Edit tour

Windows Analysis Report
http://crcldu.com/postback.php

Overview

General Information

Sample URL:http://crcldu.com/postback.php
Analysis ID:1373812
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Creates files inside the system directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 1260 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2032,i,16681755544765182792,2879631614722886934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6440 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://crcldu.com/postback.php MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://crcldu.com/postback.phpHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.71.136
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.71.136
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.71.136
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.71.136
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /postback.php HTTP/1.1Host: crcldu.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: crcldu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://crcldu.com/postback.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: crcldu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 12 Jan 2024 14:34:55 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9Content-Length: 202Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 75 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /null was not found on this server.</p></body></html>
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownHTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_1260_677550506Jump to behavior
Source: classification engineClassification label: clean0.win@16/1@10/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2032,i,16681755544765182792,2879631614722886934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://crcldu.com/postback.php
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2032,i,16681755544765182792,2879631614722886934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication3
Ingress Tool Transfer
Data DestructionVirtual Private ServerEmployee Names
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1373812 URL: http://crcldu.com/postback.php Startdate: 12/01/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49723 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 clients.l.google.com 142.251.16.101, 443, 49730 GOOGLEUS United States 10->17 19 www.google.com 172.253.115.104, 443, 49740, 49751 GOOGLEUS United States 10->19 21 3 other IPs or domains 10->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://crcldu.com/postback.php0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://crcldu.com/favicon.ico0%Avira URL Cloudsafe
http://crcldu.com/null0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
172.253.115.84
truefalse
    high
    www.google.com
    172.253.115.104
    truefalse
      high
      clients.l.google.com
      142.251.16.101
      truefalse
        high
        crcldu.com
        99.83.203.53
        truefalse
          unknown
          fp2e7a.wpc.phicdn.net
          192.229.211.108
          truefalse
            unknown
            windowsupdatebg.s.llnwi.net
            69.164.0.128
            truefalse
              unknown
              clients2.google.com
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                http://crcldu.com/favicon.icofalse
                • Avira URL Cloud: safe
                unknown
                https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                  high
                  http://crcldu.com/postback.phpfalse
                    unknown
                    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                      high
                      http://crcldu.com/nullfalse
                      • Avira URL Cloud: safe
                      unknown
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      99.83.203.53
                      crcldu.comUnited States
                      16509AMAZON-02USfalse
                      172.253.115.104
                      www.google.comUnited States
                      15169GOOGLEUSfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      142.251.16.101
                      clients.l.google.comUnited States
                      15169GOOGLEUSfalse
                      172.253.115.84
                      accounts.google.comUnited States
                      15169GOOGLEUSfalse
                      IP
                      192.168.2.4
                      Joe Sandbox version:38.0.0 Ammolite
                      Analysis ID:1373812
                      Start date and time:2024-01-12 15:34:00 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 3m 5s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://crcldu.com/postback.php
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:CLEAN
                      Classification:clean0.win@16/1@10/6
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 172.253.63.94, 34.104.35.123, 20.12.23.50, 69.164.0.128, 192.229.211.108, 13.95.31.18, 13.85.23.206, 172.253.115.94
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                      • Not all processes where analyzed, report is missing behavior information
                      • VT rate limit hit for: http://crcldu.com/postback.php
                      No simulations
                      No context
                      No context
                      No context
                      No context
                      No context
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text
                      Category:downloaded
                      Size (bytes):725
                      Entropy (8bit):5.324658927959686
                      Encrypted:false
                      SSDEEP:12:hYvaxkbJUPlG5CRTGQ6DAWKjVz6D+AS0nPLrXJqHS37GKLGby69rdPx4IQb:hYhlyx1j6DbKjVzUxSezrXISrRLd65dQ
                      MD5:3CD72D9EDA788097ECF57B72F5B41EB3
                      SHA1:7588E22E96397AFC9FF5729C901E07AFC8AD76FC
                      SHA-256:F0CED37A8BB92743B21DC05197EF02B0665BF5910F747B5E038E9DC5638876B8
                      SHA-512:F10F9ECEF57E228F24E669E10F29D17F56E0B30E97AA274CA57865CD20FCFC8BCACFA1E55B2AECC0FE601DA5FAA3182AC87104490E0170E17976357847FAB467
                      Malicious:false
                      Reputation:low
                      URL:http://crcldu.com/postback.php
                      Preview:<!DOCTYPE html>.<html> .<head></head>.<body>.<script>.const url = new URL(location.href);.const timeblock = url.searchParams.get("timeblock");.const reqhour = url.searchParams.get("reqhour");.const postback_url = decodeURIComponent(url.searchParams.get("pb_url"));..let sharedstorage = {};.if (window["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72"]["\x77\x65\x62\x64\x72\x69\x76\x65\x72"]) sharedstorage["wd"] = 1;..function postData(url, data) {. try {navigator.sendBeacon(url, JSON.stringify( data ));} catch(e) {}.}..if (timeblock) {. sharedstorage["age"] = timeblock.toLowerCase();.}.else if (reqhour) {. sharedstorage["req"] = reqhour;.}..postData(postback_url, { "sharedstorage": sharedstorage });..</script>.</body>.</html>
                      No static file info

