.12.23.50443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:16 UTC79OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BBWLTLTxOmoX+Lx&MD=CN9uEAYM HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                2023-11-06 15:24:16 UTC79INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Expires: -1
                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                MS-CorrelationId: 4ca572ce-083b-44b8-8f0c-9972921529ab
                                                                                                                MS-RequestId: 51e9f7b3-3404-4674-834f-474ec9ef20ad
                                                                                                                MS-CV: H3xpO+mgEke08gSE.0
                                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Mon, 06 Nov 2023 15:24:16 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 24490
                                                                                                                2023-11-06 15:24:16 UTC80INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                2023-11-06 15:24:16 UTC95INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                13192.168.2.164973220.12.23.50443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:54 UTC104OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BBWLTLTxOmoX+Lx&MD=CN9uEAYM HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                2023-11-06 15:24:55 UTC104INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Expires: -1
                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                MS-CorrelationId: f03be348-a235-4bc2-833a-c9fb73ad5ba4
                                                                                                                MS-RequestId: c8967986-fcdb-4c88-a0ff-6accc9e25c91
                                                                                                                MS-CV: Ldd2sgBQZU+suhbT.0
                                                                                                                X-Microsoft-SLSClientCache: 2160
                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Mon, 06 Nov 2023 15:24:54 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 25457
                                                                                                                2023-11-06 15:24:55 UTC105INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                2023-11-06 15:24:55 UTC120INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                14192.168.2.1649737142.251.215.238443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:25:32 UTC130OUTGET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000084A5C6CB58 HTTP/1.1
                                                                                                                Host: clients1.google.com
                                                                                                                Connection: keep-alive
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept-Encoding: gzip, deflate, br


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                15142.251.215.238443192.168.2.1649737C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:25:32 UTC130INHTTP/1.1 200 OK
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Wt-WYmQB3ipRSKOHwIoSFA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Y7s5Bu_LjAPPKHQOvWgePA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                Content-Length: 220
                                                                                                                Date: Mon, 06 Nov 2023 15:25:32 GMT
                                                                                                                Expires: Mon, 06 Nov 2023 15:25:32 GMT
                                                                                                                Cache-Control: private, max-age=0
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                Server: GSE
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close