                      Download Network PCAP: filteredfull

                      • Total Packets: 93
                      • 443 (HTTPS)
                      • 80 (HTTP)
                      • 53 (DNS)
                      TimestampSource PortDest PortSource IPDest IP
                      Jan 12, 2024 15:34:43.082587004 CET49678443192.168.2.4104.46.162.224
                      Jan 12, 2024 15:34:45.379426956 CET49675443192.168.2.4173.222.162.32
                      Jan 12, 2024 15:34:53.585880995 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:53.585920095 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:53.585975885 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:53.586785078 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:53.586810112 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:53.586883068 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:53.587133884 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:53.587150097 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:53.587539911 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:53.587553024 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:53.828648090 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:53.829112053 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:53.829122066 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:53.831029892 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:53.831103086 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:53.831125021 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:53.832592010 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:53.832683086 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:53.832762003 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:53.832784891 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:53.833043098 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:53.833050013 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:53.833139896 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:53.833195925 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:53.833736897 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:53.833800077 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:53.834755898 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:53.834810972 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:53.834892035 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:53.834897041 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:53.987524033 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:53.987524986 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:54.061266899 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:54.061480999 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:54.061542988 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:54.062196016 CET49731443192.168.2.4172.253.115.84
                      Jan 12, 2024 15:34:54.062218904 CET44349731172.253.115.84192.168.2.4
                      Jan 12, 2024 15:34:54.063339949 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:54.063477039 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:54.063535929 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:54.064002991 CET49730443192.168.2.4142.251.16.101
                      Jan 12, 2024 15:34:54.064023018 CET44349730142.251.16.101192.168.2.4
                      Jan 12, 2024 15:34:54.987453938 CET49675443192.168.2.4173.222.162.32
                      Jan 12, 2024 15:34:55.369091034 CET4973480192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.369431019 CET4973580192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.463679075 CET804973499.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.463721991 CET804973599.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.463761091 CET4973480192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.463794947 CET4973580192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.463984966 CET4973480192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.558532953 CET804973499.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.560054064 CET804973499.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.575695992 CET4973480192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.596262932 CET4973580192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.671431065 CET804973499.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.690485954 CET804973599.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.691960096 CET804973599.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.725450993 CET4973480192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.740485907 CET4973580192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.793353081 CET4973780192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.888268948 CET804973799.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.888405085 CET4973780192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.888627052 CET4973780192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:55.983884096 CET804973799.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:55.985089064 CET804973799.83.203.53192.168.2.4