                                                                                                                2023-11-06 15:25:32 UTC131INData Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 38 33 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 38 33 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 38 33 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 38 33 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 38 33 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 38 33 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 36 30 63 63 30 34 32 32 0a
                                                                                                                Data Ascii: rlzC1: 1C1ONGR_enUS1083rlzC2: 1C2ONGR_enUS1083rlzC7: 1C7ONGR_enUS1083dcc: set_dcc: C1:1C1ONGR_enUS1083,C2:1C2ONGR_enUS1083,C7:1C7ONGR_enUS1083events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: 60cc0422


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                2192.168.2.1649717192.0.72.26443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:02 UTC1OUTGET /2018/02/publication_spreadsheet_screenshot_blurred.jpg HTTP/1.1
                                                                                                                Host: dfshultzblog.files.wordpress.com
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                3192.168.2.1649718198.35.26.112443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:02 UTC1OUTGET /wikipedia/commons/thumb/8/85/Microsoft_365_logo.png/1200px-Microsoft_365_logo.png HTTP/1.1
                                                                                                                Host: upload.wikimedia.org
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                4142.251.33.78443192.168.2.1649715C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:02 UTC2INHTTP/1.1 200 OK
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-scTncFfD9SbVe4tqrZ0Qew' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 06 Nov 2023 15:24:02 GMT
                                                                                                                Content-Type: text/xml; charset=UTF-8
                                                                                                                X-Daynum: 6153
                                                                                                                X-Daystart: 26642
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                Server: GSE
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Accept-Ranges: none
                                                                                                                Vary: Accept-Encoding
                                                                                                                Connection: close
                                                                                                                Transfer-Encoding: chunked
                                                                                                                2023-11-06 15:24:02 UTC3INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 35 33 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 36 36 34 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                                                Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6153" elapsed_seconds="26642"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                                                2023-11-06 15:24:02 UTC3INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                                                                                                                Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                                                                                                                2023-11-06 15:24:02 UTC4INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                5142.251.33.109443192.168.2.1649716C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:03 UTC4INHTTP/1.1 200 OK
                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                Access-Control-Allow-Origin: https://www.google.com
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                Date: Mon, 06 Nov 2023 15:24:02 GMT
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-7IhrhGiW_cHqiP5Cfxbhkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                Server: ESF
                                                                                                                X-XSS-Protection: 0
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Accept-Ranges: none
                                                                                                                Vary: Accept-Encoding
                                                                                                                Connection: close
                                                                                                                Transfer-Encoding: chunked
                                                                                                                2023-11-06 15:24:03 UTC5INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                                                                                Data Ascii: 11["gaia.l.a.r",[]]
                                                                                                                2023-11-06 15:24:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                6192.0.72.26443192.168.2.1649717C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:03 UTC5INHTTP/1.1 200 OK
                                                                                                                Server: nginx
                                                                                                                Date: Mon, 06 Nov 2023 15:24:02 GMT
                                                                                                                Content-Type: image/jpeg
                                                                                                                Content-Length: 18036
                                                                                                                Connection: close
                                                                                                                Last-Modified: Sun, 04 Feb 2018 03:55:00 GMT
                                                                                                                Expires: Thu, 30 Nov 2023 14:59:05 GMT
                                                                                                                X-Orig-Src: 01_mogdir
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                Access-Control-Allow-Origin: https://dfshultzblog.wordpress.com
                                                                                                                Vary: Origin
                                                                                                                X-nc: HIT sea 26 np
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Accept-Ranges: bytes
                                                                                                                2023-11-06 15:24:03 UTC6INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff fe 00 13 43 72 65 61 74 65 64 20 77 69 74 68 20 47 49 4d 50 ff db 00 43 00 06 04 05 05 05 04 06 05 05 05 07 06 06 07 09 0f 0a 09 08 08 09 13 0d 0e 0b 0f 16 13 17 17 16 13 15 15 18 1b 23 1e 18 1a 21 1a 15 15 1e 29 1f 21 24 25 27 28 27 18 1d 2b 2e 2b 26 2e 23 26 27 26 ff db 00 43 01 06 07 07 09 08 09 12 0a 0a 12 26 19 15 19 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 ff c2 00 11 08 01 90 02 80 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 01 03 02 04 05 06 07 ff c4 00 1a 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06
                                                                                                                Data Ascii: JFIFHHCreated with GIMPC#!)!$%'('+.+&.#&'&C&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
                                                                                                                2023-11-06 15:24:03 UTC6INData Raw: f5 71 e3 ed f2 f9 12 69 14 e3 ae 7d bf 53 cd be f3 0e 4d cf 40 00 85 00 00 01 0a 08 78 fa 4c f5 9e e5 e6 ce 6b bc de 6c ee 5e 2c a0 87 52 ac ca bb 8a bc d9 a6 6f 16 02 93 b9 73 d4 ea 0b 13 b9 78 b3 3d 4d 73 61 d4 bc d9 4e 28 90 1d 1d e6 96 59 d4 b9 6a 44 b9 df 27 72 e5 a9 4e a2 c9 dc bc d9 c9 4e b4 27 72 e5 a9 63 e9 71 d8 10 a0 00 00 04 28 21 e7 ae 0f 41 d0 20 28 07 07 91 61 ea 38 32 3d 49 d8 00 c8 c8 ec e0 1a 19 14 e4 dc ec f3 94 86 86 a0 a0 02 14 00 66 62 72 7a 4e c8 50 01 0a 00 06 92 8a 40 00 05 00 10 a4 21 9a 74 bd 82 9c 94 a0 18 4d 7c fc f7 92 f6 41 67 d0 d7 9f 6b 00 87 24 29 01 4e 4a 43 b0 72 52 1d 14 14 02 02 80 0e 08 43 42 90 14 02 02 80 73 1e 2a a9 ed 58 78 ca 9b 2f 94 dd 3d 4a 00 87 26 07 21 0b d9 c9 e9 21 4a 01 e7 9b f9 78 f4 62 68 70 68 9f 5b