                      Jan 12, 2024 15:34:56.039522886 CET4973780192.168.2.499.83.203.53
                      Jan 12, 2024 15:34:57.337069988 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:34:57.337112904 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:34:57.337276936 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:34:57.337838888 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:34:57.337862015 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:34:57.561394930 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:34:57.561662912 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:34:57.561686039 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:34:57.562551022 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:34:57.562613964 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:34:57.939502954 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:34:57.939857960 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:34:57.987534046 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:34:57.987555027 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:34:58.034404039 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:34:58.071602106 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.071645021 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.071736097 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.076056004 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.076069117 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.276525021 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.276596069 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.279355049 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.279361963 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.280035019 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.331288099 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.390736103 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.437902927 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.487004995 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.487159967 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.487198114 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.487227917 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.487241030 CET49741443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.487252951 CET4434974123.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.558634996 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.558680058 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.558743954 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.559900999 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.559921026 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.762589931 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.762680054 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.764301062 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.764308929 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.764600992 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.767538071 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.809906006 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.949141979 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.949352980 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.949457884 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.950407028 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.950427055 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:34:58.950437069 CET49742443192.168.2.423.33.180.114
                      Jan 12, 2024 15:34:58.950442076 CET4434974223.33.180.114192.168.2.4
                      Jan 12, 2024 15:35:00.675657034 CET804973499.83.203.53192.168.2.4
                      Jan 12, 2024 15:35:00.675725937 CET4973480192.168.2.499.83.203.53
                      Jan 12, 2024 15:35:00.696974039 CET804973599.83.203.53192.168.2.4
                      Jan 12, 2024 15:35:00.697367907 CET4973580192.168.2.499.83.203.53
                      Jan 12, 2024 15:35:00.989234924 CET804973799.83.203.53192.168.2.4
                      Jan 12, 2024 15:35:00.989393950 CET4973780192.168.2.499.83.203.53
                      Jan 12, 2024 15:35:01.666475058 CET4973780192.168.2.499.83.203.53
                      Jan 12, 2024 15:35:01.666527033 CET4973480192.168.2.499.83.203.53
                      Jan 12, 2024 15:35:01.666564941 CET4973580192.168.2.499.83.203.53
                      Jan 12, 2024 15:35:01.762510061 CET804973599.83.203.53192.168.2.4
                      Jan 12, 2024 15:35:01.762573957 CET804973499.83.203.53192.168.2.4
                      Jan 12, 2024 15:35:01.762609959 CET804973799.83.203.53192.168.2.4