                                                                                                                Data Ascii: qi}SM@xLkl^,Rosx=MsaN(YjD'rNN'rcq(!A (a82=IfbrzNP@!tM|Agk$)NJCrRCBs*Xx/=J&!!Jxbhph[
                                                                                                                2023-11-06 15:24:03 UTC8INData Raw: 07 25 00 00 00 00 a0 10 14 00 72 52 80 40 50 08 0a 01 01 40 21 0e 80 04 05 00 80 a0 10 f3 fc 9f 48 13 a4 cf e8 70 ef 53 62 14 d0 cc 1d a6 ab 0c 4e 13 a3 b5 00 63 37 84 df 71 d2 8e ae 76 d7 20 00 00 01 0a 00 21 40 00 00 00 00 00 00 04 28 00 85 00 00 00 06 3f 2f d2 04 de 78 f7 f1 eb 53 d0 9b 28 00 08 0c 0e 4a 9d a8 03 09 bf 36 77 a2 e8 0b 73 b6 b9 50 00 00 02 14 00 42 80 08 50 00 00 00 42 80 08 50 01 0a 00 00 00 0f 07 e7 fd d4 17 ae 1f 63 cb a6 f3 ec 5a 01 d0 04 07 9c e0 d5 34 50 04 28 00 e6 5e 1a 01 16 bb b8 a0 02 14 00 42 80 08 50 00 00 00 42 80 08 50 01 0a 00 00 00 0f 1e 2f b4 a7 07 87 53 aa d8 c2 38 ae cf 61 a8 21 0f 39 c9 d2 74 a0 08 50 01 84 df ca c7 7e 96 03 b4 fa 5b f3 6d 60 02 14 00 42 80 08 50 00 00 00 42 80 08 50 01 0a 00 21 40 00 d7 9d a0 e2 bc
                                                                                                                Data Ascii: %rR@P@!HpSbNc7qv !@(?/xS(J6wsPBPBPcZ4P(^BPBP/S8a!9tP~[m`BPBP!@
                                                                                                                2023-11-06 15:24:03 UTC9INData Raw: f2 b8 67 eb 72 9b 8b 32 9b 18 fb 21 0f e5 f9 1e 07 d5 64 7d 56 42 fe 43 3e a3 23 c7 e6 6d e3 99 8f b3 52 0d 0f f3 4c 55 34 34 1f a3 17 4d 48 43 f9 7e 57 e3 3e b5 8b f9 6d 9f 52 cf aa 67 83 ce f2 6b 31 3a 42 0c d8 c7 d9 a9 0c ff 00 1c b3 b5 23 b5 0b c8 be 79 e7 a8 bc c8 ed 42 c9 31 a4 63 11 b1 4d 91 e7 c1 66 7d 2e 22 fe 2a 3e 99 1f 4c 8f a6 47 d2 62 7d 26 27 d2 a4 7d 32 17 f1 d1 8e 38 a3 5c 49 89 ae 26 a8 f4 44 28 8b c7 f2 3c 4b 33 e9 71 3e 93 13 e9 91 f4 c8 c3 c0 90 96 22 68 bc 31 a4 6a 85 11 b1 47 05 0d 91 b2 29 ff 00 d1 22 17 3f c6 7e d6 48 5e 44 76 9d a2 f2 d3 d3 14 36 36 43 f6 b9 cb f1 9f 85 b6 bc 39 18 f8 9d c7 f1 f1 f3 61 b0 bc 0c e9 c8 f1 e0 f1 32 4c 49 91 91 91 9a b3 56 24 34 46 46 3c 59 8e 2c 69 91 9a b3 56 47 35 66 ac 8e 3c 58 93 26 46 14 a6 7e
                                                                                                                Data Ascii: gr2!d}VBC>#mRLU44MHC~W>mRgk1:B#yB1cMf}."*>LGb}&'}28\I&D(<K3q>"h1jG)"?~H^Dv66C9a2LIV$4FF<Y,iVG5f<X&F~
                                                                                                                2023-11-06 15:24:03 UTC10INData Raw: 94 a5 29 4a 52 94 a5 29 4a 5f 86 43 6a ec 8a 9b 58 23 ad 1a 9d 68 eb 46 8b 87 f7 5a a7 5a 16 06 a6 a6 a2 fd 7f 61 d8 76 1b 9e 88 8d 52 17 90 ec 16 43 cc ec 16 57 87 ca 44 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 1d 67 59 d6 68 7a 3d 0b d9 d6 75 8b 11 f8 ce b3 1c 27 0f 94 ca 52 94 cb 38 77 0b ca 76 1d 82 cc a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 4e c3 b0 ec 37 a6 a6 a6 2a 7d 86 42 09 10 84 21 9e 14 e8 17 8a 1d 67 58 b0 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 84 21 08 42 1a b3 56 6a c8 c4 62 53 64 5f 8b 1f 18 94 a5 29 4a 52 94 79 1d 88 ec 47 62 3b 11 ba 16 45 29 4a 52 94 a5 29 4a 52
                                                                                                                Data Ascii: )JR)J_CjX#hFZZavRCWD!B!B!B!B!B!B!B!BgYhz=u'R8wv)JR)JR)JR)JR)JR)JR)N7*}B!gX!B!B!B!B!B!B!BVjbSd_)JRyGb;E)JR)JR
                                                                                                                2023-11-06 15:24:03 UTC12INData Raw: 35 0d 42 e5 c7 98 ff 00 b0 64 92 49 27 d2 e0 a1 42 85 0a fa 5e 24 a2 51 2b f8 63 f4 b9 24 92 49 ff 00 10 7f ff c4 00 26 11 00 02 01 02 05 04 03 01 01 00 00 00 00 00 00 00 00 11 01 02 14 03 12 13 21 40 04 10 31 50 20 30 60 70 80 ff da 00 08 01 02 01 01 3f 01 ff 00 7b 31 c0 e0 70 38 33 40 e0 70 38 1c 0f eb 63 81 c0 e0 cc 3f 6d 8f 89 34 93 d4 d4 5d 54 5d d4 5d d4 47 55 51 73 51 73 51 3d 55 45 dd 45 1d 55 53 26 15 4e 3e ac 7c 49 a4 b9 a8 b9 a8 ba a8 bb a8 c0 ea 26 a9 29 f1 f7 d5 26 63 31 9c ce 45 43 18 c6 3f 8d 5e 38 f8 b8 59 8b 42 cc b2 82 ca 0b 32 d0 b4 2c cb 28 29 e9 22 0a 29 51 f5 62 e1 66 2d 0b 42 ce 0b 28 30 fa 6c b2 47 df 5f c6 aa f2 97 12 5c 49 73 25 cc 94 63 cc c9 4c b8 f8 4c 3e 42 ec 84 21 76 42 17 d8 bb 21 0b 81 55 26 53 29 90 c9 26 26 1c c9 a1 26