                      Jan 12, 2024 15:35:07.565836906 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:07.566015005 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:07.566133976 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:35:07.947685003 CET49740443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:35:07.947752953 CET44349740172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:57.289087057 CET49751443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:35:57.289180040 CET44349751172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:57.289283037 CET49751443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:35:57.290514946 CET49751443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:35:57.290551901 CET44349751172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:57.502743959 CET44349751172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:57.503115892 CET49751443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:35:57.503154993 CET44349751172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:57.503638029 CET44349751172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:57.504072905 CET49751443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:35:57.504163980 CET44349751172.253.115.104192.168.2.4
                      Jan 12, 2024 15:35:57.550818920 CET49751443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:36:02.020410061 CET4972380192.168.2.423.199.71.136
                      Jan 12, 2024 15:36:02.020833969 CET4972480192.168.2.423.199.71.136
                      Jan 12, 2024 15:36:02.178922892 CET804972323.199.71.136192.168.2.4
                      Jan 12, 2024 15:36:02.179074049 CET804972423.199.71.136192.168.2.4
                      Jan 12, 2024 15:36:02.179162979 CET4972380192.168.2.423.199.71.136
                      Jan 12, 2024 15:36:02.179830074 CET4972480192.168.2.423.199.71.136
                      Jan 12, 2024 15:36:07.503736019 CET44349751172.253.115.104192.168.2.4
                      Jan 12, 2024 15:36:07.503822088 CET44349751172.253.115.104192.168.2.4
                      Jan 12, 2024 15:36:07.504045010 CET49751443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:36:07.664143085 CET49751443192.168.2.4172.253.115.104
                      Jan 12, 2024 15:36:07.664184093 CET44349751172.253.115.104192.168.2.4
                      TimestampSource PortDest PortSource IPDest IP
                      Jan 12, 2024 15:34:53.488323927 CET4972553192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:53.489470959 CET5022053192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:53.490334988 CET5025353192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:53.491152048 CET5610853192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:53.561129093 CET53624541.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:53.584048033 CET53497251.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:53.585287094 CET53502201.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:53.585623026 CET53502531.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:53.585988045 CET53561081.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:54.232065916 CET53562471.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:55.272198915 CET5418353192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:55.272589922 CET5094053192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:55.367232084 CET53541831.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:55.368453026 CET53509401.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:55.697253942 CET6273453192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:55.697628021 CET6078553192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:55.792465925 CET53607851.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:55.792521954 CET53627341.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:57.236679077 CET5568553192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:57.237795115 CET5026253192.168.2.41.1.1.1
                      Jan 12, 2024 15:34:57.331567049 CET53556851.1.1.1192.168.2.4
                      Jan 12, 2024 15:34:57.332796097 CET53502621.1.1.1192.168.2.4
                      Jan 12, 2024 15:35:11.443902016 CET53611161.1.1.1192.168.2.4
                      Jan 12, 2024 15:35:13.624689102 CET138138192.168.2.4192.168.2.255
                      Jan 12, 2024 15:35:30.613847971 CET53617971.1.1.1192.168.2.4
                      Jan 12, 2024 15:35:52.716793060 CET53576921.1.1.1192.168.2.4
                      Jan 12, 2024 15:35:53.209960938 CET53637911.1.1.1192.168.2.4
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 12, 2024 15:34:53.488323927 CET192.168.2.41.1.1.10x6207Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:53.489470959 CET192.168.2.41.1.1.10x8c25Standard query (0)clients2.google.com65IN (0x0001)false
                      Jan 12, 2024 15:34:53.490334988 CET192.168.2.41.1.1.10x55faStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:53.491152048 CET192.168.2.41.1.1.10x5f10Standard query (0)accounts.google.com65IN (0x0001)false
                      Jan 12, 2024 15:34:55.272198915 CET192.168.2.41.1.1.10x1092Standard query (0)crcldu.comA (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:55.272589922 CET192.168.2.41.1.1.10x3dd6Standard query (0)crcldu.com65IN (0x0001)false
                      Jan 12, 2024 15:34:55.697253942 CET192.168.2.41.1.1.10xca53Standard query (0)crcldu.comA (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:55.697628021 CET192.168.2.41.1.1.10x47bdStandard query (0)crcldu.com65IN (0x0001)false
                      Jan 12, 2024 15:34:57.236679077 CET192.168.2.41.1.1.10xce16Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:57.237795115 CET192.168.2.41.1.1.10x4211Standard query (0)www.google.com65IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 12, 2024 15:34:53.584048033 CET1.1.1.1192.168.2.40x6207No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Jan 12, 2024 15:34:53.584048033 CET1.1.1.1192.168.2.40x6207No error (0)clients.l.google.com142.251.16.101A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:53.584048033 CET1.1.1.1192.168.2.40x6207No error (0)clients.l.google.com142.251.16.102A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:53.584048033 CET1.1.1.1192.168.2.40x6207No error (0)clients.l.google.com142.251.16.138A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:53.584048033 CET1.1.1.1192.168.2.40x6207No error (0)clients.l.google.com142.251.16.139A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:53.584048033 CET1.1.1.1192.168.2.40x6207No error (0)clients.l.google.com142.251.16.100A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:53.584048033 CET1.1.1.1192.168.2.40x6207No error (0)clients.l.google.com142.251.16.113A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:53.585287094 CET1.1.1.1192.168.2.40x8c25No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Jan 12, 2024 15:34:53.585623026 CET1.1.1.1192.168.2.40x55faNo error (0)accounts.google.com172.253.115.84A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:55.367232084 CET1.1.1.1192.168.2.40x1092No error (0)crcldu.com99.83.203.53A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:55.367232084 CET1.1.1.1192.168.2.40x1092No error (0)crcldu.com75.2.64.67A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:55.792521954 CET1.1.1.1192.168.2.40xca53No error (0)crcldu.com99.83.203.53A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:55.792521954 CET1.1.1.1192.168.2.40xca53No error (0)crcldu.com75.2.64.67A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:57.331567049 CET1.1.1.1192.168.2.40xce16No error (0)www.google.com172.253.115.104A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:57.331567049 CET1.1.1.1192.168.2.40xce16No error (0)www.google.com172.253.115.103A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:57.331567049 CET1.1.1.1192.168.2.40xce16No error (0)www.google.com172.253.115.106A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:57.331567049 CET1.1.1.1192.168.2.40xce16No error (0)www.google.com172.253.115.105A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:57.331567049 CET1.1.1.1192.168.2.40xce16No error (0)www.google.com172.253.115.147A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:57.331567049 CET1.1.1.1192.168.2.40xce16No error (0)www.google.com172.253.115.99A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:34:57.332796097 CET1.1.1.1192.168.2.40x4211No error (0)www.google.com65IN (0x0001)false
                      Jan 12, 2024 15:35:08.440028906 CET1.1.1.1192.168.2.40xa9dfNo error (0)windowsupdatebg.s.llnwi.net69.164.0.128A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:35:08.804263115 CET1.1.1.1192.168.2.40xa71aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Jan 12, 2024 15:35:08.804263115 CET1.1.1.1192.168.2.40xa71aNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:35:21.683713913 CET1.1.1.1192.168.2.40x1881No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Jan 12, 2024 15:35:21.683713913 CET1.1.1.1192.168.2.40x1881No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:35:45.726142883 CET1.1.1.1192.168.2.40x90a0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Jan 12, 2024 15:35:45.726142883 CET1.1.1.1192.168.2.40x90a0No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                      Jan 12, 2024 15:36:05.460851908 CET1.1.1.1192.168.2.40x2f58No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Jan 12, 2024 15:36:05.460851908 CET1.1.1.1192.168.2.40x2f58No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                      • accounts.google.com
                      • clients2.google.com
                      • fs.microsoft.com
                      • crcldu.com
                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44973499.83.203.53805444C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      Jan 12, 2024 15:34:55.463984966 CET437OUTGET /postback.php HTTP/1.1
                      Host: crcldu.com
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Jan 12, 2024 15:34:55.560054064 CET1047INHTTP/1.1 200 OK
                      Date: Fri, 12 Jan 2024 14:34:55 GMT
                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                      X-Powered-By: PHP/5.4.16
                      Supports-Loading-Mode: fenced-frame
                      Keep-Alive: timeout=5, max=100