                                                                                                                Data Ascii: 5BdI'B^$Q+c$I&!@1P 0`p?{1p83@p8c?m4]T]]GUQsQsQ=UEEUS&N>|I&)&c1EC?^8YB2,()")Qbf-B(0lG_\Is%cLL>B!vB!U&S)&&&
                                                                                                                2023-11-06 15:24:03 UTC13INData Raw: b4 ca ac 51 0f 66 b0 93 91 94 6e 49 5e 9c a0 cd 0a 5e 9b 31 61 2f 62 47 a7 02 9c 95 14 a3 e9 05 b9 22 2f a1 d8 43 44 56 3a 10 85 a4 8c 42 9e c5 dc fd 88 f6 17 31 2e 08 fa 76 13 b2 5b 05 e2 62 5e c5 ee 89 37 1a a2 23 fb 0b 32 38 f0 49 c9 9f 91 c3 93 bc ec 17 d0 78 ff 00 a2 fb 1d c7 a8 c4 5f 24 82 fb 1d 83 bf 27 d8 76 99 79 1f b0 7d 24 dc 8e dc 88 8f 2c 58 18 b0 5b 87 a5 7f 61 34 e4 ee 33 f2 76 97 c9 90 22 0d 60 c4 16 58 fe 87 68 90 7d c7 68 be a7 79 49 65 8c f4 4b e4 2d e8 ea 1b 18 b4 6a f3 ad 09 79 3e a3 ea 3b 8b 4b 2c 82 08 18 a8 a8 a8 82 08 20 82 08 2a 2a 19 41 dd c0 8f 10 c7 36 aa a5 a0 53 d1 7a e9 bb 08 d8 e6 31 19 75 d4 6e 46 61 c4 5a 6a 96 9d 12 17 a2 bd 3d 03 b6 f2 a6 55 c6 4f 42 70 ca 3f 27 0e 06 f7 82 be 08 fe 1f 81 9c e0 6f 82 fc 9d 1a 2a c3 90
                                                                                                                Data Ascii: QfnI^^1a/bG"/CDV:B1.v[b^7#28Ix_$'vy}$,X[a43v"`Xh}hyIeK-jy>;K, **A6Sz1unFaZj=UOBp?'o*
                                                                                                                2023-11-06 15:24:03 UTC15INData Raw: ff 00 eb cf ff 00 fd ed fb 2b f9 3f ff 00 fd f8 7f 0e 49 42 08 96 13 a2 08 a3 d8 1c 46 91 82 5b ff 00 e8 51 45 58 b6 7b 2b cf ff 00 fd ed fb 2b 6f d7 9f ff 00 fb 2b c1 f0 c2 1b b4 8f be 1d c0 62 37 1e d3 43 c5 14 35 31 6d fa f3 ff 00 ff 00 7b 7e ca db f5 e7 ff 00 fe ca db f4 fa d4 0c 9c 88 ef 23 60 6a b4 24 bb 38 14 46 34 24 92 49 20 82 08 20 42 3b 36 99 21 92 49 24 92 49 24 92 49 24 92 48 d4 92 49 24 6a 25 24 92 49 12 92 49 24 92 49 24 92 49 24 92 48 d4 92 49 24 92 fc 89 21 06 01 e8 9f b0 bc 02 45 28 e3 92 eb c4 74 81 19 19 19 19 19 19 19 19 19 19 61 cb 91 f4 19 b9 17 d8 4d 79 29 88 c8 c8 c8 c8 c8 c8 c8 c8 c8 c8 c8 c8 c8 c6 99 19 19 19 18 d3 12 64 64 64 64 62 4c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 8c 69 91 91 91 91 91 94 41 22 60 fd 03 a0 73 1a bd 1f
                                                                                                                Data Ascii: +?IBF[QEX{++o+b7C51m{~#`j$8F4$I B;6!I$I$I$HI$j%$II$I$I$HI$!E(taMy)ddddbLiA"`s
                                                                                                                2023-11-06 15:24:03 UTC28INData Raw: b7 ba 48 24 92 01 24 0d b6 5c 92 c4 93 22 49 04 92 09 20 23 c1 28 92 48 00 0c 00 00 00 13 52 98 00 04 92 00 00 c8 40 98 01 88 f7 86 db 00 02 40 04 39 45 2c 82 48 20 8e 49 24 92 6d fb 56 48 17 ed b9 24 e6 d3 a4 90 4e df 6a 12 64 90 09 21 92 00 60 92 48 00 0c 00 00 00 40 00 90 01 12 e4 80 00 80 01 03 6e 00 00 2f 00 e0 02 40 01 80 59 24 10 49 24 dc 00 00 00 08 00 90 01 00 00 00 00 10 00 95 b7 40 00 00 00 20 02 40 04 8b 19 4c 02 49 20 4c 00 00 00 08 00 80 01 00 00 00 00 10 01 8a 49 e0 00 00 00 20 00 40 04 b6 04 0c 80 49 04 7e 49 00 92 65 fb de 48 24 92 01 24 82 49 1f fd b9 20 12 49 04 92 09 20 f7 43 68 80 48 12 9c 00 04 00 4f 38 4e 01 00 00 08 00 10 00 20 02 00 04 80 00 20 00 40 04 59 02 4c 02 c9 04 8e 49 24 92 42 49 32 49 24 92 49 24 92 48 04 90 49 24 92 49
                                                                                                                Data Ascii: H$$\"I #(HR@@9E,H I$mVH$Njd!`H@n/@Y$I$@ @LI LI @I~IeH$$I I ChHO8N @YLI$BI2I$I$HI$I