                      Connection: Keep-Alive
                      Transfer-Encoding: chunked
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 32 64 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 20 0a 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 3e 0a 63 6f 6e 73 74 20 75 72 6c 20 3d 20 6e 65 77 20 55 52 4c 28 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 0a 63 6f 6e 73 74 20 74 69 6d 65 62 6c 6f 63 6b 20 3d 20 75 72 6c 2e 73 65 61 72 63 68 50 61 72 61 6d 73 2e 67 65 74 28 22 74 69 6d 65 62 6c 6f 63 6b 22 29 3b 0a 63 6f 6e 73 74 20 72 65 71 68 6f 75 72 20 3d 20 75 72 6c 2e 73 65 61 72 63 68 50 61 72 61 6d 73 2e 67 65 74 28 22 72 65 71 68 6f 75 72 22 29 3b 0a 63 6f 6e 73 74 20 70 6f 73 74 62 61 63 6b 5f 75 72 6c 20 3d 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 75 72 6c 2e 73 65 61 72 63 68 50 61 72 61 6d 73 2e 67 65 74 28 22 70 62 5f 75 72 6c 22 29 29 3b 0a 0a 6c 65 74 20 73 68 61 72 65 64 73 74 6f 72 61 67 65 20 3d 20 7b 7d 3b 0a 69 66 20 28 77 69 6e 64 6f 77 5b 22 5c 78 36 65 5c 78 36 31 5c 78 37 36 5c 78 36 39 5c 78 36 37 5c 78 36 31 5c 78 37 34 5c 78 36 66 5c 78 37 32 22 5d 5b 22 5c 78 37 37 5c 78 36 35 5c 78 36 32 5c 78 36 34 5c 78 37 32 5c 78 36 39 5c 78 37 36 5c 78 36 35 5c 78 37 32 22 5d 29 20 73 68 61 72 65 64 73 74 6f 72 61 67 65 5b 22 77 64 22 5d 20 3d 20 31 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 70 6f 73 74 44 61 74 61 28 75 72 6c 2c 20 64 61 74 61 29 20 7b 0a 20 20 74 72 79 20 7b 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 28 75 72 6c 2c 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 20 64 61 74 61 20 29 29 3b 7d 20 63 61 74 63 68 28 65 29 20 7b 7d 0a 7d 0a 0a 69 66 20 28 74 69 6d 65 62 6c 6f 63 6b 29 20 7b 0a 20 20 73 68 61 72 65 64 73 74 6f 72 61 67 65 5b 22 61 67 65 22 5d 20 3d 20 74 69 6d 65 62 6c 6f 63 6b 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0a 7d 0a 65 6c 73 65 20 69 66 20 28 72 65 71 68 6f 75 72 29 20 7b 0a 20 20 73 68 61 72 65 64 73 74 6f 72 61 67 65 5b 22 72 65 71 22 5d 20 3d 20 72 65 71 68 6f 75 72 3b 0a 7d 0a 0a 70 6f 73 74 44 61 74 61 28 70 6f 73 74 62 61 63 6b 5f 75 72 6c 2c 20 7b 20 22 73 68 61 72 65 64 73 74 6f 72 61 67 65 22 3a 20 73 68 61 72 65 64 73 74 6f 72 61 67 65 20 7d 29 3b 0a 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 2d5<!DOCTYPE html><html> <head></head><body><script>const url = new URL(location.href);const timeblock = url.searchParams.get("timeblock");const reqhour = url.searchParams.get("reqhour");const postback_url = decodeURIComponent(url.searchParams.get("pb_url"));let sharedstorage = {};if (window["\x6e\x61\x76\x69\x67\x61\x74\x6f\x72"]["\x77\x65\x62\x64\x72\x69\x76\x65\x72"]) sharedstorage["wd"] = 1;function postData(url, data) { try {navigator.sendBeacon(url, JSON.stringify( data ));} catch(e) {}}if (timeblock) { sharedstorage["age"] = timeblock.toLowerCase();}else if (reqhour) { sharedstorage["req"] = reqhour;}postData(postback_url, { "sharedstorage": sharedstorage });</script></body></html>0
                      Jan 12, 2024 15:34:55.575695992 CET416OUTPOST /null HTTP/1.1
                      Host: crcldu.com
                      Connection: keep-alive
                      Content-Length: 20
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Content-Type: text/plain;charset=UTF-8
                      Accept: */*
                      Origin: http://crcldu.com
                      Referer: http://crcldu.com/postback.php
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Data Raw: 7b 22 73 68 61 72 65 64 73 74 6f 72 61 67 65 22 3a 7b 7d 7d
                      Data Ascii: {"sharedstorage":{}}
                      Jan 12, 2024 15:34:55.671431065 CET453INHTTP/1.1 404 Not Found
                      Date: Fri, 12 Jan 2024 14:34:55 GMT
                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                      Content-Length: 202
                      Keep-Alive: timeout=5, max=99
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=iso-8859-1
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 75 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /null was not found on this server.</p></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.44973599.83.203.53805444C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      Jan 12, 2024 15:34:55.596262932 CET376OUTGET /favicon.ico HTTP/1.1
                      Host: crcldu.com
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Referer: http://crcldu.com/postback.php
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Jan 12, 2024 15:34:55.691960096 CET331INHTTP/1.1 200 OK
                      Date: Fri, 12 Jan 2024 14:34:55 GMT
                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                      Last-Modified: Wed, 09 Aug 2023 19:39:55 GMT
                      ETag: "0-60282a4d9b8c0"
                      Accept-Ranges: bytes
                      Content-Length: 0
                      Keep-Alive: timeout=5, max=100
                      Connection: Keep-Alive
                      Content-Type: image/vnd.microsoft.icon


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.44973799.83.203.53805444C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      Jan 12, 2024 15:34:55.888627052 CET274OUTGET /favicon.ico HTTP/1.1
                      Host: crcldu.com
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: */*
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Jan 12, 2024 15:34:55.985089064 CET331INHTTP/1.1 200 OK
                      Date: Fri, 12 Jan 2024 14:34:55 GMT
                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                      Last-Modified: Thu, 13 Jul 2023 19:29:35 GMT
                      ETag: "0-600635a2e25c0"
                      Accept-Ranges: bytes
                      Content-Length: 0
                      Keep-Alive: timeout=5, max=100
                      Connection: Keep-Alive
                      Content-Type: image/vnd.microsoft.icon


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449731172.253.115.844435444C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-01-12 14:34:53 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                      Host: accounts.google.com
                      Connection: keep-alive
                      Content-Length: 1
                      Origin: https://www.google.com
                      Content-Type: application/x-www-form-urlencoded
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                      2024-01-12 14:34:53 UTC1OUTData Raw: 20
                      Data Ascii:
                      2024-01-12 14:34:54 UTC1627INHTTP/1.1 200 OK
                      Content-Type: application/json; charset=utf-8
                      Access-Control-Allow-Origin: https://www.google.com
                      Access-Control-Allow-Credentials: true
                      X-Content-Type-Options: nosniff
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Fri, 12 Jan 2024 14:34:54 GMT
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Cross-Origin-Opener-Policy: same-origin
                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                      Content-Security-Policy: script-src 'report-sample' 'nonce-VQ6TZjLvWVaG1sw-d3urxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                      Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      Server: ESF
                      X-XSS-Protection: 0
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2024-01-12 14:34:54 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                      Data Ascii: 11["gaia.l.a.r",[]]
                      2024-01-12 14:34:54 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.449730142.251.16.1014435444C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-01-12 14:34:53 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                      Host: clients2.google.com
                      Connection: keep-alive
                      X-Goog-Update-Interactivity: fg
                      X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                      X-Goog-Update-Updater: chromecrx-117.0.5938.132
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-01-12 14:34:54 UTC732INHTTP/1.1 200 OK
                      Content-Security-Policy: script-src 'report-sample' 'nonce-EpLTg5jOAGpoAyGhGImr4A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Fri, 12 Jan 2024 14:34:53 GMT
                      Content-Type: text/xml; charset=UTF-8
                      X-Daynum: 6220
                      X-Daystart: 23693
                      X-Content-Type-Options: nosniff
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      Server: GSE
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2024-01-12 14:34:54 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 32 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 33 36 39 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                      Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6220" elapsed_seconds="23693"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                      2024-01-12 14:34:54 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                      Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                      2024-01-12 14:34:54 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.44974123.33.180.114443
                      TimestampBytes transferredDirectionData
                      2024-01-12 14:34:58 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-01-12 14:34:58 UTC468INHTTP/1.1 200 OK
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (dce/26AC)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-eus2-z1
                      Cache-Control: public, max-age=189979
                      Date: Fri, 12 Jan 2024 14:34:58 GMT
                      Connection: close
                      X-CID: 2


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.44974223.33.180.114443
                      TimestampBytes transferredDirectionData
                      2024-01-12 14:34:58 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                      Range: bytes=0-2147483646
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-01-12 14:34:58 UTC531INHTTP/1.1 200 OK
                      Content-Type: application/octet-stream
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      ApiVersion: Distribute 1.1
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                      Cache-Control: public, max-age=189937
                      Date: Fri, 12 Jan 2024 14:34:58 GMT
                      Content-Length: 55
                      Connection: close
                      X-CID: 2
                      2024-01-12 14:34:58 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                      020406080s020406080100

                      Click to jump to process

                      020406080s0.0050100MB

                      Click to jump to process

                      Target ID:0
                      Start time:15:34:48
                      Start date:12/01/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:2
                      Start time:15:34:51
                      Start date:12/01/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2032,i,16681755544765182792,2879631614722886934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:3
                      Start time:15:34:54
                      Start date:12/01/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://crcldu.com/postback.php
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                      No disassembly