                                                                                                                2023-11-06 15:24:03 UTC30INData Raw: 13 97 5f 98 96 8e 27 3f 3b 7a 41 05 a1 17 44 10 41 04 7a 10 54 54 3e c7 3e bf 31 32 94 a8 7d 8e 7d 34 10 b4 2e 46 d8 a5 45 45 58 42 10 84 f1 d1 45 0d 68 6e f5 e1 8d 94 50 dd 8d dd 2d e1 4a 51 3d 2d 78 c1 02 ca 28 ac 10 49 24 89 4b c4 b9 f4 ed 69 04 ba b1 c6 8a 28 a7 89 7b 66 e1 59 b9 b9 b8 db 1a f7 17 ae 43 73 73 73 71 d1 5f 56 8a 28 6a 43 db af 41 1a c2 87 23 53 ab 08 42 10 9d 59 27 02 5a 1e be bb c6 24 20 82 44 0d 5f af a2 8a 2b b3 4a 56 52 ff 00 65 d9 65 96 59 65 96 37 fc 3f 31 14 22 20 81 a8 c0 b1 49 23 9f 62 32 8a 28 8f d5 27 04 c5 14 59 45 14 58 d9 8f 7e ba d6 25 20 82 04 c1 37 f5 f0 84 27 61 a1 65 94 50 dd 8d df 5f 04 10 2d 21 23 fc 7f ba 1a be 95 f4 84 d0 fd a5 96 59 34 24 7d 29 e9 8b 0f db 80 96 87 af ae 95 28 b2 cb 1b 21 a9 eb ec a2 8a ec 73 12
                                                                                                                Data Ascii: _'?;zADAzTT>>12}}4.FEEXBEhnP-JQ=-x(I$Ki({fYCsssq_V(jCA#SBY'Z$ D_+JVReeYe7?1" I#b2('YEX~% 7'aeP_-!#Y4$})(!s
                                                                                                                2023-11-06 15:24:03 UTC31INData Raw: 58 be d3 a3 1e d1 34 d0 c6 a1 58 ec a5 0b 88 f0 33 89 70 cc 91 1d 1d c4 72 e4 ba 42 5c 92 a1 8b 01 08 0d da a1 74 40 b9 21 da 20 1c 07 a8 84 21 08 42 10 84 21 08 42 10 84 21 08 42 10 82 18 d0 92 24 21 63 42 4e c1 09 4f 84 8a a0 a4 8d 08 48 8b c8 5c 58 8b 24 5d d8 21 30 21 23 1b 76 09 1e 04 a7 60 b4 88 62 b9 a1 4b 10 f2 26 4c 80 21 3c c4 a8 9a 19 16 4b d7 70 44 4f 44 a4 63 fa 90 8a 91 3a 42 44 a0 b3 a7 81 5c c5 91 22 18 2d 45 73 42 dc 21 0b 1a 38 14 51 41 b6 a1 5a 43 5a 86 00 11 8c 3c a9 09 54 10 89 21 4a 52 94 a5 29 4a 52 94 a5 29 4a 52 94 a5 29 7f e0 d4 55 15 44 34 09 fe 7f ce 08 82 1b 44 93 6f d6 0b 67 d6 89 fd 82 21 7d 48 ad 9f 13 40 fb d1 b9 1b 11 b9 1b 90 9f fe 10 44 2f f2 22 08 ad bf 35 59 59 58 cc 67 0a ca ca c4 65 0e de 45 65 65 65 74 62 43 c1 8a
                                                                                                                Data Ascii: X4X3prB\t@! !B!B!B$!cBNOH\X$]!0!#v`bK&L!<KpDODc:BD\"-EsB!8QAZCZ<T!JR)JR)JR)UD4Dog!}H@D/"5YYXgeEeeetbC
                                                                                                                2023-11-06 15:24:03 UTC32INData Raw: b6 27 48 be cb ec be cc 31 8d bc af 84 a1 c7 c2 83 b0 49 88 be cb ec be c6 f3 91 35 2f b2 fb 2f b2 fb 1b de 44 fd 97 d9 7d 97 d8 df b1 77 17 d9 7d 97 d9 da 1b d9 7d 97 d9 7d 8d e7 23 7b 2f b2 fb 2f b2 fb 2e f2 5f 65 f6 5f 65 f6 37 bc 89 fb 2f b2 fb 2f b1 bd 89 fb 2f b2 fb 2f b1 8d 43 50 d4 35 07 1e b2 2a f9 41 cf 86 36 89 1c 33 0b 91 62 47 f0 0d 28 d9 93 21 82 33 e2 63 0f 22 36 b2 46 46 46 46 55 28 8c 8c 8c c7 92 5e 4d 86 c3 61 6f 26 68 8c 8c 8c 69 89 a9 19 19 19 19 54 a2 32 32 31 82 4c 8c 8c 8c 46 23 23 23 23 1b 41 19 19 19 19 45 52 32 32 32 31 b5 12 64 64 64 63 06 11 91 91 8d a0 d5 15 8a ed 66 d2 8c b3 88 c3 68 1a 96 87 20 85 51 8c 22 10 83 46 c4 96 46 47 05 71 3e c8 01 93 ea 01 0f 68 73 55 19 e6 6c 36 0d 6b 58 d2 5f a0 0c 17 d4 00 c9 f6 00 0b e8 aa fe
                                                                                                                Data Ascii: 'H1I5//D}w}}}#{//._e_e7////CP5*A63bG(!3c"6FFFFU(^Mao&hiT221LF####AER2221dddcfh Q"FFGq>hsUl6kX_
                                                                                                                2023-11-06 15:24:03 UTC34INData Raw: 46 47 48 c8 c8 c8 c6 98 93 23 23 23 20 d0 71 89 93 0d 31 9d 79 2e c3 57 92 87 5c e4 d9 8c 1a 19 b2 d0 c5 01 34 0a 7c a8 47 cc 27 a8 51 6a 86 3b 31 d9 8e c4 b6 2c 10 b1 0b 90 f7 27 a4 f4 9e 93 d2 65 3d 27 a4 f4 9e 91 3e 84 bb a2 76 27 62 76 1f 61 a6 7a 4f 49 e9 1e 91 57 c1 e9 3d 27 a4 f4 99 7c 1e 93 d2 7a 4f 49 a2 2d 27 a4 f4 9e 93 44 d1 3d 27 a4 f4 8f 48 ab e0 f4 9e 93 d2 7a 4c be 0f 49 e9 3d 27 a4 75 f0 2d 27 a4 f4 9e 91 34 70 6f 56 90 9f 09 1a d1 ad 11 f0 8c dc 0d 61 ed 48 32 b8 3d af 82 b1 48 23 26 17 50 44 c8 70 e1 8e 92 31 69 46 42 66 01 19 c0 96 f0 35 70 5f 65 f6 5f 65 f6 5d e4 be cb ec be cb ec 7e 69 8d ab 22 8c d3 73 37 31 c7 cb 18 e4 5f 65 f6 5f 63 7e c4 f7 92 fb 2f b2 fb 2f b2 ef 25 f6 5f 65 f6 5f 63 7e c4 fd 97 d9 7d 97 d8 de c6 f6 5f 65 f6 5f
                                                                                                                Data Ascii: FGH### q1y.W\4|G'Qj;1,'e='>v'bvazOIW='|zOI-'D='HzLI='u-'4poVaH2=H#&PDp1iFBf5p_e_e]~i"s71_e_c~//%_e_c~}_e_
                                                                                                                2023-11-06 15:24:03 UTC35INData Raw: b2 42 c8 db 0b 98 38 ed 51 d0 5c 70 7f 0f e1 fc 2e 47 e0 3c 86 4e 7e 3f c3 f8 7f 0f e1 e7 81 1f c3 f8 7f 06 75 07 9a 34 23 55 b3 00 df 11 a5 54 80 cf e1 fc 3f 83 e0 e4 7f 0f e1 fc 3f 85 c9 fc 3f 87 f0 fe 0f 91 70 7f 0f e1 fc f9 3f 87 f0 fe 0f 81 b2 7f 0f e1 fc 3f 87 93 f8 7f 0f e1 fc 1f 22 3f 87 f0 fe 1e 87 a1 fc 3f 87 f0 66 2c 18 30 73 c3 3a 31 62 db 11 29 b2 9e 04 92 f0 60 c1 83 06 06 f0 f8 a5 fc 70 60 c1 83 14 50 c1 83 05 14 90 e3 31 a4 63 83 15 b8 62 a8 da 63 10 86 0c 18 1c 87 23 06 0c 18 31 4c 18 30 60 72 8a 43 06 0c 10 41 83 06 07 21 14 c1 83 06 0f 26 0c 18 30 3e 45 0c 18 30 41 06 0c 18 1c 19 4f 33 06 0e 58 32 34 44 56 10 ea 26 9c 1a ad e4 c1 83 06 0c 18 1b c0 72 48 b6 6e 60 c1 83 06 28 a1 83 06 0e 60 5d 48 d4 86 df 03 48 8e 52 42 a4 a2 30 60 c0 e4
                                                                                                                Data Ascii: B8Q\p.G<N~?u4#UT???p??"??f,0s:1b)`p`P1cbc#1L0`rCA!&0>E0AO3X24DV&rHn`(`]HHRB0`


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                7198.35.26.112443192.168.2.1649718C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:03 UTC16INHTTP/1.1 200 OK
                                                                                                                date: Mon, 06 Nov 2023 14:42:06 GMT
                                                                                                                content-type: image/webp
                                                                                                                content-length: 11832
                                                                                                                content-disposition: inline;filename*=UTF-8''Microsoft_365_logo.png.webp
                                                                                                                last-modified: Tue, 31 Oct 2023 23:03:57 GMT
                                                                                                                etag: 094a88c4bf3ccd448a7f621913ea67c1
                                                                                                                server: ATS/9.1.4
                                                                                                                age: 2516
                                                                                                                x-cache: cp4051 hit, cp4051 hit/3013
                                                                                                                x-cache-status: hit-front
                                                                                                                server-timing: cache;desc="hit-front", host;desc="cp4051"
                                                                                                                strict-transport-security: max-age=106384710; includeSubDomains; preload
                                                                                                                report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
                                                                                                                nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
                                                                                                                x-client-ip: 156.146.49.168
                                                                                                                x-content-type-options: nosniff
                                                                                                                access-control-allow-origin: *
                                                                                                                access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
                                                                                                                timing-allow-origin: *
                                                                                                                accept-ranges: bytes
                                                                                                                connection: close
                                                                                                                2023-11-06 15:24:03 UTC17INData Raw: 52 49 46 46 30 2e 00 00 57 45 42 50 56 50 38 4c 23 2e 00 00 2f af 44 31 10 35 8b e3 b6 91 1c 89 ca 3f ec b1 7b f6 1b 11 13 e0 37 ae d0 74 d1 59 35 69 a4 29 75 42 11 3b 17 1b 37 5a ca 95 6a d2 b6 b6 55 44 23 ca c5 34 85 46 8b c3 99 4e 8f cc a0 22 29 1b 2a eb 89 27 1c 78 86 46 85 6b a6 55 d0 31 2a 3a 3e 6a aa ed 33 b5 e5 81 7f 14 56 40 49 92 1a 8b 25 b2 4c 54 f9 9b bf c7 7d 34 8a 50 84 45 a4 e2 2d 5e a2 23 e2 6e 0f 71 21 10 20 ee 54 a8 f3 e2 4b 48 40 bc 23 78 6f 11 dc 00 00 08 36 b1 6d 27 53 36 3b 93 6d db e6 64 b6 87 74 b2 f9 4e c7 76 b2 cd 09 f0 7f fe ff bf 29 fe ff ed ff 7c fb ff 7f da 99 e3 7e bd df ee f7 a3 39 5a af 2f 57 19 49 d6 58 23 c9 3a 24 c9 58 23 59 eb 2e 63 65 3c 8c 95 e4 90 b1 32 d6 48 92 b1 92 24 23 2b 19 49 92 1c 32 92 ac b1 92 1c 56 b2 92
                                                                                                                Data Ascii: RIFF0.WEBPVP8L#./D15?{7tY5i)uB;7ZjUD#4FN")*'xFkU1*:>j3V@I%LT}4PE-^#nq! TKH@#xo6m'S6;mdtNv)|~9Z/WIX#:$X#Y.ce<2H$#+I2V


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                8192.168.2.1649723192.0.72.26443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:03 UTC36OUTGET /2018/02/publication_spreadsheet_screenshot_blurred.jpg HTTP/1.1
                                                                                                                Host: dfshultzblog.files.wordpress.com
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                9192.168.2.1649722198.35.26.112443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                2023-11-06 15:24:03 UTC36OUTGET /wikipedia/commons/thumb/8/85/Microsoft_365_logo.png/1200px-Microsoft_365_logo.png HTTP/1.1
                                                                                                                Host: upload.wikimedia.org
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9


                                                                                                                050100s020406080100

                                                                                                                Click to jump to process

                                                                                                                050100s0.0020406080100MB

                                                                                                                Click to jump to process

                                                                                                                Click to jump to process

                                                                                                                Target ID:0
                                                                                                                Start time:16:24:00
                                                                                                                Start date:06/11/2023
                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Remittance Advice B9623.HTML
                                                                                                                Imagebase:0x7ff71e7f0000
                                                                                                                File size:3'242'272 bytes
                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                Target ID:2
                                                                                                                Start time:16:24:00
                                                                                                                Start date:06/11/2023
                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=2072,i,13270799758387245985,6612383874584642118,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                Imagebase:0x7ff71e7f0000
                                                                                                                File size:3'242'272 bytes
                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                No disassembly